Digi IX10 Скачать руководство пользователя страница 274

Страница: 274 / 874

Virtual Private Networks (VPN)

IPsec

IX10 User Guide

274

15. Configure IKE settings:

a. Set the IKE version:

(config vpn ipsec tunnel ipsec_example)> ike version

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is either

ikev1

ikev2

. This setting must match the peer's IKE version.

b. Determine whether the device should initiate the key exchange, rather than waiting for an

incoming request. By default, the device will initiate the key exchange. This must be
disabled if

remote hostname

is set to

any

. To disable:

(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>

c. Set the IKE phase 1 mode:

(config vpn ipsec tunnel ipsec_example)> ike mode

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is either

aggressive

main

d. Set the IKE fragmentation:

(config vpn ipsec tunnel ipsec_example)> ike fragmentation

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is one of:

if_supported

: Send oversized IKE messages in fragments, if the peer supports

receiving them.

always

: Always send IKEv1 messages in fragments. For IKEv2, this option is

equivalent to

if supported

never

: Do not send oversized IKE messages in fragments.

accept

: Do not send oversized IKE messages in fragments, but announce support

for fragmentation to the peer.

The default is

always

e. Padding of IKE packets is enabled by default and should normally not be disabled except

for compatibility purposes. To disable:

(config vpn ipsec tunnel ipsec_example)> ike pad false
(config vpn ipsec tunnel ipsec_example)>

f. Set the amount of time that the IKE security association expires after a successful

negotiation and must be re-authenticated:

(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime

value

(config vpn ipsec tunnel ipsec_example)>

where

value

is any number of weeks, days, hours, minutes, or seconds, and takes the

format

number

{

w|d|h|m|s

For example, to set

phase1_lifetime

to ten minutes, enter either

10m

600s

Содержание IX10

Страница 1: ...IX10 User Guide User Guide Firmware version 22 5 ...

Страница 2: ...lar PLMN network to use n Added commands for over the air OTA system firmware update to check list and update to new firmware from the Digi firmware server n Added a show dns command to the Admin CLI to display active DNS servers and their associated interface n Added a show ntp command to the Admin CLI to display the status of the NTP service n Expanded Port forwarding option to support a range o...

Страница 3: ...1 Release of Digi IX10 firmware version 21 8 n Added LXC container support for running localized containers on the device n Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity n VPN enhancements l Added support for L2TPv3 tunneling l New option to enable disable or force IPsec IKE fragmentation n Improved options for cre...

Страница 4: ...m script start CLI command to run manual scripts n New Find me feature that flashes cellular related LEDs to help locate the device onsite and a new system find me command n Added datapoint upload_multiple function to digidevice python module for uploading multiple datapoints to DigiRM at once n Added clear dhcp lease command to remove all dynamic DHCP leases or certain DHCP leases based on MAC ad...

Страница 5: ...t obtained n SureLink enhancments l Added new settings under cellular Surelink options to have the device reset the cellular modem if a specified number of Surelink tests fail l Added show surelink Admin CLI command n Serial port enhancements l New option to add and configure an external USB to serial adapter l Disable serial history in remote access mode by default n Support for sending analog an...

Страница 6: ...option to determine how many SureLink failures are required prior to switching to the alternate SIM n New Socket ID string option to send the configured text to the remote server s when a TCP socket connection is opened to the serial port n New cat Admin CLI command for displaying file contents H June 2022 Release of Digi IX10 firmware version 22 5 n 5G enhancements l Added 5G slice support for co...

Страница 7: ...essage content that the devices sends when there is no valid fix from any of the configured location sources Trademarks and copyright Digi Digi International and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide All other trademarks mentioned in this document are the property of their respective owners 2022 Digi International Inc All rights re...

Страница 8: ...of reported issue Trace if possible Description of issue Steps to reproduce Contact Digi technical support Digi offers multiple technical support plans and service packages Contact us at 1 952 912 3444 or visit us at www digi com support Feedback To provide feedback on this document email your comments to techcomm digi com Include the document title and part number IX10 User Guide 90002399 H in th...

Страница 9: ...IX10 LEDs 27 Power PWR 28 SIM 28 LTE 28 Signal quality indicators 29 Ethernet Link and Activity 29 Signal quality bars explained 30 IX10 power supply requirements 31 Digi IX10 serial connector pinout 31 10 pin serial cabling options 32 QR code definition 32 Hardware setup Install SIM cards 34 Apply Dielectric Grease over SIM Contacts 34 SIM removal 35 Tips for improving cellular signal strength 35...

Страница 10: ...rity 53 Configure your device for Digi Remote Manager support 53 Collect device health data and set the sample interval 60 Enable event log upload to Digi Remote Manager 63 Log into Digi Remote Manager 65 Use Digi Remote Manager to view and manage your device 66 Add a device to Digi Remote Manager 66 Configure multiple IX10 devices by using Digi Remote Manager configurations 67 View Digi Remote Ma...

Страница 11: ...onfigure UDP serial mode 185 Configure Modbus mode 190 Show serial status and statistics 195 Log serial port messages 195 Digi Navigator application 196 Configure RealPort from the Digi Navigator 196 Discover the IP address using the Digi Navigator 198 Install the Digi Navigator 198 Digi Navigator features 199 Connect to and access the Digi Navigator 200 Discover the IP address when connected to a...

Страница 12: ...ure an OpenVPN server 312 Configure an OpenVPN Authentication Group and User 321 Configure an OpenVPN client by using an ovpn file 326 Configure an OpenVPN client without using an ovpn file 329 Configure SureLink active recovery for OpenVPN 334 Show OpenVPN server status and statistics 342 Show OpenVPN client status and statistics 343 Generic Routing Encapsulation GRE 345 Configuring a GRE tunnel ...

Страница 13: ...ce as an NTP server 499 Show status and statistics of the NTP server 504 Configure a multicast route 505 Enable service discovery mDNS 508 Use the iPerf service 511 Example performance test using iPerf3 516 Configure the ping responder service 516 Example performance test using iPerf3 520 Applications Develop Python applications 523 Set up the IX10 for Python development 524 Create and test a Pyth...

Страница 14: ...cal configuration 621 Configure your IX10 device to use a RADIUS server 622 LDAP 626 LDAP user configuration 627 LDAP server failover and fallback to local configuration 628 Configure your IX10 device to use an LDAP server 628 Configure serial authentication 633 Disable shell access 636 Set the idle timeout for IX10 users 638 Example user configuration 641 Example 1 Administrator user with local a...

Страница 15: ... Reboot your IX10 device 712 Reboot your device immediately 712 Schedule reboots of your device 713 Erase device configuration and reset to factory defaults 715 Configure the IX10 device to use custom factory default settings 718 Locate the device by using the Find Me feature 720 Configure a power profile 721 Configuration files 725 Save configuration changes 725 Save configuration to a file 726 R...

Страница 16: ...ets 791 Show captured traffic data 792 Save captured data traffic to a file 794 Download captured data to your PC 794 Clear captured data 796 Use the ping command to troubleshoot network connections 797 Ping to check internet connection 797 Stop ping commands 797 Use the traceroute command to diagnose IP routing problems 797 Digi IX10 regulatory and safety statements RF exposure statement 799 Fede...

Страница 17: ...and statistics using the show command 829 show config 829 show system 830 show network 830 Device configuration using the command line interface 830 Execute configuration commands at the root Admin CLI prompt 831 Display help for the config command from the root Admin CLI prompt 831 Configuration mode 833 Enable configuration mode 833 Enter configuration commands in configuration mode 833 Save cha...

Страница 18: ...unlock 854 modem reset 855 modem scan 855 modem sim slot 855 monitoring 855 monitoring metrics upload 856 more 856 mv 856 ping 856 reboot 858 rm 859 scp 860 show analyzer 860 show arp 860 show cloud 860 show config 861 show containers 861 show dhcp lease 861 show dns 861 show event 861 show hotspot 862 show ipsec 862 show l2tp lac 862 show l2tp lns 862 show l2tpeth 863 show location 863 show log 8...

Страница 19: ...mware 869 system factory erase 869 system find me 870 system firmware ota check 870 system firmware ota list 870 system firmware ota update 870 system firmware update 870 system power ignition off_delay 871 system restore 871 system script start 871 system script stop 871 system serial clear 871 system serial save 872 system serial show 872 system serial start 872 system serial stop 872 system sup...

Страница 20: ...nfigure CPU performance and power consumption n Added cellular APN and cellular connection duration as datapoints sent to Digi Remote Manager n Wi Fi scanner enhancements l Added support for sending an HTTP or TCP stream of results from the Wi Fi scanner to one or more remote servers n SCEP enhancements l New SCEP client settings and underlying functionality to support connecting to additional SCE...

Страница 21: ...lt password assigned to the device The IX10 also includes a terminal connector for the power supply installed in the power input n Insert cards n Digi IX10 label Printed copy of the product label on the bottom of your device You can affix this label to the top or side of the device such that you can access the label after the device is mounted or store the label in a safe place for future referenc...

Страница 22: ... configure cellular WWAN access at this time acquire SIM cards as needed Note the carrier network APN Access Point Name and SIM pin if any for each card Ethernet cable Smart phone or tablet Optional Use a smart phone or table to to automatically register your IX10 in your Digi Remote Manager account and connect to your cellular network See Digi IX10 Quick start Step 3 Connect 1 Insert SIM card s I...

Страница 23: ...ly Dielectric Grease over SIM ContactsApply Dielectric Grease over SIM Contacts for instructions c Insert the SIM card s into the SIM sockets Insert the end of each SIM card with the chamfered corner positioned as indicated Push the SIM in until it clicks into place d After SIM cards are installed replace the SIM slot cover Apply Dielectric Grease over SIM Contacts Note Digi recommends using eithe...

Страница 24: ...g for the first time it could take several minutes for the IX10 device to connect to the cellular network while it attempts to determine the APN required for the connection n Indicator LEDs blink to show status during startup n Verify that the LTE LED on the front of the IX10 shows either green or blue solid or flashing for proper operation n Verify that the signal strength indicator on the front ...

Страница 25: ...onfigure the device including using a Digi RM device configuration to automatically update the device See the Digi Remote Manager User Guide 1 On the PC connected to the IX10 open a browser and go to 192 168 210 1 2 Log into the IX10 User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the package ...

Страница 26: ...for high speed connectivity For a detailed list of IX10 hardware specifications see https www digi com products networking cellular routers industrial digi ix10 specifications IX10 accessories When accessories are purchased with the IX10 device the following are provided n Cellular antennas n Power supply n Ethernet cable n DIN rail mounting clip IX10 front and side views The following figure show...

Страница 27: ...ASE button again before the device is connected to the internet to also remove generated certificates keys 3 Firmware reversion Press and hold the ERASE button and then power on the device to boot to the version of firmware that was used prior to the current version 4 Ethernet port LAN enabled by default 5 Serial port See Digi IX10 serial connector pinout for information about the serial port pin ...

Страница 28: ...sent Solid green SIM1 is active Solid blue SIM 2 is active Solid red SIM failure LTE Indicates that the status of the cellular module and the ETH Ethernet port connection Solid yellow or orange Initializing or starting up Flashing yellow or orange In the process of connecting to the cellular network and to a device on its ETH port Flashing white ETH port connection established and in the process o...

Страница 29: ...Signal quality indicators LEDs labeled 1 through 5 Indicate the cellular service quality level Signal bars Weighted dBm Signal strength Quality 113 to 99 0 to 23 Bad 98 to 87 24 to 42 Marginal 86 to 76 43 to 61 OK 75 to 64 62 to 80 Good 63 to 51 81 to 100 Excellent The weighted dBm measurements are negative numbers meaning values closer to zero denote a larger number For example a 85 is a better s...

Страница 30: ...4G LTE algorithms For 4G LTE the IX10 device determines the RSRP SNR and RSSI values separately and uses the following algorithms to display the signal quality RSRP 85 rsrp_bars 5 95 RSRP 85 rsrp_bars 4 105 RSRP 95 rsrp_bars 3 115 RSRP 105 rsrp_bars 2 199 RSRP 115 if we re connected to the cellular network rsrp_bars 1 if not rsrp_bars 0 If RSRP 199 the device uses the RSSI as the value with the sa...

Страница 31: ...the DC power source with a non Digi power supply you must use a certified LPS power supply rated at either 12 VDC 0 75 A or 24 VDC 0 375 A minimum The voltage tolerance supports 10 9 VDC to 30 VDC at 9 Watts minimum n For installations requiring protective earth grounding connect the ve terminal of the power connector to the system protective earth with a minimum 1mm2 stranded single insulated cab...

Страница 32: ...gi MEI products that have 10 pin RJ45 connectors The PortServer TS Digi Connect and Digi One Products Cable Guide also provides information about additional Digi cabling options QR code definition A QR code is printed on the label attached to the device and on the loose label included in the box with the device components The QR code contains information about the device QR code items Semicolon se...

Страница 33: ...Hardware setup This chapter contains the following topics Install SIM cards 34 Connect data cables 35 Mount the IX10 device 35 IX10 User Guide 33 ...

Страница 34: ...trongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards See Apply Dielectric Grease over SIM ContactsApply Dielectric Grease over SIM Contacts for instructions 3 Insert the SIM card s into the SIM sockets Insert the end of each SIM card with the chamfered corner positioned as indicated Push the SIM in until it clicks into place 4 Af...

Страница 35: ...each SIM in until it clicks and repeat for removal When you push to eject the SIM ejects back out about 1 8 inch Tips for improving cellular signal strength If the signal strength LEDs or the signal quality for your device indicate Poor or No service try the following things to improve signal strength n Move the device to another location n Try connecting a different set of antennas if available n...

Страница 36: ...h clip The DIN rail clip is an optional accessory included when the IX10 is purchased with accessories You can attach the din rail clip directly to the device either on the back or the bottom of the device 1 Attach the DIN rail clip to the back of the device a Attach the DIN rail clip to the back of the device with the screws provided ...

Страница 37: ...ice onto a DIN rail and gently press until the clip snaps into the rail 2 Attach the DIN rail clip to the bottom of the device a Attach the DIN rail clip to the bottom of the device with the screws provided WARNING Using screws longer than 5 0 mm will cause damage to the IX10 ...

Страница 38: ...nto a DIN rail and gently press until the clip snaps into the rail WARNING If being installed above head height on a wall or ceiling ensure the device is fitted securely to avoid the risk of personal injury Digi recommends that this device be installed by an accredited contractor ...

Страница 39: ...Review IX10 default settings 40 Change the default password for the admin user 41 Configuration methods 43 Using Digi Remote Manager 44 Using the local web interface 44 Use the local REST API to configure the IX10 device 45 Using the command line 50 IX10 User Guide 39 ...

Страница 40: ... click Devices to display a list of your devices 3 Locate your device as described in Use Digi Remote Manager to view and manage your device 4 Click the Device ID 5 Click Settings 6 Click to expand Config The following tables list important factory default settings for the IX10 Default interface configuration Interface type Preconfigured interfaces Devices Default configuration Wireless Wide Area ...

Страница 41: ... allows all outbound traffic n SSH and web administration l Enabled for local administration l Firewall zone Internal Monitoring n Device heath metrics uploaded to Digi Remote Manager at 60 minute interval n SNMP Disabled Serial port n Enabled n Serial mode Remote n Label None n Baud rate 9600 n Data bits 8 n Parity None n Stop bits 1 n Flow control None Change the default password for the admin u...

Страница 42: ...in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users admin 4 Enter a new password for the admin user The password must be at least eight characters long and must contain at least one ...

Страница 43: ...e configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configuration methods There are two primary methods for configuring your IX10 device n Web interface The web interface can be accessed in two ways l Central management using the Digi Remote Manager a cloud based device management and data enablement platform that allows you to connect any dev...

Страница 44: ...ther n As part of the getting started process See the Quick Start Guide for further information n If you have not registered your device already you can add a device to Remote Manager See Add a device to Digi Remote Manager For information about configuring central management for your IX10 device see Central management Using the local web interface To connect to the IX10 local Web UI 1 Use an Ethe...

Страница 45: ...ifications to the configuration You can view the REST API specification from your web browser by opening the URL https ip address cgi bin config cgi For example https 192 168 210 1 cgi bin config cgi Use the GET method to return device configuration information To return device configuration issue the GET method For example using curl curl k u admin https ip address cgi bin config cgi value path X...

Страница 46: ...alues for path are listed in the first left column 4 To determine further allowed path location values by using the question mark with the path name config service Services Additional Configuration dns DNS iperf IPerf location Location mdns Service Discovery mDNS modbus_gateway Modbus Gateway multicast Multicast ntp NTP ping Ping responder snmp SNMP ssh SSH telnet Telnet web_admin Web administrati...

Страница 47: ...ig cgi keys service ssh X GET Enter host password for user admin ok true result acl custom enable key mdns port protocol Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters use the POST method with the path and value parameters curl k u admin https ip address cgi bin config cg...

Страница 48: ...l to instruct curl to turn off globbing The below example would add a new static route for the WAN interface for the 1 2 4 0 24 destination network curl g k u admin https 192 168 210 1 cgi bin config cgi value path network route static append true collapsed dst 1 2 4 0 24 collapsed interface network interface wan X POST Enter host password for user admin ok true result network route static 1 Use t...

Страница 49: ...10 device IX10 User Guide 49 1 edge 2 ipsec 3 setup 4 external 2 Use the DELETE method to remove the external zone list item 4 curl k u admin https 192 168 210 1 cgi bin config cgi value path service ssh acl zone 4 X DELETE Enter host password for user admin ok true ...

Страница 50: ... to allow access and you must log in as a user who has been configured for the appropriate access For further information about configuring access to these services see n Serial Serial port n WebUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the IX10 device by using a serial conn...

Страница 51: ...ss for a list of commands and details Type help for details on navigating the CLI Type exit to disconnect from the Admin CLI See Command line interface for detailed instructions on using the command line interface Exit the command line interface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access sele...

Страница 52: ...gure your device for Digi Remote Manager support 53 Log into Digi Remote Manager 65 Use Digi Remote Manager to view and manage your device 66 Add a device to Digi Remote Manager 66 Configure multiple IX10 devices by using Digi Remote Manager configurations 67 View Digi Remote Manager connection status 68 Learn more 68 IX10 User Guide 52 ...

Страница 53: ...com n If your Digi device is configured to use a non default URL to connect to Remote Manager updating the firmware will not change your configuration However if you erase the device s configuration the Remote Manager URL will change to the default of edp12 devicecloud com n If you perform a factory reset by pressing the ERASE twice the client side certificate will be erased and you must use the R...

Страница 54: ...i Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is ...

Страница 55: ...ection The default is 3199 7 Optional For Retry interval type the amount of time that the IX10 device should wait before reattempting to connect to remote cloud services after being disconnected The default is 30 seconds Allowed values are any number of hours minutes or seconds and take the format number h m s For example to set Retry interval to ten minutes enter 10m or 600s 8 Optional For Keep a...

Страница 56: ...s or seconds and take the format number h m s For example to set Reboot Timeout to ten minutes enter 10m or 600s The minimum value is 30 minutes and the maximum is 48 hours If not set this option is disabled The default is disabled 13 Optional Enable Locally authenticate CLI to require a login and password to authenticate the user from the remote cloud services CLI If disabled no login prompt will...

Страница 57: ...url url config 6 Optional Set the amount of time that the IX10 device should wait before reattempting to connect to the remote cloud services after being disconnected The minimum value is ten seconds The default is 30 seconds config cloud drm retry_interval value where value is any number of hours minutes or seconds and takes the format number h m s For example to set the retry interval to ten min...

Страница 58: ...ion to remote cloud services If the connection is down you can configure the device to restart the connection or to reboot The watchdog is enabled by default To disable config cloud drm watchdog false config 11 If watchdog is enabled a Optional Set the amount of time to wait before restarting the connection to the remote cloud services once the connection is down where value is any number of hours...

Страница 59: ...ith remote cloud services by using SMS a Enable SMS messaging config cloud drm sms enable true config b Set the phone number for Digi Remote Manager config cloud drm sms destination drm_phone_number config c Optional Set the service identifier config cloud drm sms sercice_id id config 1 Optional Configure the IX10 device to communicate with remote cloud services by using an HTTP proxy server a Ena...

Страница 60: ...rmation to Remote Manager at the same time the IX10 device includes a preconfigured randomization of two minutes for uploading metrics For example if Health sample interval is set to five minutes the metrics will be uploaded to Remote Manager at a random time between five and seven minutes To disable the collection of device health data or enable it if it has been disabled or to change the health ...

Страница 61: ...port health metrics n All metrics are uploaded once every hour When disabled all metrics are uploaded every Health sample interval 6 Device health data upload is enabled by default To disable toggle off Enable Device Health samples upload 7 For Health sample interval select the interval between health sample uploads 8 Click Apply to save the configuration and apply the change Command line 1 Select...

Страница 62: ...trics values to Digi Remote Manager that have changed health metrics were last uploaded This is useful to reduce the bandwidth used to report health metrics This is useful to reduce the bandwidth used to report health metrics Even if enabled all metrics are uploaded once every hour To disable config monitoring devicehealth only_send_deltas false config When disabled all metrics are uploaded every ...

Страница 63: ...e Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager and configure the interval between event log uploads To enable the event log upload or dis...

Страница 64: ...vent log uploads 5 For Device event log upload interval select the interval between health sample uploads 6 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acc...

Страница 65: ... 30 or 60 and represents the number of minutes between uploads of health sample data 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Log into Digi Remote Manager To start Digi Remote Manager 1 If you have n...

Страница 66: ...xample IX10 Add a device to Digi Remote Manager You can register your device with Remote Manager as part of the getting started process See the Quick Start Guide for further information If you have not registered your device already you can add a device to Remote Manager 1 If you have not already done so connect to your Digi Remote Manager account 2 From the menu click Devices to display a list of...

Страница 67: ...anager configurations Typically if you want to provision multiple IX10 routers 1 Using the IX10 local WebUI configure one IX10 router to use as the model configuration for all subsequent IX10s you need to manage 2 Register the configured IX10 device in your Remote Manager account 3 In Remote Manager create a configuration a From the Dashboard select Configurations b Click Create c Enter a Name and...

Страница 68: ... device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show cloud command to view the status of your device s connection to Remote Manager show cloud Device Cloud Status Status Connec...

Страница 69: ...ces These interfaces can be bridged in a Local Area Network LAN or assigned to a Wide Area Network WAN This chapter contains the following topics Wireless Wide Area Networks WWANs 70 Local Area Networks LANs 124 Show Surelink status and statistics 158 IX10 User Guide 69 ...

Страница 70: ... modem is connected and has an IP address Use the SIM failover options to configure the IX10 device to automatically recover the modem in the event that it cannot obtain an IP address See Configure a Wireless Wide Area Network WWAN for details about SIM failover n The type of probe test to be performed one of l Test another interface s status Used to create a failover or coupled relationship betwe...

Страница 71: ...arget is configured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets Order of precedence for SureLink actions If multiple SureLink actions such as restarting the interface and rebooting the device are enabled the following order of precedence is used 1 Restart interface 2 Switch to the alternate SIM 3 Reset the modem 4 Rebo...

Страница 72: ...gain 7 Seventh Surelink failure The device will reboot To configure the IX10 device to regularly probe connections through the WWAN Web SureLink can be configured for both IPv4 and IPv6 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to v...

Страница 73: ...at the Surelink test must fail before the modem is reset The default is 3 9 Switch SIM is enabled by default Click to disable n If Switch SIM is enabled for Switch SIM fail count type or select the number of times that the Surelink test must fail before the modem switches to the alternate SIM The default is 5 Note The SureLink Switch SIM option differs from the SIM failover option which is set dur...

Страница 74: ...HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be down before this t...

Страница 75: ...for both IPv4 and IPv6 These instructions are for IPv4 to configure IPv6 active recovery replace ipv4 in the command line with ipv6 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admi...

Страница 76: ...an ipv4 surelink where int is an integer between 1 through 5 The default is 3 SIM switching is enabled by default To disable config network interface my_wwan ipv4 surelink switch_sim false config network interface my_wwan ipv4 surelink Note The SureLink switch_sim option differs from the sim_failover option which is set during WWAN configuration sim_failover applies when the modem is unable to con...

Страница 77: ...where value is one of n ping Tests connectivity by sending an ICMP echo request to a specified hostname or IP address l Specify the hostname or IP address config network interface my_wwan ipv4 surelink target 0 ping_ host host config network interface my_wwan ipv4 surelink target 0 l Optional Set the size in bytes of the ping packet config network interface my_wwan ipv4 surelink target 0 ping_ siz...

Страница 78: ...onsidered to have failed config network interface my_wwan ipv4 surelink target 0 interface_timeout value config network interface my_wwan ipv4 surelink target 0 The default is 60 seconds l other Allows you to test another interface s status to create a failover or coupled relationship between interfaces config network interface my_wwan ipv4 surelink target 0 other value config network interface my...

Страница 79: ... my_wwan ipv4 surelink The default is 15 minutes c If more than one test target is configured determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets config network interface my_wwan ipv4 surelink success_condition value config network interface my_wwan ipv4 surelink Where value is either one or all d Set the number of probe attem...

Страница 80: ...med one of l Test another interface s status Used to create a failover or coupled relationship between two interfaces Requires the name of the alternate interface the IP version to be tested and the expected status of the alternate interface either up or down l Ping Requires the hostname or IP address of the host to be pinged l DNS query You can perform a DNS query to a named DNS server or to the ...

Страница 81: ...a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Create a new interface or select an existing one n To create a new interface see Configure a Wireless Wide Area Network WWAN n To edit an existing interface click to expand the appropriate interface 5 After creating or selecting the interface click IPv4 or IP...

Страница 82: ...for a particular IP version l For Expected status select whether the expected status of the alternate interface is Up or Down For example if Expected status is set to Down but the alternate interface is determined to be up then this test will fail n Ping test Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host You can also optionally change the n...

Страница 83: ...nt of time that the device should wait for a response to a probe attempt before considering it to have failed Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Response timeout to ten minutes enter 10m or 600s The default is 15 seconds 13 Optional Repeat this procedure for IPv6 14 Click Apply to save the configuration and a...

Страница 84: ...ink restart_attempts int config network interface my_wwan ipv4 surelink where int is any number greater than 0 The default is 1 6 Set the device to reboot when the interface is considered to have failed config network interface my_wwan ipv4 surelink reboot true config network interface my_wwan ipv4 surelink Note If the reboot parameter is enabled at the same time as the restart parameter the reboo...

Страница 85: ...arget 0 n dns_configured Tests connectivity by sending a DNS query to the DNS servers configured for this interface n http Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL l Specify the url config network interface my_wwan ipv4 surelink target 0 http_ url value config network interface my_wwan ipv4 surelink target 0 where value uses the format http s hostname path n ...

Страница 86: ...ermine the alternate interface s status for a particular IP version config network interface my_wwan ipv4 surelink target 0 other_ip_version value config network interface my_wwan ipv4 surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config network interface my_wwan ipv4 surelink target 0 other_status value config network interface ...

Страница 87: ... my_wwan ipv4 surelink The default is 15 seconds 10 Optional Repeat this procedure for IPv6 11 Save the configuration and apply the change config network interface my_wwan ipv4 surelink save Configuration saved 12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable SureLink If your...

Страница 88: ...ick Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Toggle off Enable to disable SureLink 7 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin ...

Страница 89: ...I Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Disable DNS lookup Alternatively you can disable DNS lookup or other internet activity for device that use a private APN with no Internet access or that have restricted wired WAN connections that do not allow DNS resolution while retaining the SureLink interface test ...

Страница 90: ...figuration window is displayed 3 Click Network Interfaces 4 Select the appropriate WAN or WWAN on which SureLink should be disabled 5 After selecting the WAN or WWAN click IPv4 SureLink 6 Click to expand Test targets 7 Click to expand the second test target This test target has its Test type set to Test DNS servers configured for this interface ...

Страница 91: ... node in the configuration schema For example to disable SureLink for an interface named my_wan config network interface my_wan config network interface my_wan 4 Determine the index number of the target config network interface my_wan show ipv4 surelink target 0 interface_down_time 600s interface_timeout 120s test interface_up 1 test dns_configured config network interface my_wan 5 Delete the targ...

Страница 92: ...default n Configure the criteria used to determine which modem this modem configuration applies to n Determine the SIM slot that will be used when connecting to the cellular network n Configure the maximum number of interfaces that can use the modem n Enable carrier switching which allows the modem to automatically match the carrier for the active SIM Carrier switching is enabled by default n Conf...

Страница 93: ...criteria used to determine if this modem configuration applies to the currently attached modem n Any modem Applies this configuration to any modem that is attached n IMEI Applies this configuration only to a modem that matches the identified IMEI l If IMEI is selected for Match IMEI type the IMEI of the modem that this configuration should be applied to n Port Applies this configuration to a modem...

Страница 94: ...e the best available technology The default is All technologies 11 For Antennas select whether the modem should use the main antenna the auxiliary antenna or both the main and auxiliary antennas 12 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full A...

Страница 95: ...em sim_slot value config where value is one of the following n any Uses either SIM slot n 1 Uses the first SIM slot n 2 Uses the second SIM slot The default is any 6 If sim_slot is set to any set the SIM slot that should be considered the preferred slot for this modem config network modem modem sim_slot_preference value config where value is one of the following n none Does not consider either SIM...

Страница 96: ...value config Available options for value vary depending on the modem type To determine available options config network modem modem access_tech Access technology The cellular network technology that the modem may use Format 2G 3G 4G 4GM 4GT all Default value all Current value all config The default is all which uses the best available technology 10 Set whether the modem should use the main antenna...

Страница 97: ...cessfully connected it will remember the correct APN As a result it is generally not necessary to configure APNs However you can configure the system to use a specified APN To configure the APN Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote ...

Страница 98: ...s the Challenge Handshake Authentication Profile CHAP to authenticate n PAP Uses the Password Authentication Profile PAP to authenticate If Automatic CHAP or PAP is selected enter the Username and Password required to authenticate The default is None 7 To add additional APNs for Add APN click and repeat the preceding instructions 8 Optional To configure the device to bypass its preconfigured APN l...

Страница 99: ...ork interface modem modem apn 0 ip_version version config where version is one of the following n auto Requests both IPv4 and IPv6 address n ipv4 Requests only an IPv4 address n ipv6 Requests only an IPv6 address The default is auto 6 Optional Set the authentication method config network interface modem modem apn 0 auth method config where method is one of the following n none No authentication is...

Страница 100: ...detailed status and statistics for a specific modem Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click Status 3 Under Connections click Modems The modem status window is displayed Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device config...

Страница 101: ...k passing IPv4 address 189 232 229 47 IPv4 gateway 189 232 229 1 IPv4 MTU 1500 IPv4 DNS server s 245 144 162 207 245 144 162 208 IPv6 surelink passing IPv6 address 11f6 4680 0d67 59d2 552b 3429 81a8 f1ea IPv6 gateway ff50 d95d 7e98 abe8 3030 9138 4f25 f51b IPv6 MTU 1500 TX bytes 127941 RX bytes 61026 Uptime 10 hrs 56 mins 39360s SIM SIM Slot 1 SIM Status ready IMSI 61582122197895 ICCID 26587628655...

Страница 102: ...uk unlock puk_code new_pin modem_name For example to unlock a SIM card in the modem named modem with PUK code 12345678 and set the new SIM PIN to 1234 modem puk unlock 12345678 1234 modem 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note If the SIM remains in a locked state after ...

Страница 103: ...ending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type modem at interactive and press Enter Type n if you do not want exclusive access This allows you to send AT commands to the device while still allowing the device to connect disconnect and or reconnect to the cellular network 3 At the Admin CLI pro...

Страница 104: ...ellular modem and SIM card and allows for configurations such as n Segregating public and private traffic including policy based routes to ensure that your internal network traffic always goes through the private connection n Separation of untrusted Internet traffic from trusted internal network traffic n Secure connection to internal customer network without using a VPN n Separate billing structu...

Страница 105: ...he Configuration window is displayed 3 Increase the maximum number of interfaces allowed for the modem a Click Network Modems Modem b For Maximum number of interfaces type 2 4 Create the WWAN interfaces In this example we will create two interfaces named WWAN_Public and WWAN_Private a Click Network Interfaces b For Add Interface type WWAN_Public and click c For Interface type select Modem ...

Страница 106: ...red the IX10 will attempt to determine the APN i Click to expand APN list APN ii For APN type the public APN for your cellular carrier g For Add Interface type WWAN_Private and click h For Interface type select Modem i For Zone select External j For Device select Modem This should be the same modem selected for the WWAN_Public WWAN k Enable APN list only l Click to expand APN list APN ...

Страница 107: ...2 168 2 101 through the private APN a Click Network Routes Policy based routing b Click the to add a new route policy c For Label enter Route through private APN d For Interface select Interface WWAN_Private e Configure the source address i Click to expand Source address ii For Type select IPv4 address iii For Address type 192 168 2 101 f Configure the destination address i Click to expand Destina...

Страница 108: ... configuration mode config config 3 Set the maximum number of interfaces for the modem config network modem modem max_intfs 2 config 4 Create the WWAN interfaces a Create the WWANPublic interface config add network interface WWANPublic config network interface WWANPublic b Set the interface type to modem config network interface WWANPublic type modem config network interface WWANPublic c Set the m...

Страница 109: ...true config network interface WWANPrivate j Set the private APN config network interface WWANPublic modem apn private_apn config network interface WWANPublic 5 Create the routing policies For example to route all traffic from a device with the IP address of 192 168 2 101 through the private APN a Add a new routing policy config add network route policy end config network route policy 0 b Set the l...

Страница 110: ...exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a Wireless Wide Area Network WWAN Configuring a Wireless Wide Area Network WWAN involves configuring the following items Required configuration items n The interface type Modem n The firewall zone External n The cellular modem that i...

Страница 111: ...anagement priority of the WAN The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access l The IPv6 Maximum Transmission Unit MTU of the WAN l When to use DNS always never or only when this interface is the primary default route l SureLink active recovery configuration See Configure SureL...

Страница 112: ...lick n To edit an existing WWAN click to expand the WWAN New WWANs are enabled by default To disable toggle off Enable 5 For Interface type select Modem 6 The WWAN is enabled by default To disable toggle off Enable 7 Interface type defaults to Modem 8 For Zone select External 9 For Device select the cellular modem 10 For Match SIM by select a SIM matching criteria to determine when this WWAN shoul...

Страница 113: ...omatic The carrier is manually configured If the configured network is not available automatic carrier selection is used If Manual or Manual Automatic is selected a For Network PLMN ID type the PLMN ID for the cellular network b For Network technology select the technology that should be used The default is All technologies which means that the best available technology will be used Note If Manual...

Страница 114: ...t the MTU d For Use DNS n Always DNS will always be used for this WWAN when multiple interfaces have the same DNS server the interface with the lowest metric will be used for DNS requests n When primary default route Only use the DNS servers provided for this WWAN when the WWAN is the primary route n Never Never use DNS servers for this WWAN The default setting is When primary default route 19 Opt...

Страница 115: ... Set the appropriate firewall zone config network interface my_wwan zone zone config network interface my_wwan See Firewall configuration for further information 5 Select a cellular modem a Enter modem device to view available modems and the proper syntax config network interface my_wwan modem device Device The modem used by this network interface Format modem Current value config network interfac...

Страница 116: ...an n iccid Set the unique SIM card ICCID that must be in active for this WWAN to be used config network interface my_wwan modem iccid ICCID config network interface my_wwan n imsi Set the International Mobile Subscriber Identity IMSI that must be in active for this WWAN to be used config network interface my_wwan modem imsi IMSI config network interface my_wwan n plmn_id Set the PLMN id that must ...

Страница 117: ...lue is one of n automatic The cellular carrier is selected automatically by the device n manual The cellular carrier must be manually configured If the configured network is not available no cellular connection will be established n manual_automatic The carrier is manually configured If the configured network is not available automatic carrier selection is used If manual or manual_automatic is set...

Страница 118: ...erface my_wwan modem sim_failover_alt value config network interface my_wwan where value is one of n none The device will perform no alternative action if automatic SIM switching is unavailable n reset The device will reset the modem if automatic SIM switching is unavailable n reboot The device will reboot if automatic SIM switching is unavailable 12 The IX10 device uses a preconfigured list of Ac...

Страница 119: ...this WWAN when the WWAN is the primary route The default setting is primary 15 Optional IPv6 configuration items a IPv6 support is enabled by default To disable config network interface my_wwan ipv4 enable false config network interface my_wwan b Set the MTU config network interface my_wwan ipv4 mtu num config network interface my_wwan c Configure when the WWAN s DNS servers will be used config ne...

Страница 120: ...ss defaultip IPv4 up 192 168 210 1 24 defaultlinklocal IPv4 up 169 254 100 100 16 eth1 IPv4 up 10 10 10 10 24 eth1 IPv6 up fe00 2404 240 f4ff fe80 120 64 eth IPv4 up 192 168 2 1 24 eth IPv6 up fd00 2704 1 48 loopback IPv4 up 127 0 0 1 8 modem IPv4 up 10 200 1 101 30 modem IPv6 down 3 Additional information can be displayed by using the show network verbose command show network verbose Interface Pr...

Страница 121: ...IPv6 Status up IPv6 Type dhcpv6 IPv6 Address es fe00 2404 240 f4ff fe80 120 64 IPv6 Gateway ff80 234 f3ff ff0e 4320 IPv6 MTU 1500 IPv6 Metric 1 IPv6 Weight 10 IPv6 DNS Server s fd00 244 1 fe80 234 f3f4 fe0e 4320 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a WWAN Follow thi...

Страница 122: ...con next to the name of the WAN or WWAN to be deleted and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to a...

Страница 123: ... del network interface my_wwan 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 124: ... Ethernet Loopback n Firewall zone Loopback n IP address 127 0 0 1 8 n Default IP n Ethernet ETH n Firewall zone Setup n IP address 192 168 210 1 24 n Default Link local IP n Ethernet ETH n Firewall zone Setup n IP address 169 254 100 100 16 You can modify configuration settings for ETH and you can create new LANs This section contains the following topics About Local Area Networks LANs 125 Config...

Страница 125: ...nd uses the IP subnet of 192 168 2 0 24 If the WAN ETH1 Ethernet device is being used by a WAN with the same IP subnet you should change the default IP address and subnet of LAN1 Additional configuration items n Additional IPv4 configuration l The metric for IPv4 routes associated with the LAN l The relative weight for IPv4 routes associated with the LAN l The IPv4 management priority of the LAN T...

Страница 126: ...ylist and allowlist To create a new LAN or edit an existing LAN Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click ...

Страница 127: ...it does not function as an 802 1x supplicant a Click to expand Authentication b Click Enable server to enable the 802 1x authenticator on the IX10 device c Type the Server IP address of the authentication server d Server Port number defaults to 1812 Type a new port number for the authentication server if different than the default e Type the Server Password for the authentication server f Set the ...

Страница 128: ...he assigned length Leave blank to use a random identifier f Set the MTU 12 Optional Click to expand MAC address denylist Incoming packets will be dropped from any devices whose MAC addresses is included in the MAC address denylist a Click to expand MAC address denylist b For Add MAC address click c Type the MAC address 13 Optional Click to expand MAC address allowlist If allowlist entries are spec...

Страница 129: ...ork device used by this network interface Format network device eth network device loopback Current value config network interface my_lan device b Set the device for the LAN config network interface my_lan device device config network interface my_lan 6 Configure IPv4 settings n IPv4 support is enabled by default To disable config network interface my_lan ipv4 enable false config network interface...

Страница 130: ...port config network interface my_lan ipv6 enable true config network interface my_lan b Set the IPv6 type to DHCP config network interface my_lan ipv6 type dhcpv6 config network interface my_lan c Generally the default settings for IPv6 support are sufficient You can view the default IPv6 settings by using the question mark config network interface my_lan ipv6 IPv6 Parameters Current Value enable ...

Страница 131: ... interface my_lan 802_1x authentication enable true config network interface my_lan b Set the IP address of the authentication server config network interface my_lan 802_1x authentication ip IPv4_ address config network interface my_lan c Set the password for the authentication server config network interface my_lan 802_1x authentication password password config network interface my_lan d The auth...

Страница 132: ...9 Optional Configure the MAC address deny list Incoming packets will be dropped from any devices whose MAC addresses is included in the MAC address denylist a Add a MAC address to the denylist config network interface my_lan add mac_denylist end mac_address config network interface my_lan where mac_address is a hyphen separated MAC address for example 32 A6 84 2E 81 58 b Repeat for each additional...

Страница 133: ...the LAN subnet To change the LAN subnet Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configurati...

Страница 134: ...an alternate private IP config network interface lan ipv4 address IPv4_address netmask config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Change the LAN address type By default the LAN interface uses a ...

Страница 135: ...IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt set the LAN to use a DHCP address config network interface lan ipv4 type dhcp 4 Save the configuration and apply...

Страница 136: ...faultip IPv4 up 192 168 210 1 24 defaultlinklocal IPv4 up 169 254 100 100 16 eth1 IPv4 up 10 10 10 10 24 eth1 IPv6 up fe00 2404 240 f4ff fe80 120 64 eth IPv4 up 192 168 2 1 24 eth IPv6 up fd00 2704 1 48 loopback IPv4 up 127 0 0 1 8 modem IPv4 up 10 200 1 101 30 modem IPv6 down 3 Additional information can be displayed by using the show network verbose command show network verbose Interface Proto S...

Страница 137: ...c 5 IPv4 Weight 10 IPv4 DNS Server s IPv6 Status up IPv6 Type prefix IPv6 Address es fd00 2704 1 48 IPv6 Gateway IPv6 MTU 1500 IPv6 Metric 5 IPv6 Weight 10 IPv6 DNS Server s 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a LAN Follow this procedure to delete any LANs that hav...

Страница 138: ...he name of the LAN to be deleted and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2...

Страница 139: ... time automatically n A DHCP relay server which forwards DHCP requests from clients to a DHCP server that is running on a separate device Configure a DHCP server Note These instructions assume you are configuring the device to use its local DHCP server For instructions about configuring the device to use a DHCP relay server see Configure DHCP relay Required configuration items n Enable the DHCP se...

Страница 140: ... Configuration window is displayed 3 Click Network Interfaces 4 Click to expand an existing LAN or create a new LAN See Configure a LAN 5 Click to expand IPv4 DHCP server 6 Enable the DHCP server 7 Optional For Lease time type the amount of time that a DHCP lease is valid Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Le...

Страница 141: ...x type the domain name that should be appended to host names e For Primary and Secondary DNS Primary and Secondary NTP server and Primary and Secondary WINS server select either n None No server is broadcast n Automatic Broadcasts the IX10 device s server n Custom Allows you to identify the IP address of the server f For Bootfile name type the relative path and file name of the bootfile on the TFT...

Страница 142: ...ainder of the IP address will be based on the LAN s static IP address as defined in the address parameter config network interface my_lan ipv4 dhcp_server lease_start num config Allowed values are between 1 and 254 and the default is 100 6 Optional Set the highest IP address that the DHCP server will assign to a client config network interface my_lan ipv4 dhcp_server lease_end num config Allowed v...

Страница 143: ...dress or host name of the primary and secondary DNS the primary and secondary NTP server and the primary and secondary WINS servers config network interface my_lan ipv4 dhcp_server advanced primary_ dns value config network interface my_lan ipv4 dhcp_server advanced secondary_dns value config network interface my_lan ipv4 dhcp_server advanced primary_ ntp value config network interface my_lan ipv4...

Страница 144: ...tic_lease 0 save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Map static IP addresses to hosts You can configure the DHCP server to assign static IP addresses to specific hosts Required configuration items n IP address that will be mapped to the device n MAC a...

Страница 145: ... for the static lease Note The IP address here should be outside of the DHCP server s configured lease range See Configure a DHCP server for further information about the lease range 9 Optional For Hostname type a label for the static lease This does not have to be the device s actual hostname 10 Repeat for each additional DHCP static lease 11 Click Apply to save the configuration and apply the ch...

Страница 146: ... 5 Set the IP address for the static lease config network interface my_lan ipv4 dhcp_server advanced static_lease 0 ip 10 01 01 10 network interface my_lan ipv4 dhcp_server advanced static_lease 0 Note The IP address here should be outside of the DHCP server s configured lease range See Configure a DHCP server for further information about the lease range 6 Optional Set a label for this static lea...

Страница 147: ...e config config 3 Show the static lease configuration For example to show the static leases for a lan named my_lan config show network interface my_lan ipv4 dhcp_server advanced static_ lease 0 ip 192 168 2 10 mac BF C3 46 24 0E D9 no name 1 ip 192 168 2 11 mac E3 C1 1F 65 C3 0E no name config 4 Type cancel to exit configuration mode config cancel 5 Type exit to exit the Admin CLI Depending on you...

Страница 148: ...g LAN 5 Click to expand IPv4 DHCP server Advanced settings Static leases 6 Click the menu icon next to the name of the static lease to be deleted and select Delete 7 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on ...

Страница 149: ...he change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DHCP options You can configure DHCP servers running on your IX10 device to send certain specified DHCP options to DHCP clients You can also set the user class which enables you to spec...

Страница 150: ... Network Interfaces 4 Click to expand an existing LAN or create a new LAN See Configure a LAN 5 Click to expand IPv4 DHCP server Advanced settings Custom DHCP option 6 For Add Custom option click Custom options are enabled by default To disable toggle off Enable 7 For Option number type the DHCP option number 8 For Value type the value of the DHCP option 9 Optional For Label type a label for the c...

Страница 151: ...e Configure a LAN for information about creating a LAN 4 Custom options are enabled by default To disable config network interface my_lan ipv4 dhcp_server advanced custom_option 0 enable false config network interface my_lan ipv4 dhcp_server advanced custom_option 0 5 Set the option number for the DHCP option config network interface my_lan ipv4 dhcp_server advanced custom_option 0 option 210 conf...

Страница 152: ...e configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DHCP relay DHCP relay allows a router to forward DHCP requests from one LAN to a separate DHCP server typically connected to a different LAN For the IX10 device DHCP relay is configured by providing the IP address of a DHCP relay server rather than an IP address range If both the DH...

Страница 153: ...w and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Interfaces 4 Click to expand an existing LAN or create a new LAN See Configure a LAN 5 Disable the DHCP server if it is enabled a Click to expand IPv4 DHCP server b Click Enabl...

Страница 154: ...e Configure a LAN for information about creating a LAN 4 Set the IP address of the DHCP relay server config network interface my_lan ipv4 dhcp_relay 0 address 10 10 10 10 config network interface my_lan ipv4 dhcp_relay 0 5 Optional Add additional DHCP relay servers a Move back one step in the configuration schema by typing two periods config network interface my_lan ipv4 dhcp_relay 0 config networ...

Страница 155: ...tworking click DHCP Leases Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter the show dhcp lease command at the Admn CLI prompt show dhcp lease IP Address ...

Страница 156: ... on the LAN Required configuration items n Device to be assigned to the VLAN n The VLAN ID The TCP header uses the VLAN ID to identify the destination VLAN for the packet To create a VLAN Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manage...

Страница 157: ...cal command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the VLAN config add network vlan name config 4 Set the device to be used by the VLAN a View a list of available devices config network v...

Страница 158: ...penVPN clients Surelink status is only available from the Admin CLI Command line Show Surelink status for all interfaces To show the Surelink status all interfaces use the show surelink interface all command 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you ...

Страница 159: ...e name eth1 Interface Test Proto Last Response Status eth1 Interface is up IPv4 32 seconds Passing eth1 Interface s DNS servers DNS IPv4 28 seconds Passingsing 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show Surelink status for all IPsec tunnels To show the Surelink status all I...

Страница 160: ... IPsec Test Last Response Status test 194 43 79 74 Ping 29 seconds Passed test 194 43 79 75 Ping 5 seconds Passed 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show Surelink status for all OpenVPN clients To show the Surelink status all OpenVPN clients use the show surelink openvpn...

Страница 161: ... into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show surelink openvpn client name command to show the Surelink status of a specific OpenVPN client for example show surelink openvpn client test_client1 OpenVPN Client Test Last Response Stat...

Страница 162: ...orts n Application Provides access to the serial device from Python applications n RealPort Used in conjunction with the Digi RealPort driver RealPort can also be configured using the Digi Navigator For more information about configuring RealPort see Digi Navigator application n UDP serial Provides access to the serial port using UDP n Modbus Allows the device to function as a Modbus protocol gate...

Страница 163: ...age is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click the name of the port that you want to configure The serial port is enabled by default To disable toggle off Enable 4 For Mode select Login This is the default 5 Optional For Label enter a label ...

Страница 164: ... which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect The default is None 8 Click Apply to save the configuration and apply the change The Apply button is located at the top of the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Select the device in Remote Mana...

Страница 165: ...e to which you want to connect config path parambaudrate rate config 8 Set the number of data bits used by the device to which you want to connect config path paramdatabits bits config 9 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The default is none 10 Set the stop bits used by the device to wh...

Страница 166: ...match the serial configuration of the device to which you want to connect Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configurat...

Страница 167: ...evice to which you want to connect The default is 1 e Flow control For Flow control select the type of flow control used by the device to which you want to connect The default is None 8 Click Enable to enable the data framing feature 9 For Maximum Frame Count enter the maximum size of the packet The default is 1024 10 For Idle Time enter the length of time the device should wait before sending the...

Страница 168: ...ut from the serial port that are written to buffer These bytes are redisplayed when a user connects to the serial port The default is 4000 bytes d For Idle timeout type the amount of time to wait before disconnecting due to user inactivity 16 Expand Monitor Settings a Enable CTS to monitor CTS Clear to Send changes on this port b Enable DCD to monitor DCD Data Carrier Detect changes on this port 1...

Страница 169: ...e default is rs 232 6 Optional Set a label that will be used when referring to this port config path paramlabel label config 7 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 8 Set the number of data bits used by the device to which you want to connect config path paramdatabits bits config 9 Set the type of parity used by the device to which ...

Страница 170: ...e config c Set the number of bytes of output from the serial port that are written to buffer These bytes are redisplayed when a user connects to the serial port config path paramhistory bytes config The default is 4000 bytes d Set the amount of time to wait before disconnecting due to user inactivity config path paramidle_timeout value config where value is any number of weeks days hours minutes o...

Страница 171: ...Configure Application mode Application mode provides access to the serial device from Python applications To change the configuration to match the serial configuration of the device to which you want to connect Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can a...

Страница 172: ...on and apply the change The Apply button is located at the top of the WebUI page You may need to scroll to the top of the page to locate it Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type adm...

Страница 173: ...resented with an Access selection menu Type quit to disconnect from the device Configure PPP dial in mode PPP dial in allows the device to answer Point to Point Protocol PPP connections over serial ports To change the configuration to match the serial configuration of the device to which you want to connect Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin a...

Страница 174: ...600 7 For Flow control select the type of flow control used by the device to which you want to connect The default is None 8 For Idle timeout type the amount of time that the active session can be idle before the session is disconnected Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Idle timeout to ten minutes enter 10m ...

Страница 175: ...lick Override to override the default PPP configuration and only use the custom configuration file If Override is not enabled the custom PPP configuration file is used in addition to the default configuration d For Configuration file paste or type the configuration data in the format of a pppd options file 16 Optional Configure a script that will be run to prepare the link before PPP negotiations ...

Страница 176: ... Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 The serial port is enabled by default To disable config serial port1 enable f...

Страница 177: ... to ten minutes enter either 10m or 600s config serial port1 idle_timeout 600s config 9 Set the local IP address assigned to this interface config serial port1 ppp_dialin local_address IPv4_address config 10 Set the IP address assigned to the remote peer config serial port1 ppp_dialin remote_address IPv4_address config 11 Set the authentication method used to authenticate the remote peer config se...

Страница 178: ...raffic on this interface a Use the to determine available zones config serial port1 ppp_dialin zone Zone The firewall zone assigned to this interface This can be used by packet filtering rules and access control lists to restrict network traffic on this interface Format any dynamic_routes edge external internal ipsec loopback setup Default value internal Current value internal config b Set the zon...

Страница 179: ...Set the name of the script config serial port1 ppp_dialin connect script filename config Scripts are located in the etc config serial directory An example script windows_dun sh is provided Example windows_dun sh file bin sh Example connect script for connecting from a PC using a Windows dial up networking connection with built in standard 33600 bps modem driver and phone number 123 The shell s rea...

Страница 180: ...ocess refer to the Get started Install RealPort for LINUX in the RealPort Installation User s Guide Step 2 Configure the serial ports for RealPort mode You should perform this process on each of the serial ports on the device See Configure the serial port for RealPort mode Step 3 Configure the RealPort service To complete RealPort configuration on the IX10 you must enable and configure the RealPor...

Страница 181: ...ngly recommended To implement Encrypted RealPort 1 Follow the standard Windows process to access the Device Manager from your computer s operating system 2 Select Multi port Serial Adapters 3 Right click on your device Click the Properties menu option The Properties dialog appears 4 Click the Advanced tab 5 Click Properties The Advanced Properties dialog appears 6 Click the Security tab 7 Select t...

Страница 182: ...onfiguration to match the serial configuration of the device to which you want to connect Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or S...

Страница 183: ... page You may need to scroll to the top of the page to locate it Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter confi...

Страница 184: ...ce After you have configured RealPort mode on the IX10 you must enable and configure the RealPort service When this step is complete all of the serial ports on the IX10 are configured to use the RealPort service Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Configuration Device Configuration 3 Expand Services 4 Expand RealPort 5 Click Enable to enable the Rea...

Страница 185: ...h you want to connect Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Under Configuration click Serial Configuration The Serial Configuration page is displayed Note You can also configure the serial port by using Device Configuration Serial Changes made by using either Device Configuration or Serial Configuration will be reflected in both 3 Click to expand the ...

Страница 186: ...to connect d For Stop bits select the number of stop bits used by the device to which you want to connect e For Flow control select the type of flow control used by the device to which you want to connect 8 Expand Data Framing Settings a Click Enable to enable the data framing feature b For Maximum Frame Count enter the maximum size of the packet The default is 1024 c For Idle Time enter the lengt...

Страница 187: ...h data was received To add a destination i Click Add Destination A destination row is added ii Optional For Description enter a description of the destination iii For Hostname enter the host name or IP address of the remote site to which data should be sent iv For Port enter the port number of the remote site to which data should be sent 10 Click Apply to save the configuration and apply the chang...

Страница 188: ... l Enable termination if you want to enable electrical termination on this serial port config serial port1 termination true config The default is rs 232 6 Optional Set a label that will be used when referring to this port config serial port1 label label config 7 Set the baud rate used by the device to which you want to connect config serial port1 label baudrate rate config 8 Set the number of data...

Страница 189: ...et config serial port1 framing max_count int config The default is 1024 14 Set the length of time the device should wait before sending the packet config serial port1 framing idle_time value config where value is in milliseconds ms or seconds s The maximum value is 60s 15 Set the end pattern The packet is sent when this pattern is received from the serial port config serial port1 framing end_patte...

Страница 190: ...l port1 udp destination 0 iii Set the host name or IP address of the remote site to which data should be sent config serial port1 udp destination 0 hostname hostanme or IP address config serial port1 udp destination 0 iv Set the port number of the remote site to which data should be sent config serial port1 udp destination 0 port port config serial port1 udp destination 0 20 Save the configuration...

Страница 191: ...l that will be used when referring to this port 6 For Signalling select the electrical signaling interface type used on this serial port n RS 232 n RS 485 l Enable Termination if you want to enable electrical termination on this serial port The default is RS 232 7 Expand Serial Settings The entries in the following fields must match the information for the power controller Refer to your power cont...

Страница 192: ...you want to connect config path paramdatabits bits config 3 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The default is none 4 Set the stop bits used by the device to which you want to connect config path paramstopbits bits config 5 Set the type of flow control used by the device to which you wan...

Страница 193: ...le false config 4 Set the mode config serial port1 mode modbus config 5 Set the signaling interface type used on this serial port n rs 232 n rs 485 l Enable termination if you want to enable electrical termination on this serial port config serial port1 termination true config The default is rs 232 6 Optional Set a label that will be used when referring to this port config path paramlabel label co...

Страница 194: ...ne 1 Set the baud rate used by the device to which you want to connect config path parambaudrate rate config 2 Set the number of data bits used by the device to which you want to connect config path paramdatabits bits config 3 Set the type of parity used by the device to which you want to connect config path paramparity parity config Allowed values are n even n odd n none The default is none 4 Set...

Страница 195: ...ss rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show serial command show serial Label Port Enable Mode Baudrate Serial 1 port1 true login 9600 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the dev...

Страница 196: ...i Navigator features n Discover the IP address when connected to a network n Discover the IP address when not on a network n Manage the RealPort device list n Access the web UI from the Digi Navigator n Filter devices for display in the Digi Navigator n Access Digi Remote Manager from the Digi Navigator Configure RealPort from the Digi Navigator You can configure the IX10 to communicate with your ...

Страница 197: ...default user name is admin and the default password is the unique password printed on the label packaged with your device c Click Submit A progress message displays d When RealPort configuration is complete the Success message displays e Click Close to close the message 6 Configure RealPort on your computer a Click Configure this PC for RealPort b From the Select starting COM list box select the f...

Страница 198: ...Digi Navigator to quickly discover the IP address for the IX10 Make sure you have the device powered and connected the device to your network or computer with an Ethernet cable See Connect to and access the Digi Navigator 1 Download and install the Digi Navigator 2 Launch the Digi Navigator 3 The tool discovers the IX10 devices that are powered on and connected to your network When the process is ...

Страница 199: ... b The Microsoft Visual C installation screen closes automatically when installation is complete 5 Click Finish to complete installation of the Digi Navigator Digi Navigator features All features of the Digi Navigator are available from the main application screen Section Description Green toolbar From the toolbar at the top of the screen you can apply filters and access Digi Remote Manager Filter...

Страница 200: ...address when connected to a network To discover the IP address for a IX10 device connected to your network the Digi Navigator uses the HTTPS service by default Other services can be used if needed 1 Make sure your device is connected to the network and the Digi Navigator is installed 2 Launch the Digi Navigator 3 Click Filters from the green toolbar to expand the toolbar and display the filter opt...

Страница 201: ...ar and hide the filters Manage the RealPort device list After you have enabled and configured RealPort on at least one IX10 device a list of configured devices displays at the bottom of the Digi Navigator application screen Using the available buttons you can refresh the list and easily access the COM port configuration on your computer Refresh Click Refresh to update the list of IX10 devices that...

Страница 202: ...ress you want to use The login screen for the web UI launches a Enter the user name and password for the IX10 in the Username and Password fields b Click Login Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to determine the types of IX10 devices you want to display Only the devices that are powered on and connected to your network can be included in the Dig...

Страница 203: ...imize the toolbar and hide the filters Access Digi Remote Manager from the Digi Navigator You can access Digi Remote Manager from the Digi Navigator Within the Remote Manager you can configure and monitor your IX10 For information about using Digi Remote Manager refer to the Digi Remote Manager User Guide 1 Make sure you have the device powered and connected the device to your network or computer ...

Страница 204: ...Routing This chapter contains the following topics IP routing 205 Show the routing table 222 Dynamic DNS 223 Virtual Router Redundancy Protocol VRRP 229 IX10 User Guide 204 ...

Страница 205: ...destination it forwards the IP packet to the configured IP gateway or interface 3 If it cannot find a route for the destination it uses a default route 4 If there are two or more routes to a destination the device uses the route with the longest mask 5 If there are two or more routes to a destination with the same mask the device uses the route with the lowest metric This section contains the foll...

Страница 206: ...n n The metric for the route When multiple routes are available to reach the same destination the route with the lowest metric is used n The Maximum Transmission Units MTU of network packets using this route To configure a static route Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate yo...

Страница 207: ... 255 0 type 192 168 47 0 24 The any keyword can also be used to route packets to any destination with this static route 7 For Interface select the interface on the IX10 device that will be used with this static route 8 Optional For Gateway type the IPv4 address of the gateway used to reach the destination Set to blank if the destination can be accessed without a gateway 9 Optional For Metric type ...

Страница 208: ...the destination of this route For example config network route static 0 destination ip_address netmask config network route static 0 For example to route traffic to the 192 168 47 0 network that uses a subnet mask of 255 255 255 0 config network route static 0 dst 192 168 47 0 24 config network route static 0 The any keyword can also be used to route packets to any destination with this static rou...

Страница 209: ...11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a static route Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager...

Страница 210: ...ll Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the static route to be deleted config show network route static 0 dst 10 0 0 1 enable true no gateway interface network interface lan1 label new...

Страница 211: ...lar connection while all other traffic is routed through an Ethernet WAN connection Policy based routing for the IX10 device uses the following criteria to determine how to route traffic n Firewall zone for example internal outbound traffic external inbound traffic or IPSec tunnel traffic n Network interface for example the cellular connection the WAN or the LAN n IPv4 address n IPv6 address n MAC...

Страница 212: ... for the routing policy n Whether packets that match this policy should be dropped when the gateway interface is disconnected rather than forwarded through other interfaces To configure a routing policy Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Dig...

Страница 213: ...4 or IPv6 9 For Protocol select Any TCP UDP or ICMP n If TCP or UDP is selected for Protocol type the port numbers of the Source port and Destination port or set to any to match for any port n If ICMP is selected for Protocol type the ICMP type and optional code or set to any to match for any ICMP type 10 For DSCP type the 6 bit hexadecimal Differentiated Services Code Point DSCP field match crite...

Страница 214: ...k Use the format IPv4_address netmask or use any to match any IPv4 address n IPv6 address Matches the destination IP address to the specified IP address or network Use the format IPv6_address prefix_length or use any to match any IPv6 address n Domain Matches the destination IP address to the specified domain names To specify domains i Click to expand Domains ii Click the to add a domain iii For D...

Страница 215: ... gateway interface is disconnected rather than forwarded through other interfaces config network route policy 0 exclusive true config network route policy 0 7 Select the IP version config network route policy 0 ip_version value config network route policy 0 where value is one of any ipv4 or ipv6 8 Set the protocol config network route policy 0 protocol value config network route policy 0 where val...

Страница 216: ...ol is matched Identify the ICMP type config network route policy 0 icmp_type value config network route policy 0 where value is the ICMP type and optional code or set to any to match for any ICMP type 9 Set the source address type config network route policy 0 src type value config network route policy 0 where value is one of n zone Matches the source IP address to the selected firewall zone Set t...

Страница 217: ...e uses the format IPv4_address netmask or any to match any IPv4 address n address6 Matches the source IPv6 address to the specified IP address or network Set the address that will be matched config network route policy 0 src address6 value config network route policy 0 where value uses the format IPv6_address prefix_length or any to match any IPv6 address n mac Matches the source MAC address to th...

Страница 218: ...e policy 0 dst interface network interface eth1 config network route policy 0 n address Matches the destination IPv4 address to the specified IP address or network Set the address that will be matched config network route policy 0 dst address value config network route policy 0 where value uses the format IPv4_address netmask or any to match any IPv4 address n address6 Matches the destination IPv6...

Страница 219: ...v1 RFC1058 RIPng The IPv6 Routing Information Protocol RIP service supports RIPng RFC2080 OSPFv2 The IPv4 Open Shortest Path First OSPF service supports OSPFv2 RFC2328 OSPFv3 The IPv6 Open Shortest Path First OSPF service supports OSPFv3 RFC2740 BGP The Border Gateway Protocol BGP service supports BGP 4 RFC1771 IS IS The IPv4 and IPv6 Intermediate System to Intermediate System IS IS service Config...

Страница 220: ...namic routes is specifically designed to work with routing services and should be left as the default 5 Configure the routing services that will be used a Click to expand a routing service b Enable the routing service c Complete the configuration of the routing service 6 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions ...

Страница 221: ...es config network route service Routing services Settings for dynamic routing services and protocols Parameters Current Value enable true Enable zone dynamic_routes Zone Additional Configuration bgp BGP isis IS IS ospfv2 OSPFv2 ospfv3 OSPFv3 rip RIP ripng RIPng config b Enable a routing service that will be used For example to enable the RIP service config network route service rip enable true con...

Страница 222: ...ted with an Access selection menu Type quit to disconnect from the device Show the routing table To display the routing table Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click...

Страница 223: ... device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Dynamic DNS The Domain Name System DNS uses name servers to provide a mapping between computer readable IP addresses and human readable hostnames This allows users to access websites and personal networks with easy to remember URLs Unfortunately IP addresses change frequently invalidati...

Страница 224: ...e amount of time to wait to check if the interface s IP address needs to be updated n The amount of time to wait to force an update of the interface s IP address n The amount of time to wait for an IP address update to succeed before retrying the update n The number of times to retry a failed IP address update Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admi...

Страница 225: ...select the interface that has its IP address registered with the Dynamic DNS provider 6 For Service select the Dynamic DNS provider or select custom to enter a custom URL for the Dynamic DNS provider 7 If custom is selected for Service type the Custom URL that should be used to update the IP address with the Dynamic DNS provider 8 Type the Domain name that is linked to the interface s IP address 9...

Страница 226: ...ormat number w d h m s For example to set Retry interval to ten minutes enter 10m or 600s 13 Optional For Retry count type the number of times to retry a failed IP address update 14 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access righ...

Страница 227: ...w_ddns_instance custom url config network ddns new_ddns_instance 7 Set the domain name that is linked to the interface s IP address config network ddns new_ddns_instance domain domain_name config network ddns new_ddns_instance 8 Set the username to authenticate with the Dynamic DNS provider config network ddns new_ddns_instance username name config network ddns new_ddns_instance 9 Set the password...

Страница 228: ... amount of time to wait for an IP address update to succeed before retrying the update config network ddns new_ddns_instance retry_interval value config network ddns new_ddns_instance where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set retry_interval to ten minutes enter either 10m or 600s config network ddns new_ddns_instance r...

Страница 229: ...g devices from master to backup and from backup to master even if the device has not failed For example if a host becomes unreachable on the far end of a network link then the physical default gateway can be changed by adjusting the VRRP priority of the IX10 device connected to the failing link This provides failover capabilities based on the status of connections behind the router in addition to ...

Страница 230: ...emote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click The new VRRP instance configuration is displayed ...

Страница 231: ...es are from 1 and 255 and it is configured to 100 by default 9 Optional For Password type a password that will be used to authenticate this VRRP router with VRRP peers If the password length exceeds 8 characters it will be truncated to 8 characters 10 Configure the virtual IP addresses associated with this VRRP instance a Click to expand Virtual IP addresses b Click to add a virtual IP address c F...

Страница 232: ...The router with the highest priority will be used as the master router If the master router fails then the IP address of the virtual router is mapped to the backup device with the next highest priority If this device s actual IP address is being used as the virtual IP address of the VRRP pool then the priority of this device should be set to 255 Allowed values are from 1 and 255 and it is configur...

Страница 233: ...SureLink is enabled by default on all WAN interfaces and should not be disabled on the WAN interfaces that are being monitored by VRRP If multiple WAN interfaces are being monitored on the same device the VRRP priority will be adjusted only if all WAN interfaces fail SureLink tests l The amount that the VRRP priority will be modified when SureLink determines that the VRRP interface is not function...

Страница 234: ...ick the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 Create a new VRRP instance or click to expand an existing VRRP instance See Configure VRRP for information about creating a new VRRP instance 5 Click to expand VRRP 6 Click Enable ...

Страница 235: ... connectivity failure and increased when SureLink succeeds again Along with the priority settings for devices in this VRRP pool the amount entered here should be large enough to automatically demote a master device when SureLink connectivity fails For example if the VRRP master device has a priority of 100 and the backup device has a priority of 80 then the Priority modifier should be set to an am...

Страница 236: ... interface has network connectivity and promote a backup to master if SureLink fails i Click to expand IPv4 SureLink ii Click Enable iii For Interval type a the amount of time to wait between connectivity tests To guarantee seamless internet access for VRRP purposes SureLink tests should occur more often than the default of 15 minutes Allowed values are any number of weeks days hours minutes or se...

Страница 237: ...test vrrp_plus enable true config 5 Add interfaces to monitor Generally this will be a cellular or WAN interface a Use the to determine available interfaces b Set the interface for example config add network vrrp VRRP_test vrrp_plus monitor_interface end network interface modem config c Optional Repeat for additional interfaces 6 Set the amount that the device s priority should be decreased or inc...

Страница 238: ...l IP addresses i Set the DHCP server gateway type to custom config network interface eth ipv4 dhcp_server advanced gateway custom config ii Determine the VRRP virtual IP addresses config show network vrrp VRRP_test virtual_address 0 192 168 3 3 1 10 10 10 1 config iii Set the custom gateway to one of the VRRP virtual IP addresses For example config network interface eth ipv4 dhcp_server advanced g...

Страница 239: ...rface eth ipv4 surelink target 0 test value config network interface eth ipv4 surelink target 0 where value is one of n ping Tests connectivity by sending an ICMP echo request to a specified hostname or IP address l Specify the hostname or IP address config network interface eth ipv4 surelink target 0 ping_host host config network interface eth ipv4 surelink target 0 l Optional Set the size in byt...

Страница 240: ...e eth ipv4 surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set interface_down_time to ten minutes enter either 10m or 600s config network interface eth ipv4 surelink target 0 interface_down_time 600s config network interface eth ipv4 surelink target 0 The default is 60 seconds l Optional Set the amount of time ...

Страница 241: ...he device Example VRRP VRRP configuration This example configuration creates a VRRP pool containing two IX10 devices Configure device one master device Web Task 1 Configure VRRP on device one 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manage...

Страница 242: ...ation window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click The new VRRP instance configuration is displayed 5 Click Enable 6 For Interface select Interface ETH 7 For Router ID leave at the default setting of 50 8 For Priority leave at the default setting of 100 9 Click to expand Virtual IP addresses ...

Страница 243: ... Select Interface Modem 6 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH on device one 1 Click Network Interfaces ETH IPv4 2 For Address type 192 168 3 1 24 Task 4 Configure the DHCP server for ETH on device one 1 Click to expand Network Interfaces ETH IPv4 DHCP Server 2 For Lease range start leave at the default of 100 3 For Lease range end type 199 4 Cli...

Страница 244: ...p VRRP_test 4 Enable the VRRP instance config network vrrp VRRP_test enable true config network vrrp VRRP_test 5 Set the VRRP interface to ETH config network vrrp VRRP_test interface network interface eth config network vrrp VRRP_test 6 Add the virtual IP address associated with this VRRP instance config network vrrp VRRP_test add virtual_address end 192 168 3 3 config network vrrp VRRP_test Task ...

Страница 245: ...CP addresses to clients a Set the start address to 100 config network interface eth ipv4 dhcp_server lease_start 100 config b Set the end address to 199 config network interface eth ipv4 dhcp_server lease_end 199 config 2 Set the DHCP server gateway type to custom config network interface eth ipv4 dhcp_server advanced gateway custom config 3 Set the custom gateway to 192 168 3 3 config network int...

Страница 246: ...ation Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network VRRP 4 For Add VRRP instance type a name for the VRRP instance and click The new VRRP in...

Страница 247: ...onfigure VRRP on device two 1 Click to expand VRRP 2 Click Enable 3 Click to expand Monitor interfaces 4 Click to add an interface for monitoring 5 Select Interface Modem 6 Click to enable Monitor VRRP master 7 For Priority modifier type 30 Task 3 Configure the IP address for the VRRP interface ETH on device two 1 Click Network Interfaces ETH IPv4 2 For Address type 192 168 3 2 24 3 For Default ga...

Страница 248: ...pand Network Interfaces ETH IPv4 DHCP Server 2 For Lease range start type 200 3 For Lease range end type 250 4 Click Advanced settings 5 For Gateway select Custom 6 For Custom gateway enter 192 168 3 3 7 Click Apply to save the configuration and apply the change Command line Task 1 Configure VRRP on device two 1 Select the device in Remote Manager and click Actions Open Console or log into the IX1...

Страница 249: ... vrrp VRRP_test add virtual_address end 192 168 3 3 config network vrrp VRRP_test Task 2 Configure VRRP on device two 1 Enable VRRP config network vrrp VRRP_test vrrp_plus enable true config network vrrp VRRP_test 2 Add the interface to monitor config network vrrp VRRP_test add vrrp_plus monitor_interface end network interface modem config network vrrp VRRP_test 3 Enable the ability to monitor the...

Страница 250: ...le true config 2 Create a SureLink test target config add network interface eth ipv4 surelink target end config network interface eth ipv4 surelink target 0 3 Set the type of test to ping config network interface eth ipv4 surelink target 0 test ping config network interface eth ipv4 surelink target 0 4 Set my devicecloud com as the hostname to ping config network interface eth ipv4 surelink target...

Страница 251: ...g save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX10 device VRRP status is available from the Web UI only Web 1 Log into Digi Remote Manager or log into t...

Страница 252: ...played Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type show vrrp show vrrp VRRP Status Proto State Virtual IP VRRP_test Up IPv4 Ba...

Страница 253: ...t type show vrrp name name show vrrp name VRRP_test VRRP_test VRRP Status Enabled True Status Up Interface lan IPv4 Virtual IP address es 10 10 10 1 100 100 100 1 Current State Master Current Priority 100 Last Transition Tue Jan 1 00 00 39 2019 Became Master 1 Released Master 0 Adverts Sent 71 Adverts Received 4 Priority Zero Sent 0 Priority zero Received 0 ...

Страница 254: ...y connect two private networks together so that devices can connect from one network to the other using secure channels This chapter contains the following topics IPsec 255 OpenVPN 311 Generic Routing Encapsulation GRE 345 L2TP 366 L2TPv3 Ethernet 385 NEMO 391 IX10 User Guide 254 ...

Страница 255: ...ec can run in two different modes Tunnel and Transport Tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet Transport Only the payload of the IP packet is encrypted and or authenticated The IP header is left untouched This mode has limitations when using an authentication header because the IP addresses in the IP header cannot be tra...

Страница 256: ...d key authentication mode provides additional security by using client authentication credentials in addition to the standard pre shared key The IX10 device can be configured to authenticate with the remote peer as an XAUTH client RSA Signatures With RSA signatures authentication the IX10 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key Cert...

Страница 257: ...Configure SureLink active recovery for IPsec for information about IPsec active recovery Additional configuration items The following additional configuration settings are not typically configured to get an IPsec tunnel working but can be configured as needed n Determine whether the device should use UDP encapsulation even when it does not detect that NAT is being used n If using IPsec failover id...

Страница 258: ...ular or otherwise you must configure a static route to direct the traffic either through the IPsec tunnel or through the WAN outside of the IPsec tunnel See Configure a static route for information about configuring a static route Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your de...

Страница 259: ... 8 Optional Enable Force UDP encapsulation to force the tunnel to use UDP encapsulation even when it does not detect that NAT is being used 9 For Zone select the firewall zone for the IPsec tunnel Generally this should be left at the default of IPsec Note Depending on your network configuration you may need to add a packet filtering rule to allow incoming traffic For example for the IPsec zone a C...

Страница 260: ...ayload Provides encryption as well as authentication and integrity n AH Authentication Header Provides authentication and integrity only 14 Click to expand Authentication a For Authentication type select one of the following n Pre shared key Uses a pre shared key PSK to authenticate with the remote peer i Type the Pre shared key n Asymmetric pre shared keys Uses asymmetric pre shared keys to authe...

Страница 261: ...ate in PEM format l Certificate Authority For Certificate Authority chain paste the Certificate Authority CA certificates These must include all peer certificates in the chain up to the root CA certificate in PEM format 15 Optional For Management Priority set the management priority for this IPsec tunnel A tunnel that is up and has the highest priority will be used for central management and direc...

Страница 262: ...alue type the key ID n MAC address The device s primary MAC address will be used as the ID and sent as a ID_KEY_ID IKE identity n Serial number The device s serial number will be used as the ID and sent as a ID_KEY_ID IKE identity 19 Click to expand Remote endpoint a For IP version select either IPv4 or IPv6 b For Hostname list selection select one of the following n Round robin Attempts to connec...

Страница 263: ...ified Domain Name and sent as an ID_FQDN IKE identity For FQDN ID value type the ID as an FQDN n KeyID The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity For KEYID ID value type the key ID n MAC address The device s primary MAC address will be used as the ID and sent as a ID_KEY_ID IKE identity n Serial number The device s serial number will be used as the ID and sent as ...

Страница 264: ...col is selected type the number of the protocol e For Port type the port matching criteria Allowed values are a port number a range of port numbers or any f Optional Click to expand Remote traffic selector g For Remote network enter the IP address and optional netmask of the remote network h For Protocol select one of the following n Any Matches any protocol n TCP Matches TCP protocol only n UDP M...

Страница 265: ...e IKE security association expires after a successful negotiation and must be re authenticated Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Phase 1 lifetime to ten minutes enter 10m or 600s g For Phase 2 lifetime enter the amount of time that the IKE security association expires after a successful negotiation and must ...

Страница 266: ...lick to expand NAT to create a list of destination networks that require source NAT a Click next to Add NAT destination b For Destination network type the IPv4 address and optional netmask of a destination network that requires source NAT You can also use any meaning that any destination network connected to the tunnel will use source NAT 24 See Configure SureLink active recovery for IPsec for inf...

Страница 267: ...signed to this IPsec tunnel This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel Format any dynamic_routes edge external internal ipsec loopback setup Default value ipsec Current value ipsec config vpn ipsec tunnel ipsec_example Note Depending on your network configuration you may need to add a packet filtering rule to allow incoming traffi...

Страница 268: ... n tunnel The entire IP packet is encrypted and or authenticated and then encapsulated as the payload in a new IP packet n transport Only the payload of the IP packet is encrypted and or authenticated The IP header is unencrypted The default is tunnel 8 Set the protocol config vpn ipsec tunnel ipsec_example type protocol config vpn ipsec tunnel ipsec_example where protocol is either n esp Encapsul...

Страница 269: ...remote peer a For the private_key parameter paste the device s private RSA key in PEM format config vpn ipsec tunnel ipsec_example auth private_key key config vpn ipsec tunnel ipsec_example b Set the private key passphrase that is used to decrypt the private key Leave blank if the private key is not encrypted config vpn ipsec tunnel ipsec_example auth private_key_ passphrase passphrase config vpn ...

Страница 270: ...ertificate Authority chain for verification o For the ca_cert parameter paste the Certificate Authority CA certificates These must include all peer certificates in the chain up to the root CA certificate in PEM format config vpn ipsec tunnel ipsec_example auth ca_cert cert_ chain config vpn ipsec tunnel ipsec_example 11 Optional Configure the device to connect to its remote peer as an XAUTH client...

Страница 271: ...ID will be automatically determined from the value of the tunnels endpoints n raw Enter an ID and have it passed unmodified to the underlying IPsec stack Set the unmodified ID that will be passed config vpn ipsec tunnel ipsec_example local id type raw_id id config vpn ipsec tunnel ipsec_example n any Any ID will be accepted n ipv4 The ID will be interpreted as an IPv4 address and sent as an ID_IPV...

Страница 272: ...ndpoint a Add a remote hostname config vpn ipsec tunnel ipsec_example add remote hostname end value config vpn ipsec tunnel ipsec_example where value is the hostname or IPv4 address of the IPsec peer If your device is not configured to initiate the IPsec connection see ike initiate you can also use the keyword any which means that the hostname is dynamic or unknown Repeat for additional hostnames ...

Страница 273: ... ID This can be a fully qualified domain name or an IPv6 address config vpn ipsec tunnel ipsec_example remote id type ipv6_id id config vpn ipsec tunnel ipsec_example n rfc822 The ID will be interpreted as an RFC822 email address Set the ID in internet email address format config vpn ipsec tunnel ipsec_example remote id type rfc822_ id id config vpn ipsec tunnel ipsec_example n fqdn The ID will be...

Страница 274: ...g vpn ipsec tunnel ipsec_example where value is one of n if_supported Send oversized IKE messages in fragments if the peer supports receiving them n always Always send IKEv1 messages in fragments For IKEv2 this option is equivalent to if supported n never Do not send oversized IKE messages in fragments n accept Do not send oversized IKE messages in fragments but announce support for fragmentation ...

Страница 275: ...g vpn ipsec tunnel ipsec_example where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set lifetime_margin to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example ike lifetime_margin 600s config vpn ipsec tunnel ipsec_example The default is nine minutes i Configure the types of encryption hash and Diffie Hellman ...

Страница 276: ...e 1 proposals i Move back one level in the schema config vpn ipsec tunnel ipsec_example ike phase1_proposal 0 config vpn ipsec tunnel ipsec_example ike phase1_proposal ii Add an additional proposal config vpn ipsec tunnel ipsec_example ike phase1_proposal add end config vpn ipsec tunnel ipsec_example ike phase1_proposal 1 Repeat the above steps to set the type of encryption hash and Diffie Hellman...

Страница 277: ...llman group types config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 dh_group curve25519 curve448 ecp192 ecp224 config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 ii Set the Diffie Hellman group type config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 dh_group value config vpn ipsec tunnel ipsec_example ike phase2_proposal 0 The default is modp2048 vi Optional Add additio...

Страница 278: ...d peer packet before assuming the tunnel has failed The default is 90 config vpn ipsec tunnel ipsec_example dpd timeout value config 17 Optional Create a list of destination networks that require source NAT a Add a destination network config add vpn ipsec tunnel ipsec_example nat end config vpn ipsec tunnel ipsec_example nat 0 b Set the IPv4 address and optional netmask of a destination network th...

Страница 279: ... 0 n custom A user defined network Set the custom network config vpn ipsec tunnel ipsec_example policy 0 local custom value config vpn ipsec tunnel ipsec_example policy 0 where value is the IPv4 address and optional netmask The keyword any can also be used n request Requests a network from the remote peer n dynamic Uses the address of the local endpoint d Set the port matching criteria for the loc...

Страница 280: ...lue is the port number a range of port numbers or the keyword any h Set the protocol matching criteria for the remote traffic selector config vpn ipsec tunnel ipsec_example policy 0 remote protocol value config vpn ipsec tunnel ipsec_example policy 0 where value is one of n any Matches any protocol n tcp Matches TCP protocol only n udp Matches UDP protocol only n icmp Matches ICMP requests only n ...

Страница 281: ...ection_try_interval Connection try interval ike_timeout IKE timeout config Generally the default settings for these should be sufficient c You can also enable debugging for IPsec config vpn ipsec advanced debug value config where value is one of n none n basic_auditing n detailed_control n generic_control n raw_data n sensitive_data 20 Save the configuration and apply the change config save Config...

Страница 282: ...th tunnels are active simultaneously and there is minimal downtime due to failover l Identify the preferred tunnel during configuration of the backup tunnel In this scenario the backup tunnel is not active until the preferred tunnel fails IPsec failover using SureLink With this configuration when two IPsec tunnels are configured with the same local and remote endpoints but different metrics traffi...

Страница 283: ...point Web 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions n During configuration of the IPsec tunnel set the metric to a low value for example 10 n Configure SureLink for the primary IPsec tunnel and enable Restart interface See Configure SureLink active recovery for IPsec for instructions 2 Create a backup IPsec tunnel Configure this tunnel to use the same loca...

Страница 284: ... a value that is higher than the metric of the primary tunnel for example 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel metric 20 config vpn ipsec tunnel IPsecFailoverBackupTunnel IPsec failover using Preferred tunnel Web 1 Configure the primary IPsec tunnel See Configure an IPsec tunnel for instructions 2 Create a backup IPsec tunnel See Configure an IPsec tunnel for instructions 3 During ...

Страница 285: ...uration items n A valid IPsec configuration See Configure an IPsec tunnel for configuration instructions n Enable IPsec active recovery n The behavior of the IX10 device upon IPsec failure either l Restart the IPsec interface l Reboot the device Additional configuration items n The interval between connectivity tests n Whether the interface should be considered to have failed if one of the test ta...

Страница 286: ...D c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN IPsec 4 Create a new IPsec tunnel or select an existing one n To create a new IPsec tunnel see Configure an IPsec tunnel n To edit an existing IPsec tunnel click to expand the appropriate tunnel ...

Страница 287: ... seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Response timeout ...

Страница 288: ...ding an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be do...

Страница 289: ...t the interface when its connection is considered to have failed config vpn ipsec tunnel ipsec_example surelink restart true config vpn ipsec tunnel ipsec_example This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 6 To configure the device to reboot when the interface is considered to have failed config vpn ipsec tunnel ipsec_example surelink reboo...

Страница 290: ...timeout to ten minutes enter either 10m or 600s config vpn ipsec tunnel ipsec_example surelink timeout 600s config vpn ipsec tunnel ipsec_example The default is 15 seconds 11 Configure test targets a Add a test target config vpn ipsec tunnel ipsec_example add surelink target end config vpn ipsec tunnel ipsec_example surelink target 0 b Set the test type config vpn ipsec tunnel ipsec_example sureli...

Страница 291: ...face takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config vpn ipsec tunnel ipsec_example surelink target 0 interface_down_time value config vpn ipsec tunnel ipsec_example surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w...

Страница 292: ...interface s IP version This allows you to determine the alternate interface s status for a particular IP version config vpn ipsec tunnel ipsec_example surelink target 0 other_ip_version value config vpn ipsec tunnel ipsec_example surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config vpn ipsec tunnel ipsec_example surelink target 0...

Страница 293: ...etails about all configured IPsec tunnels type the following at the prompt show ipsec all Name Enable Status Hostname ipsec1 true up 192 168 2 1 vpn1 false pending 192 168 3 1 3 To display details about a specific tunnel show ipsec tunnel ipsec1 Tunnel ipsec1 Enable true Status pending Hostname 192 168 2 1 Zone ipsec Mode tunnel Type esp 4 Type exit to exit the Admin CLI Depending on your device c...

Страница 294: ...n click Device Configuration The Configuration window is displayed 3 Click VPN IPsec 4 Click to expand Advanced 5 For Debug level select one of the following n Disable debug messages n Basic auditing debug Logs basic auditing information for example SA up SA down n Generic control flow Select this for basic debugging information n Detailed control flow More detailed debugging control flow n Raw da...

Страница 295: ...es sensitive material in dumps for example encryption keys 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a Simple Certificate Enrollment Protocol client Simple Certificate Enrollment Protocol SC...

Страница 296: ...cess rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network SCEP Client 4 For Add clients enter a name for t...

Страница 297: ...ing Interval to ten minutes enter 10m or 600s The default is 5s 8 For Key Length type the bit size of the private key The default is 2048 9 For Renewable Time type the number of days that the certificate enrollment can be renewed prior to the request expiring This value is configured on the SCEP server and is used by the IX10 device to determine when to start attempting to auto renew an existing c...

Страница 298: ...ach appropriate Distinguished Name attribute 20 Optional Configure the certificate revocation list CRL a Click to expand CRL b Click Enable to enable the CRL c For Type select the type of CRL n URL The URL to the file name used to access the certificate revocation list from the CA n CRLDP The CRL distribution point n getCRL A CRL query using the issuer name and serial number from the certificate w...

Страница 299: ...me 6 Optiona Set a CA idenity string that will be understood by the certificate authority For example it could be a domain name or a user name If the certificate authority has multiple CA certificates this field can be used to distinguish which is required config network scep_client scep_client_name server ca_ident string config network scep_client scep_client_name 7 Set the HTTP URL path required...

Страница 300: ...scep_client scep_client_name distinguished_name ou value config network scep_client scep_client_name g Set the Common Name config network scep_client scep_client_name distinguished_name cn value config network scep_client scep_client_name 10 Optional Configure the certificate revocation list CRL a Enable the CRL config network scep_client scep_client_name crl enable true config network scep_client...

Страница 301: ...ient scep_client_name where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set max_poll_time to ten minutes enter either 10m or 600s config network scep_client scep_client_name max_poll_time 600s config network scep_client scep_client_name The default is 1d 13 Set the amount of time that the device should wait between polling attempt...

Страница 302: ...guration you may be presented with an Access selection menu Type quit to disconnect from the device Example SCEP client configuration with Fortinet SCEP server In this example configuration we will configure the IX10 device as a SCEP client that will connect to a Fortinet SCEP server Fortinet configuration On the Fortinet server 1 Enable ports for SCEP services a From the menu select Network Inter...

Страница 303: ...butes entered here must correspond to the Distinguished Name attributes configured for the SCEP client on the IX10 device f For Renewal Allow renewal x days before the certified is expired type the number of days that the certificate enrollment can be renewed prior to the request expiring The Renewable Time setting on the IX10 device must match the setting of this parameter g The remaining fields ...

Страница 304: ...P client configuration is displayed 5 Click Enable to enable the SCEP client 6 For Renewable Time type the number of days that the certificate enrollment can be renewed prior to the request expiring This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortinet server 7 Optional Click Debug to enable verbose logging in var log scep_client ...

Страница 305: ...DN attributes in the Enrollment Request on the Fortinet server 13 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access th...

Страница 306: ...Name attributes The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server a Set the Domain Component config network scep_client Fortinet_SCEP_client distinguished_name dc value config network scep_client Fortinet_SCEP_client b Set the two letter Country Code config network scep_client Fortinet_SCEP_client distinguished_name c value config network...

Страница 307: ...nfig network scep_client Fortinet_SCEP_client 10 Save the configuration and apply the change config network scep_client Fortinet_SCEP_client save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show SCEP client status and information You can show general SCEP cli...

Страница 308: ...rtificate Authority Certificate 1 Subject C US CN TA SCEP 1 MSCEP RA Issuer CN TA SCEP 1 CA Serial 1100000002A1E755981C0C3F34000000000002 Expiry Apr 25 13 42 47 2023 GMT Certificate Authority Certificate 2 Subject C US CN TA SCEP 1 MSCEP RA Issuer CN TA SCEP 1 CA Serial 1100000003268AFB5E98BFCA73000000000003 Expiry Apr 25 13 42 48 2023 GMT Certificate Authority Certificate 3 Subject CN TA SCEP 1 C...

Страница 309: ...lem Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Co...

Страница 310: ...pe admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Disable hardware cryptographic acceleration config system hycrypto false 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to d...

Страница 311: ...ubnet from the OpenVPN server and other OpenVPN clients OpenVPN clients use Network Address Translation NAT to route traffic from devices connected on its LAN interfaces to the OpenVPN server The manner in which the IP subnets are defined depends on the OpenVPN topology in use The IX10 device supports two types of OpenVPN topology OpenVPN Topology Subnet definition method net30 Each OpenVPN client...

Страница 312: ...rd interface configuration for example a standard DHCP server configuration l TAP Device only An alternate form of OpenVPN bridging mode in which the device rather than OpenVPN controls the interface configuration If this method is is the OpenVPN server must be included as a device in either an interface or a bridge n The firewall zone to be used by the OpenVPN server n The IP network and subnet m...

Страница 313: ...n The TCP UDP port to use By default the IX10 device uses port 1194 n Access control list configuration to restrict access to the OpenVPN server through the firewall n Additional OpenVPN parameters Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Rem...

Страница 314: ...To disable toggle off Enable 5 For Device type select the mode used by the OpenVPN server either n TUN OpenVPN managed n TAP OpenVPN managed n TAP Device only See OpenVPN for information about OpenVPN server modes 6 If TUN OpenVPN managed or TAP OpenVPN managed is selected for Device type a For Zone select the firewall zone for the OpenVPN server For TUN device types this should be set to Internal...

Страница 315: ...ame password Uses both certificates and a username and password for client authentication Each client requires a public and private key and you must create an OpenVPN authentication group and user See Configure an OpenVPN Authentication Group and User for instructions b Paste the contents of the CA certificate usually in a ca crt file the Public key for example server crt the Private key for examp...

Страница 316: ...ually set additional OpenVPN parameters a Click Enable to enable the use of additional OpenVPN parameters b Click Override if the additional OpenVPN parameters should override default options c For OpenVPN parameters type the additional OpenVPN parameters 12 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console ...

Страница 317: ...PN bridging mode in which the device rather than OpenVPN controls the interface configuration If this method is is the OpenVPN server must be included as a device in either an interface or a bridge See OpenVPN for information about OpenVPN modes The default is tun 5 If tap or tun are set for device_type a Set the IP address and subnet mask of the OpenVPN server config vpn openvpn server name addre...

Страница 318: ... set to 80 the first client IP address will be 192 168 1 80 The default is from 80 ii Set the last address in the range limit config vpn openvpn server name server_last_ip value config vpn openvpn server name where value is a number between 1 and 255 The number entered here will represent the last client IP address For example if address is set to 192 168 1 1 24 and server_last_ip is set to 99 the...

Страница 319: ...ue of the cacert parameter config vpn openvpn server name cacert value config vpn openvpn server name iii Paste the contents of the public key for example server crt into the value of the server_cert parameter config vpn openvpn server name server_cert value config vpn openvpn server name iv Paste the contents of the private key for example server key into the value of the server_key parameter con...

Страница 320: ...cl interface end value config vpn openvpn server name Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config vpn openvpn server name network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth ETH loopback Loopback modem Modem config vpn openvpn...

Страница 321: ... config vpn openvpn server name c Set the additional OpenVPN parameters config vpn openvpn server name extra parameters config vpn openvpn server name 10 Save the configuration and apply the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Confi...

Страница 322: ...in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Add an OpenVPN authentication group a Click Authentication Groups b For Add Group type a name for the group for example OpenVPN_Group and click The new authe...

Страница 323: ...this group will have access g Repeat to add additional OpenVPN tunnels 4 Add an OpenVPN authentication user a Click Authentication Users b For Add type a name for the user for example OpenVPN_User and click c Type a password for the user This password is used for local authentication of the user You can also configure the user to use RADIUS or TACACS authentication by configuring authentication me...

Страница 324: ... Networks VPN OpenVPN IX10 User Guide 324 d Click to expand the Groups node e Click to add a group to the user f Select a Group with OpenVPN access enabled 5 Click Apply to save the configuration and apply the change ...

Страница 325: ..._Group 4 Enable OpenVPN access rights for users of this group config auth group OpenVPN_Group acl openvpn enable true 5 Add an OpenVPN tunnel to which users of this group will have access a Determine available tunnels config auth group OpenVPN_Group vpn openvpn server Servers A list of openvpn servers Additional Configuration OpenVPN_server1 OpenVPN server config auth group OpenVPN_Group b Add a t...

Страница 326: ...PN client if configured on the OpenVPN server See Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the ...

Страница 327: ...ehavior and configure the client manually click Use ovpn file to disable If Use ovpn file is disabled see Configure an OpenVPN client without using an ovpn file for configuration information 7 For Zone select the firewall zone for the OpenVPN client 8 Optional Select the Metric for the OpenVPN client If multiple active routes match a destination the route with the lowest metric will be used 9 Opti...

Страница 328: ...nt name where name is the name of the OpenVPN server The OpenVPN client is enabled by default To disable the client type config vpn openvpn client name enable false config vpn openvpn client name 4 Set the firewall zone for the OpenVPN client config vpn openvpn client name zone value config vpn openvpn client name To view a list of available zones config vpn openvpn client name zone Zone The zone ...

Страница 329: ... quit to disconnect from the device Configure an OpenVPN client without using an ovpn file Required configuration items n Enable the OpenVPN client The OpenVPN client is enabled by default n The mode used by the OpenVPN server either routing TUN or bridging TAP n The firewall zone to be used by the OpenVPN client n The IP address of the OpenVPN server n Certificates and keys l The CA certificate u...

Страница 330: ...te Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN OpenVPN Clients 4 For Add type a name for the OpenVPN client and click The new OpenVPN client configuration is displayed ...

Страница 331: ... port used by the OpenVPN server The default is 1194 13 Paste the contents of the CA certificate usually in a ca crt file the Public key for example client crt and the Private key for example client key into their respective fields The contents will be hidden when the configuration is saved 14 Optional Click to expand Advanced Options to manually set additional OpenVPN parameters a Click Enable to...

Страница 332: ...name 4 The default behavior is to use an OVPN file for client configuration To disable this behavior and configure the client manually config vpn openvpn client name use_file false config vpn openvpn client name 5 Set the mode used by the OpenVPN server config vpn openvpn client name device_type value config vpn openvpn client name where value is either tun or tap The default is tun 6 Set the fire...

Страница 333: ...n openvpn client name The default is 1194 11 Paste the contents of the CA certificate usually in a ca crt file into the value of the cacert parameter config vpn openvpn client name cacert value config vpn openvpn client name 12 Paste the contents of the public key for example client crt into the value of the public_cert parameter config vpn openvpn client name public_cert value config vpn openvpn ...

Страница 334: ...an OpenVPN client without using an ovpn file for configuration instructions n Enable OpenVPN active recovery n The behavior of the IX10 device upon OpenVPN failure either l Restart the OpenVPN interface l Reboot the device Additional configuration items n The interval between connectivity tests n Whether the interface should be considered to have failed if one of the test targets fails or all of t...

Страница 335: ...evice Configuration The Configuration window is displayed 3 Click VPN OpenVPN Clients 4 Create a new OpenVPN client or select an existing one n To create a new OpenVPN client see Configure an OpenVPN client by using an ovpn file or Configure an OpenVPN client without using an ovpn file n To edit an existing OpenVPN client click to expand the appropriate client ...

Страница 336: ...or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Response timeou...

Страница 337: ...nding an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be d...

Страница 338: ...ient1 5 To configure the device to restart the interface when its connection is considered to have failed config vpn openvpn client openvpn_client1 surelink restart true config vpn openvpn client openvpn_client1 This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 6 To configure the device to reboot when the interface is considered to have failed con...

Страница 339: ...ays hours minutes or seconds and takes the format number w d h m s For example to set timeout to ten minutes enter either 10m or 600s config vpn openvpn client openvpn_client1 surelink timeout 600s config vpn openvpn client openvpn_client1 The default is 15 seconds 11 Configure test targets a Add a test target config vpn openvpn client openvpn_client1 add surelink target end config vpn openvpn cli...

Страница 340: ...pn client openvpn_client1 surelink target 0 http_url value config vpn openvpn client openvpn_client1 surelink target 0 where value uses the format http s hostname path n interface_up The interface is considered to be down based on the interfaces down time and the amount of time an initial connection to the interface takes before this test is considered to have failed l Optional Set the amount of t...

Страница 341: ...e a failover or coupled relationship between interfaces config vpn openvpn client openvpn_client1 surelink target 0 other value config vpn openvpn client openvpn_client1 surelink target 0 If other is set o Set the alternate interface to be tested i Use the to determine available interfaces ii Set the interface For example config vpn openvpn client openvpn_client1 surelink target 0 other_interface ...

Страница 342: ... can view status and statistics for OpenVPN servers from either the web interface or the command line Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu select Status OpenVPN Servers The OpenVPN Servers page appears 3 To view configuration details about an OpenVPN server click the configuration icon in the upper right of the OpenVPN server s status pane Command line 1 Select t...

Страница 343: ...eb 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu select Status OpenVPN Clients The OpenVPN Clients page appears 3 To view configuration details about an OpenVPN client click the configuration icon in the upper right of the OpenVPN client s status pane Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a...

Страница 344: ... Enable true Status up Username user1 IP address 123 122 121 120 Remote 120 121 122 123 MTU 1492 Zone internal IP Address 192 168 30 1 24 Port 1194 Use File true Metric 0 Protocol udp Port 1194 Type tun 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 345: ...quired configuration items n A GRE loopback endpoint interface n GRE tunnel configuration l Enable the GRE tunnel The GRE tunnels are enabled by default l The local endpoint interface l The IP address of the remote device peer Additional configuration items n A GRE key n Enable the device to respond to keepalive packets Task One Create a GRE loopback endpoint interface Web 1 Log into Digi Remote M...

Страница 346: ...Ethernet 7 For Zone select Internal 8 For Device select Ethernet Loopback 9 Click to expand IPv4 10 For Address enter the IP address and subnet mask of the local GRE endpoint for example 10 10 1 1 24 11 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with f...

Страница 347: ...to set the local GRE endpoint s IP address and subnet mask to 10 10 1 1 24 config network interface gre_interface ipv4 address 10 10 1 1 24 config network interface gre_interface 7 Save the configuration and apply the change config network interface gre_interface save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access se...

Страница 348: ...ional For Key enter a key that will be inserted in GRE packets created by this tunnel It must match the key set by the remote endpoint Allowed value is an interger between 0 and 4294967295 or an IP address 9 Optional Enable keepalive reply to enable the device to reply to Cisco GRE keepalive packets 10 Click Apply to save the configuration and apply the change Command line 1 Select the device in R...

Страница 349: ... remote peer config vpn iptunnel gre_example remote ip_address config vpn iptunnel gre_example 6 Optional Set a key that will be inserted in GRE packets created by this tunnel The key must match the key set by the remote endpoint config vpn iptunnel gre_example key value config vpn iptunnel gre_example where value is an interger between 0 and 4294967295 or an IP address 7 Optional Enable the devic...

Страница 350: ...view information about currently configured GRE tunnels Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click Status IP tunnels The IP Tunnelspage appears 3 To view configuration details about a GRE tunnel click the configuration icon in the upper right of the tunnel s status pane ...

Страница 351: ... 0 2 32 2 Create an IPsec endpoint interface named ipsec_endpoint1 a Zone set to Internal b Device set to Ethernet Loopback c IPv4 Address set to the IP address of the local GRE tunnel 172 30 0 1 32 3 Create a GRE tunnel named gre_tunnel1 a Local endpoint set to the IPsec endpoint interface Interface ipsec_endpoint1 b Remote endpoint set to the IP address of the GRE tunnel on IX10 2 172 30 0 2 4 C...

Страница 352: ...amed gre_interface2 and add it to the GRE tunnel a Zone set to Internal b Device set to IP tunnel gre_tunnel2 c IPv4 Address set to a virtual IP address on the GRE tunnel 172 31 0 2 30 Configuration procedures Configure the IX10 1 device Task one Create an IPsec tunnel Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device config...

Страница 353: ...e testkey 7 Click to expand Remote endpoint 8 For Hostname type public IP address of the IX10 2 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 1 32 14 For Remote network type the IP address and subnet of the remote GRE tunn...

Страница 354: ...y to testkey config vpn ipsec tunnel ipsec_gre1 auth secret testkey config vpn ipsec tunnel ipsec_gre1 5 Set the remote endpoint to public IP address of the IX10 2 device config vpn ipsec tunnel ipsec_gre1 remote hostname 192 168 101 1 config vpn ipsec tunnel ipsec_gre1 6 Add a policy config vpn ipsec tunnel ipsec_gre1 add policy end config vpn ipsec tunnel ipsec_gre1 policy 0 7 Set the local netw...

Страница 355: ...y the change config ipsec tunnel ipsec_gre1 policy 0 save Configuration saved Task two Create an IPsec endpoint interface Web 1 Click Network Interface 2 For Add Interface type ipsec_endpoint1 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 1 32 7 Click Apply to save the configurati...

Страница 356: ...ice loopback config network interface ipsec_endpoint1 device network device loopback config network interface ipsec_endpoint1 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 1 32 config network interface ipsec_endpoint1 ipv4 address 172 30 0 1 32 config network interface ipsec_endpoint1 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoint1 ...

Страница 357: ...unnel1 config vpn iptunnel gre_tunnel1 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint1 config vpn iptunnel gre_tunnel1 local network interface ipsec_ endpoint1 config vpn iptunnel gre_tunnel1 4 Set the remote endpoint to the IP address of the GRE tunnel on IX10 2 172 30 0 2 config vpn iptunnel gre_tunnel1 remote 172 30 0 2 config vpn i...

Страница 358: ...nel created in Task three IP tunnel gre_tunnel1 5 Click to expand IPv4 6 For Address type 172 31 0 1 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface1 config add network interface gre_interface1 config network inte...

Страница 359: ...ace1 6 Save the configuration and apply the change config network interface gre_interface1 save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the IX10 2 device Task one Create an IPsec tunnel Web 1 Log into Digi Remote Manager or log into the local Web...

Страница 360: ...t was configured for the IX10 1 testkey 7 Click to expand Remote endpoint 8 For Hostname type public IP address of the IX10 1 device 9 Click to expand Policies 10 For Add Policy click to add a new policy 11 Click to expand Local network 12 For Type select Custom network 13 For Address type the IP address and subnet of the local GRE tunnel 172 30 0 2 32 14 For Remote network type the IP address and...

Страница 361: ...hat was configured for the IX10 1 testkey config vpn ipsec tunnel ipsec_gre2 auth secret testkey config vpn ipsec tunnel ipsec_gre2 5 Set the remote endpoint to public IP address of the IX10 1 device config vpn ipsec tunnel ipsec_gre2 remote hostname 192 168 100 1 config vpn ipsec tunnel ipsec_gre2 6 Add a policy config vpn ipsec tunnel ipsec_gre2 add policy end config vpn ipsec tunnel ipsec_gre2 ...

Страница 362: ...he change config vpn ipsec tunnel ipsec_gre2 policy 0 save Configuration saved Task two Create an IPsec endpoint interface Web 1 Click Network Interfaces 2 For Add Interface type ipsec_endpoint2 and click 3 For Zone select Internal 4 For Device select Ethernet loopback 5 Click to expand IPv4 6 For Address type the IP address of the local GRE tunnel 172 30 0 2 32 7 Click Apply to save the configura...

Страница 363: ... device loopback config network interface ipsec_endpoint2 device network device loopback config network interface ipsec_endpoint2 5 Set the IPv4 address to the IP address of the local GRE tunnel 172 30 0 2 32 config network interface ipsec_endpoint2 ipv4 address 172 30 0 2 32 config network interface ipsec_endpoint2 6 Save the configuration and apply the change config vpn ipsec tunnel ipsec_endpoi...

Страница 364: ...unnel2 config vpn iptunnel gre_tunnel2 3 Set the local endpoint to the IPsec endpoint interface created in Task two network interface ipsec_endpoint2 config vpn iptunnel gre_tunnel2 local network interface ipsec_ endpoint2 config vpn iptunnel gre_tunnel2 4 Set the remote endpoint to the IP address of the GRE tunnel on IX10 1 172 30 0 1 config vpn iptunnel gre_tunnel2 remote 172 30 0 1 config vpn i...

Страница 365: ...nel created in Task three IP tunnel gre_tunnel2 5 Click to expand IPv4 6 For Address type 172 31 0 2 30 for a virtual IP address on the GRE tunnel 7 Click Apply to save the configuration and apply the change Command line 1 At the command line type config to enter configuration mode config config 2 Add an interface named gre_interface2 config add network interface gre_interface2 config network inte...

Страница 366: ... you may be presented with an Access selection menu Type quit to disconnect from the device L2TP Your IX10 device supports PPP over L2TP Layer 2 Tunneling Protocol Configure a PPP over L2TP tunnel Your IX10 device supports PPP over L2TP Layer 2 Tunneling Protocol The tunnel endpoints are known as L2TP Access Concentrators LAC and L2TP Network Servers LNS Each endpoint terminates the PPP session Re...

Страница 367: ...tion method l The metric for the tunnel l Enable custom PPP configuration options for the tunnel o Whether to override the default configuration and only use the custom options o Optional configuration data in the format of a pppd options file Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a L...

Страница 368: ... to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s service type Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that ca...

Страница 369: ...f the custom configuration should override the default configuration and only use the custom options iii For Configuration file paste or type the configuration data in the format of a pppd options file k For SureLink see Configure SureLink active recovery for PPP over L2TP 7 To add an L2TP network server a Click to expand L2TP network servers b For Add L2TP network server type a name for the LNS a...

Страница 370: ...ional Custom PPP configuration i Enable custom PPP configuration ii Enable Override if the custom configuration should override the default configuration and only use the custom options iii For Configuration file paste or type the configuration data in the format of a pppd options file 8 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager a...

Страница 371: ... service type Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX10 device config add vpn l2tp acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additio...

Страница 372: ...pn l2tp lac name config add vpn l2tp lac name where name is the name of the LAC For example to add an LAC named lac_tunnel config add vpn l2tp lac lac_tunnel config vpn l2tp lac lac_tunnel LACs are enabled by default To disable config vpn l2tp lac lac_tunnel enable false config vpn l2tp lac lac_tunnel b Set the hostname or IP address of the L2TP network server config vpn l2tp lac lac_tunnel lns ho...

Страница 373: ...rewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel i Use the to determine available zones config vpn l2tp lac lac_tunnel zone Zone The firewall zone assigned to this tunnel This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel Format any dynamic_routes edge ext...

Страница 374: ...n LNS named lns_server config add vpn l2tp lns lns_server config vpn l2tp lns lns_server LACs are enabled by default To disable config vpn l2tp lns lns_server enable false config vpn l2tp lns lns_server b Set the IP address of the L2TP access concentrator that this server will allow connections from config vpn l2tp lns lns_server lac IP_address config vpn l2tp lns lns_server This can also be n A r...

Страница 375: ... lns lns_server password password config vpn l2tp lns lns_server The default is none f Optional Set the metric for the tunnel config vpn l2tp lns lns_server metric int config vpn l2tp lns lns_server where int is an integer between 0 and 65535 The default is 1 g Set the firewall zone for the tunnel This is used by packet filtering rules and access control lists to restrict network traffic on the tu...

Страница 376: ...change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure SureLink active recovery for PPP over L2TP You can configure the IX10 device to regularly probe PPP over L2TP access concatenators to determine if the connection has failed and take remed...

Страница 377: ... with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click VPN PPP over L2TP 4 Create a new PPP ...

Страница 378: ...minutes or seconds and take the format number w d h m s For example to set Interval to ten minutes enter 10m or 600s The default is 15 minutes 10 For Success condition determine whether the interface should fail over based on the failure of one of the test targets or all of the test targets 11 For Attempts type the number of probe attempts before the WAN is considered to have failed 12 For Respons...

Страница 379: ...ding an HTTP or HTTPS GET request to the URL specified in Web servers The URL should take the format of http s hostname path n Test DNS servers configured for this interface Tests connectivity by sending a DNS query to the DNS servers configured for this interface n Test the interface status The interface is considered to be down based on l Down time The amount of time that the interface can be do...

Страница 380: ...onfig vpn l2tp lac lac_tunnel 5 To configure the device to restart the interface when its connection is considered to have failed config vpn l2tp lac lac_tunnel surelink restart true config vpn l2tp lac lac_tunnel This is useful for interfaces that may regain connectivity after restarting such as a cellular modem 6 To configure the device to reboot when the interface is considered to have failed c...

Страница 381: ...ample to set interval to ten minutes enter either 10m or 600s config vpn l2tp lac lac_tunnel surelink timeout 600s config vpn l2tp lac lac_tunnel The default is 15 seconds 11 Configure test targets a Add a test target config vpn l2tp lac lac_tunnel add surelink target end config vpn l2tp lac lac_tunnel surelink target 0 b Set the test type config vpn l2tp lac lac_tunnel surelink target 0 test valu...

Страница 382: ... interface takes before this test is considered to have failed l Optional Set the amount of time that the interface can be down before this test is considered to have failed config vpn l2tp lac lac_tunnel surelink target 0 interface_down_time value config vpn l2tp lac lac_tunnel surelink target 0 where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s...

Страница 383: ...ue config vpn l2tp lac lac_tunnel surelink target 0 where value is one of any both ipv4 or ipv6 o Set the expected status of the alternate interface config vpn l2tp lac lac_tunnel surelink target 0 other_ status value config vpn l2tp lac lac_tunnel surelink target 0 where value is either up or down For example if other_status is set to down but the alternate interface is determined to be up then t...

Страница 384: ...ow the status of L2TP network servers from the WebUI 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu select Status Under VPN select L2TP Network Servers The L2TP Network Servers page appears 3 To view configuration details about an L2TP network server click the configuration icon in the upper right of the tunnel s status pane Command line Show the status of L2TP access connecto...

Страница 385: ...dmin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 To display details about all configured L2TP access connectors type the following at the prompt show l2tp lns Name Enabled Status Device lns_test1 true up test_device0 lns_test2 true pending 3 To display details about a specific tunnel show l2tp lns name...

Страница 386: ...elected l The ID for the tunnel l The ID of the peer s tunnel l Determine whether to enable UDP checksum n The session cookie n The peer session cookie n The Layer2SpecificHeader type n The Sequence numbering control Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as descri...

Страница 387: ...check the UDP checksum 10 Click to expand Sessions a For Add Sesssion type a name for a session carried by the parent tunnel and click b For Session ID type the session identifier for this session This must match the value for Peer session ID on the remote peer Allowed value is any integer between 1 and 4294967295 c For Peer session ID type the Session ID of the remote peer d Optional For Cookie t...

Страница 388: ...The tunnel is enabled by default To disable config vpn l2tpeth L2TPv3_example enable false config vpn l2tpeth L2TPv3_example 4 Set the IPv4 address of the remote endpoint config vpn l2tpeth L2TPv3_example remote IP_address config vpn l2tpeth L2TPv3_example 5 Set the interface of the local endpoint i Use the to determine available interfaces ii Set the interface For example config vpn l2tpeth L2TPv...

Страница 389: ...ession_example config vpn l2tpeth L2TPv3_example session_example 10 Set the session identifier for this session This must match the value for peer session ID on the remote peer config vpn l2tpeth L2TPv3_example session_example session_id value config vpn l2tpeth L2TPv3_example session_example where value is any integer between 1 and 4294967295 11 Set the session ID of the remote peer config vpn l2...

Страница 390: ...ved out of order The default is none 16 Save the configuration and apply the change config save Configuration saved 17 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show L2TPV3 tunnel status Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu select Status Under V...

Страница 391: ...yptes 3 120 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device NEMO Network Mobility NEMO is a mobile networking technology that provides access to one or more Local Area Networks LANs on your device NEMO creates a tunnel between the home agent on the mobile private network and the IX10...

Страница 392: ...your cellular carrier n The local network interfaces that will be advertised on NEMO Additional configuration items n The home agent Software Parameter Index SPI n Path MTU discovery Path MTU discovery is enabled by default If it is disabled identify the MTU n Care of address the local network interface that is used to communicate with the peer l If set to Interface identify the local interface to...

Страница 393: ...irewall zone configures the IX10 device to trust traffic going to the tunnel and allows it through the network 6 For Home agent server IP address type the IPv4 address of the NEMO home agent This is provided by your cellular carrier 7 For Key type the key used to authenticate to the home agent This is provided by your cellular carrier 8 For Home agent SPI type the Security Parameter Index SPI valu...

Страница 394: ...int negotiated by NEMO n If Default route is selected the network interface that is used will be the same as the default route n If Interface is selected specify the local network interface The default is Default route 13 Click to expand Local networks a For Add Interface click to add a local network to use as a virtual NEMO network interface b For Interface select the local interface to use as a ...

Страница 395: ...nemo_example Allowed values are any integer between 1 and 65535 8 MTU discovery is enabled by default which allows the device to determine the maximum transmission unit MTU size To disable config vpn nemo nemo_example mtu_discovery false config vpn nemo nemo_example If disabled set the MTU size The default MTU size for LANs on the IX10 device is 1500 The MTU size of the NEMO tunnel will be smaller...

Страница 396: ... coaddress interface eth1 config vpn nemo nemo_example n ip If ip is used set the IP address config vpn nemo nemo_example coaddress address IP_address config vpn nemo nemo_example The default is defaultroute 12 Set the GRE tunnel local endpoint a Set the method to determine the GRE tunnel local endpoint config vpn nemo nemo_example tun_local type value config vpn nemo nemo_example where value is o...

Страница 397: ...n access 2 On the menu select Status NEMO The NEMO page appears 3 To view configuration details about an NEMO tunnel click the configuration icon in the upper right of the tunnel s status pane Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you ma...

Страница 398: ...ce modem GRE Tunnel 10 10 10 1 4 3 2 1 Metric 255 MTU 1476 Lifetime Actual 600 Local Network Subnet Status lan1 192 168 2 1 24 Advertized LAN2 192 168 3 1 24 Advertized 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 399: ...ss 414 Use SSH with key authentication 422 Configure telnet access 425 Configure DNS 430 Simple Network Management Protocol SNMP 438 Location information 445 Modbus gateway 476 System time 494 Network Time Protocol 498 Configure a multicast route 505 Enable service discovery mDNS 508 Use the iPerf service 511 Configure the ping responder service 516 IX10 User Guide 399 ...

Страница 400: ...See Set the idle timeout for IX10 users for information about setting the inactivity timeout for the web administration and SSH services To allow web administration or SSH for the External firewall zone Add the External firewall zone to the web administration service Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configur...

Страница 401: ...lect the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the external zone to the web administration serv...

Страница 402: ... External firewall zone to the SSH service Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configur...

Страница 403: ...Services Allow remote access for web administration and SSH IX10 User Guide 403 4 For Add Zone click 5 Select External 6 Click Apply to save the configuration and apply the change ...

Страница 404: ...to monitor and configure the IX10 device by using the WebUI a browser based interface By default the web administration service is enabled and uses the standard HTTPS port 443 The default access control for the service uses the Internal firewall zone which means that only devices connected to the IX10 s LAN can access the WebUI If this configuration is sufficient for your needs no further configur...

Страница 405: ...ion Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Web administration 4 Click Enable 5 Click Apply to save the configuration and apply the c...

Страница 406: ...iguration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the service Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manage...

Страница 407: ...vice d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s web administration service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No...

Страница 408: ...ertificate and private key must be in PEM format n The private key can use one of the following algorithms l RSA l DSA l ECDSA l ECDH Note Password protected certificate keys are not supported Example a Generate the SSL certificate and private key for example openssl req newkey rsa 2048 nodes keyout key pem x509 days 365 out certificate pem b Paste the contents of certificate pem and key pem into ...

Страница 409: ...rol n To limit access to specified IPv4 addresses and networks config add service web_admin acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the web administratrion service Repeat this step to list additional IP addresses or networks n To limit acce...

Страница 410: ...d on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config Repeat this step to list additional firewall ...

Страница 411: ...GptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi dRyRi4vr7...

Страница 412: ...9Stn VicrmROjojQk sRGxR7fDixaGZolUwcRg7N7SH y3zA7SDp4WvhjFeKFR8b6O1d4 PFnWO2envUUiE 50ZoPFWsv1o8eK2XT67Qbn56t9NB5a7QPvzSSR7jG77QKBgD w BrqTT9wl4DBrsxEiLK 1g0 iMKCm8dkaJbHBMgsuw1m7 K fAzwBwtpWk21alGX Ly3eX2j9zNGwMYfXjgO1hViRxQEgNdqJyk9fA2gsMtYltTbymVYHyzMweMD88fRC Ey2FlHfxIfPeE7MaHNCeXnN5N56 MCtSUJcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi 4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ 0siGsw...

Страница 413: ... client HTTP requests to the HTTPS service Legacy port redirection is enabled by default and normally these settings should not be changed To disable legacy port redirection config service web_admin legacy enable false config 9 Save the configuration and apply the change config save Configuration saved 10 Type exit to exit the Admin CLI Depending on your device configuration you may be presented w...

Страница 414: ...SSH service n Multicast DNS mDNS support n A private key to use for communications with the SSH service n Create custom SSH configuration settings See Set the idle timeout for IX10 users for information about setting the inactivity timeout for the SSH service Enable or disable the SSH service The SSH service is enabled by default To disable the service or enable it if it has been disabled Web 1 Lo...

Страница 415: ...ed with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable or disable the SSH service n To enable the service config service ssh enable true config n To disable the sevice config service ssh enable false config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to ex...

Страница 416: ...ngs d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services SSH 4 Optional For Port enter the port number for the service Normally this should not be changed 5 Click Access control list to configure access control n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses...

Страница 417: ... dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 6 Multicast DNS mDNS is enabled by default mDNS is a protoc...

Страница 418: ... To limit access to specified IPv4 addresses and networks config add service ssh acl address end value config Where value can be l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SSH service Repeat this step to list additional IP addresses or networks n To limit access to specified IPv6 addres...

Страница 419: ...ice ssh acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zones A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loo...

Страница 420: ...m SSH configuration settings a Enable custom configurations config service ssh custom enable true config b To override the standard SSH configuration and only use the config_file parameter config service ssh custom override true config n If override is set to true entries in Configuration file will be used in place of the standard SSH configuration n If override is set to false entries in Configur...

Страница 421: ... 421 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 422: ... the user s ssh directory The private and public keys are named id_rsa and id_rsa pub If you need to generate an SSH key pair you can use the ssh keygen application For example the following entry generates an RSA key pair in the user s ssh directory ssh keygen t rsa f ssh id_rsa The private key file is named id_rsa and the public key file is named id_rsa pub The pub extension is automatically app...

Страница 423: ...e configuration and apply the change Command line You can add configure passwordless SSH login for an existing user or include the support when creating a new user See User authentication for information about creating a new user These instructions assume an existing user named temp_user 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as...

Страница 424: ...blic SSH key which you can enter by pasting or typing a public encryption key that this user can use for passwordless SSH login 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 425: ...n Multicast DNS mDNS support See Set the idle timeout for IX10 users for information about setting the inactivity timeout for the telnet service Enable the telnet service The telnet service is disabled by default To enable the service Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate you...

Страница 426: ...with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Enable the telnet service config service telnet enable true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access sel...

Страница 427: ...net 4 Optional For Port enter the port number for the service Normally this should not be changed 5 Click Access control list to configure access control n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the IPv4 address or network that can access the device s telnet service Allowed values are l A single IP address or host...

Страница 428: ... zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 6 Multicast DNS mDNS is disabled by default mDNS is a protocol that resolves host names in small networks that do not have a DNS server To enable mDNS click Enable mDNS 7 Click Apply to save the configuration and apply the change Command line 1 Sel...

Страница 429: ...ice config add service telnet acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth ETH loopback Loopback modem Modem config Repeat this step to list add...

Страница 430: ...t setting of 23 normally should not be changed config service telnet port 25 config 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure DNS The IX10 device includes a caching DNS server which forwards...

Страница 431: ...t names and their IP addresses The device is configured by default with the hostname digi device which corresponds to the 192 168 210 1 IP address To configure the DNS server Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and...

Страница 432: ...a specified interface on the IX10 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information a...

Страница 433: ...cess rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Configure access control n To limit access to specified IPv4 addresses and networks config add service dns acl address end value config Where value can be l A single IP address or host ...

Страница 434: ...lt IP defaultlinklocal Default Link local IP eth ETH loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service dns acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at the config prompt config firewall zone Zo...

Страница 435: ...6 Optional Rebind protection By default rebind protection is disabled If enabled this prevents upstream DNS servers from returning private IP addresses To enable config service dns stop_dns_rebind false config 7 Optional Allow localhost rebinding By default localhost rebinding is enabled by default if rebind protection is enabled This is useful for Real time Black List RBL servers To disable confi...

Страница 436: ... the change config save Configuration saved 11 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Show DNS server You can display status for DNS servers This command is available only at the Admin CLI Command line Show DNS information 1 Select the device in Remote Manager and click Action...

Страница 437: ...h1 fe80 227 4ff fe2b ae12 eth1 fe80 227 4ff fe44 105b eth1 fe80 240 ffff fe80 23b0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 438: ...onfigure the SNMP access control list to allow the device to receive the packets See Configure Simple Network Management Protocol SNMP Configure Simple Network Management Protocol SNMP Required configuration items n Enable SNMP n Firewall configuration using access control to allow remote connections to the SNMP agent n The user name and password used to connect to the SNMP agent Additional config...

Страница 439: ...llowed values are l A single IP address or host name l A network designation in CIDR notation for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the SNMP agent d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network tha...

Страница 440: ...es in small networks that do not have a DNS server To enable mDNS click Enable mDNS 10 Optional Select the Authentication type either MD5 or SHA The default is MD5 11 Optional Type the Privacy passphrase If not set the password entered above is used 12 Optional Select the Privacy protocol either DES or AES The default is DES 13 Optional Click Enable version 2c access to enable read only access to ...

Страница 441: ...s the SNMP service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX10 device config add service snmp acl interface end value config Where value is an interface defined on your device Display a list of available interfaces Use network interface to display interface information config network interface Interface...

Страница 442: ...username name config 6 Set the password for the user that will be used to connect to the SNMP agent config service snmp password pwd config 7 Optional Set the port number for the SNMP agent The default is 161 config service snmp port port config 8 Optional Configure Multicast DNS mDNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server For the SNMP agent mDN...

Страница 443: ...ng on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Download MIBs This procedure is available from the WebUI only Required configuration items n Enable SNMP To download a zip archive of the SNMP MIBs supported by this device Web 1 Log into the IX10 WebUI as a user with Admin access 2 Enable SNMP See Configure Simple Network Man...

Страница 444: ...Services Simple Network Management Protocol SNMP IX10 User Guide 444 The SNMP page is displayed 4 Click Download ...

Страница 445: ... device to forward location messages either from the IX10 device or from external sources to a remote host Additionally the device can be configured to use a geofence to allow you to determine actions that will be taken based on the physical location of the device This section contains the following topics Configure the location service 446 Enable or disable modem GNSS support 448 Configure the de...

Страница 446: ...er or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Cl...

Страница 447: ...d based on the order that the location sources are listed here 7 For information about configuring Destination servers see Forward location information to a remote host 8 For information about configuring Geofence see Configure geofencing 9 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX...

Страница 448: ... Type quit to disconnect from the device Enable or disable modem GNSS support To disable support for the modem s GNSS receiver or enable it if it has been disabled Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage you...

Страница 449: ...icon next to the modem location source b Click Delete 8 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CL...

Страница 450: ...ation source config service location source 0 label label config 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure the device to use a user defined static location You can configured your IX10 devic...

Страница 451: ...or to enable it if it has been disabled 8 For Latitude type the latitude of the device Allowed values are 90 and 90 with up to six decimal places 9 For Longitude type the longitude of the device Allowed values are 180 and 180 with up to six decimal places 10 For Altitude type the altitude of the device Allowed values are an integer followed by m or km for example 100m or 1km 11 Click Apply to save...

Страница 452: ... the device config service location source coordinates latitude int config service location source where int is any integer between 90 and 90 with up to six decimal places 7 Set the longitude of the device config service location source coordinates longitude int config service location source where int is any integer between 180 and 180 with up to six decimal places 8 Set the altitude of the devic...

Страница 453: ...DP port on the IX10 device that will be used to listen for incoming messages Required configuration items n The location server must be enabled n UDP port that the IX10 device will listen to for incoming location messages n Access control list configuration to provide access to the port through the firewall To configure the device to accept location messages from external sources Web 1 Log into Di...

Страница 454: ...for example 192 168 1 0 24 l any No limit to IPv4 addresses that can access the location server UDP port d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s location server UDP port Allowed values are l A single...

Страница 455: ...dmin CLI 2 At the command line type config to enter configuration mode config config 3 Add a location source config add service location source end config service location source 4 Optional Set a label for this location source config service location source label label config service location source 5 Set the type of location source to server config service location source type server config servi...

Страница 456: ...on messages will be forwarded n Location update interval which determines how often the device will forward location information to the remote hosts n A description of the remote hosts n Specific types of NMEA or TAIP messages that should be forwarded n If the message protocol is NMEA configure a talker ID to be used for all messages n Text that will be prepended to the forwarded message n A vehic...

Страница 457: ...ward interval multiplier select the number of Location update intervals to wait before forwarding location data to this server See Configure the location service for more information about setting the Location update interval 10 For NMEA filters select the filters that represent the types of messages that will be forwarded By default all message types are forwarded n To remove a filter a Click the...

Страница 458: ...ected a Select a Talker ID The talker ID is a two character prefix in the NMEA message that identifies the source type The talker ID set here will override the talker ID from all sources and all forwarded sentences will use the configured ID The default setting is Default which means that the talker ID provided by the source will be used b Determine the Behavior when fix is invalid n None No messa...

Страница 459: ...TCP or UDP port on the remote host to which location messages will be sent config service location forward 0 server_port 8000 config service location forward 0 7 Set the number of Location update intervals to wait before forwarding location data to this server See Configure the location service for more information about setting the Location update interval config service location forward 0 interv...

Страница 460: ...value is one of n none No messages are sent n empty Send messages with empty fields n last_fix Send messages with information from the last valid fix The default is empty 9 Optional Set the text to prepend to the forwarded message Two variables can be included in the prepended text n s Includes the IX10 device s serial number in the prepended text n v Includes the vehicle ID in the prepended text ...

Страница 461: ...type a Use the show command to determine the index number of the message type to be deleted config service location forward 0 show filter_nmea 0 gga 1 gll 2 gsa 3 gsv 4 rmc 5 vtg config service location forward 0 b Use the index number to delete the message type For example to delete the gsa index number 2 message type config service location forward 0 del filter_nmea 2 config service location for...

Страница 462: ...ip config service location forward 0 filter_taip b Use the add command to add the message type For example to add the id message type config service location forward 0 filter_taip add id end config service location forward 0 filter_taip 13 Save the configuration and apply the change config save Configuration saved 14 Type exit to exit the Admin CLI Depending on your device configuration you may be...

Страница 463: ...ts For each event type l Determine if the action s associated with the event type should be performed when the device boots inside or outside of the geofence boundary l The number of update intervals that should take place before the action s are taken Multiple actions can be configured for each type of event For each action l The type of action either a factory erase or executing a custom script ...

Страница 464: ...off Enable 5 For Update interval type the amount of time that the geofence should wait between polling for updated location data The default is one minute Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Update interval to ten minutes enter 10m or 600s 6 For Boundary type select the type of boundary that the geofence will ...

Страница 465: ...epresents a vertex of the polygon A vertex is the point at which two sides of a polygon meet c Type the Latitude and Longitude of one of the vertices of the polygon Allowed values are l For Latitude any integer between 90 and 90 with up to six decimal places l For Longitude any integer between 180 and 180 with up to six decimal places d Click again to add an additional point and continue adding po...

Страница 466: ...tion when the action is triggered l Custom script to execute a custom script when the action is triggered If Custom script is selected i Click to expand Custom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii E...

Страница 467: ...ipt when the action is triggered If Custom script is selected i Click to expand Custom script ii For Commands type the script that will be executed when the action is triggered If the script begins with then the proceeding file path will be used to invoke the script interpreter If not then the default shell will be used iii Enable Log script output to log the output of the script to the system log...

Страница 468: ...nable false config service location geofence test_geofence 4 Set the amount of time that the geofence should wait between polling for updated location data config service location geofence test_geofence update_interval value config service location geofence test_geofence where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set update...

Страница 469: ...meet i Add a vertex config service location geofence test_geofence add coordinates end config service location geofence test_geofence coordinates 0 ii Set the latitude and longitude of the vertex config service location geofence test_geofence coordinates 0 latitude int config service location geofence test_geofence coordinates 0 longitude int config service location geofence test_geofence coordina...

Страница 470: ...ervice location geofence test_geofence coordinates add end config service location geofence test_geofence coordinates 1 latitude 44 927220 config service location geofence test_geofence coordinates 1 longitude 93 39589 config service location geofence test_geofence coordinates 1 config service location geofence test_geofence coordinates add end config service location geofence test_geofence coordi...

Страница 471: ...prior to performing the actions config service location geofence test_geofence on_entry num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is set to 3 the actions will not be performed until the device has been inside the geofence for three minutes c Add an action i Type to return to the root of the configuration config service location geofence tes...

Страница 472: ...ervice location geofence test_geofence on_entry action 0 syslog_stdout true config service location geofence test_geofence on_entry action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_entry action 0 syslog_stderr true config service location geofence test_geofence on_entry action 0 iv Optional Set the maximum amount of system memory th...

Страница 473: ...ion geofence test_geofence on_exit bootup true config b Set the number of update_intervals that must take place prior to performing the actions config service location geofence test_geofence on_exit num_ intervals int config For example if the update interval is 1m one minute and the num_intervals is set to 3 the actions will not be performed until the device has been outside the geofence for thre...

Страница 474: ...ce location geofence test_geofence on_exit action 0 iii To log the errors from the script to the system log config service location geofence test_geofence on_exit action 0 syslog_stderr true config service location geofence test_geofence on_exit action 0 iv Optional Set the maximum amount of system memory that will be available for the script and it spawned processes config service location geofen...

Страница 475: ... about location information from either the WebUI or the command line Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the main menu click Status 3 Under Services click Location The device s current location is displayed along with the status of any configured geofences Command line Show location information 1 Select the device in Remote Manager and click Actions Open Console or log ...

Страница 476: ...location geofence command at the system prompt show location geofence Geofence Status State Transitions Last Transition test_geofence Up Inside 0 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Modbus gateway The IX10 supports the ability to function as a Modbus gateway to provide se...

Страница 477: ...ection type is serial o The serial port to be used l Modbus address or addresses to determine if messages should be forwarded to a destination device Additional configuration items n Server configuration l The packet mode l The maximum time between bytes in a packet l If the connection type is set to socket o The port to use o The inactivity timeout o Access control list l If the connection type i...

Страница 478: ... full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Modbus Gateway 4 Click Enable to ...

Страница 479: ...cket mode select RTU or RAW if Connection type is set to Socket or ASCII if Connection typeis set to Serial for the type of packet that will be used by this connection The default is RTU 6 For Packet idle gap type the maximum allowable time between bytes in a packet Allowed values are between 10 milliseconds and one second and take the format number ms s For example to set Packet idle gap to 20 mi...

Страница 480: ...ss or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the web administration service d Click again to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX10 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface f...

Страница 481: ...y this connection The default is RTU 6 For Packet idle gap type the maximum allowable time between bytes in a packet Allowed values are between 10 milliseconds and one second and take the format number ms s For example to set Packet idle gap to 20 milliseconds enter 20ms 7 If Connection type is set to Socket for Inactivity timeout type the amount of time to wait before disconnecting the socket whe...

Страница 482: ... For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 10 Optional Enable Send broadcast messages to configure the gateway to send broadcast messages to this client 11 For Response timeout type the maximum time to wait for a response to a me...

Страница 483: ...n different buses For example if there are two devices on two different buses that have the same Modbus address of 10 you can create two clients on the gateway n Client one l Modbus address filter set to 10 This will configure the gateway to deliver all messages that have the Modbus server address of 10 to this device n Client two l Modbus address filter set to 20 l Adjust Modbus server address se...

Страница 484: ...either socket or serial The default is socket n If connection_type is set to socket i Set the IP protocol config service modbus_gateway server test_modbus_server socket protocol value config service modbus_gateway server test_modbus_server where value is either tcp or udp ii Set the port config service modbus_gateway server test_modbus_server socket port config service modbus_gateway server test_m...

Страница 485: ...enter either 10m or 600s config service modbus_gateway server test_modbus_server inactivity_timeout 600s config service modbus_gateway server test_modbus_server n If connection_type is set to serial i Set the serial port i Use the to determine available serial ports config service modbus_gateway server test_modbus_ server serial port Serial Additional Configuration port1 Port 1 config service modb...

Страница 486: ...d service modbus_gateway server test_modbus_server config b Add a client config add service modbus_gateway client name config service modbus_gateway client name where name is a name for the client for example config add service modbus_gateway client test_modbus_client config service modbus_gateway client test_modbus_client The Modbus client is enabled by default To disable config service modbus_ga...

Страница 487: ...between 10 milliseconds and one second and take the format number ms s For example to set idle_gap to 20 milliseconds enter 20ms v Set the amount of time to wait before disconnecting the socket when it has become inactive config service modbus_gateway client test_modbus_client inactivity_timeout value config service modbus_gateway client test_modbus_client where value is any number of minutes or s...

Страница 488: ...t serial packet_mode value config service modbus_gateway client test_modbus_client where value is either rtu or ascii The default is rtu iii Set the maximum allowable time between bytes in a packet config service modbus_gateway client test_modbus_client serial idle_gap value config service modbus_gateway client test_modbus_client where value is any number between 10 milliseconds and one second and...

Страница 489: ... more of the filters the message is forwarded If it does not match the filters the message is not forwarded Allowed values are 1 through 255 or a hyphen separated range For example n To have this client filter for incoming messages that contain the Modbus address of 10 set the index 0 entry to 10 config service modbus_gateway client test_modbus_client filter 0 10 config service modbus_gateway clie...

Страница 490: ...This allows you to configure clients on the gateway that will forward messages to remote devices with the same Modbus address on different buses For example if there are two devices on two different buses that have the same Modbus address of 10 you can create two clients on the gateway n Client one l filter set to 10 This will configure the gateway to deliver all messages that have the Modbus serv...

Страница 491: ... device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Use the show modbus gateway command at the system prompt show modbus gateway Server Connection IP Address Port Uptime modbus_socket 10 4...

Страница 492: ...ections 4 Packet Errors 0 RX Broadcasts 0 RX Requests 12 TX Exceptions 0 TX Responses 12 Clients modbus_socket_41 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_socket_21 Address Translation Errors 0 Connection Errors 0 Packet Errors 0 RX Responses 4 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 modbus_serial_client ...

Страница 493: ...X10 User Guide 493 RX Timeouts 0 TX Broadcasts 0 TX Requests 4 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 494: ...NTP server providing NTP services to downstream devices See Network Time Protocol for more information about NTP server support You can also set the local date and time manually if there is no access to NTP servers See Manually set the system date and time for information Configure the system time This procedure is optional The IX10 device s default system time configuration uses the Digi NTP serv...

Страница 495: ... default value of the NTP server a Click NTP servers b For Server type a new server name n To add an NTP server a Click NTP servers b For Add Server click c For Server enter the hostname of the upstream NTP server that the device will use to synchronize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This...

Страница 496: ...r log messages It also affects actions that occur at a specific time of day Format Africa Abidjan Africa Accra Africa Addis_Ababa config 4 Optional Add an upstream NTP server that the device will use to synchronize its time to the appropriate location in the list of NTP servers The default setting is time devicecloud com n To delete the default NTP server time devicecloud com config del service nt...

Страница 497: ... Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Test the configured NTP servers for connectivity system time test Testing NTP server time devicecloud com on UDP port 123 server 52 2 40 158 stratum 2 offset 0 000216 delay 0 05800 server 35 164 164 69 stratum 2 offset 0 000991 delay 0 07188 24 Aug 22 ...

Страница 498: ...l command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Set the device s local date and time system time set value where value is the The date in year month day hour minute second format For example system time set 2022 05 31 9 03 04 3 Type exit to exit the Admin CLI Depend...

Страница 499: ...etting is the Digi NTP server time devicecloud com Additional Configuration Options n Additional upstream NTP servers n Access control list to limit downstream access to the IX10 device s NTP service n The time zone setting if the default setting of UTC is not appropriate To configure the IX10 device s NTP service Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full ...

Страница 500: ...ck again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s NTP service Allowed values are l A single IP address or host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses ...

Страница 501: ...pstream NTP server that the device will use to synchronize its time d Click to add additional NTP servers If multiple servers are included servers are tried in the order listed until one succeeds Note This list is synchronized with the list of servers included with NTP client configuration and changes made to one will be reflected in the other See Configure the system time for more information abo...

Страница 502: ... service ntp server 1 time server com config Note This list is synchronized with the list of servers included with NTP client configuration and changes made to one will be reflected in the other See Configure the system time for more information about NTP client configuration 5 Allow the device s local system clock to be used as backup time source config service ntp local true config 6 Optional Co...

Страница 503: ...erfaces Use network interface to display interface information config network interface Interfaces Additional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth ETH loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service ntp acl zone end value Where value is a firewall zone defined o...

Страница 504: ...wing command config system time timezone Timezone The timezone for the location of this device This is used to adjust the time for log messages It also affects actions that occur at a specific time of day Format Africa Abidjan Africa Accra Africa Addis_Ababa config 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your devi...

Страница 505: ...Remote Refid ST T When Poll Reach Delay Offset Jitter ec2 52 2 40 158 129 6 15 32 2 u 191 1024 377 33 570 1 561 0 991 128 136 167 120 128 227 205 3 3 u 153 1024 1 43 583 1 895 0 382 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Configure a multicast route Multicast routing allows a...

Страница 506: ...isable toggle off Enable 6 Type the Source address for the route This must be a multicast IP address between 224 0 0 1 and 239 255 255 255 7 Select a Source interface where multicast packets will arrive 8 To add one or more destination interface that the IX10 device will send mutlicast packets to a Click to expand Destination interfaces b Click c For Destination interface select the interface d Re...

Страница 507: ...rvice multicast test dst ip address config service multicast test 6 Set the source interface for the route where multicast packets will arrive a Use the to determine available interfaces b Set the interface For example config service multicast test src_interface network interface eth1 config service multicast test 7 Set a destination interface that the IX10 device will send mutlicast packets to a ...

Страница 508: ...cess the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Services Service Discovery mDNS 4 Enable the mDNS service 5 Click Access...

Страница 509: ... limit access to hosts connected through a specified interface on the IX10 device a Click Interfaces b For Add Interface click c For Interface select the appropriate interface from the dropdown d Click again to allow access through additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See...

Страница 510: ...t name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the mDNS service Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX10 device config add service mdns acl interface end value config Where value is an interface defined on your device Display a...

Страница 511: ...n your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Use the iPerf service Your IX10 device includes an iPerf3 server that you can use to test the performance of your network iPerf3 is a command line tool that measures the maximum network throughput an interface can handle This is useful when diagnosing network speed issues to deter...

Страница 512: ...evice will automatically configure its firewall rules to allow incoming connections on the configured listening port You can restrict access by configuring the access control list for the iPerf server To enable the iPerf3 server Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your devi...

Страница 513: ...t to IPv4 addresses that can access the iperf service d Click again to list additional IP addresses or networks n To limit access to specified IPv6 addresses and networks a Click IPv6 Addresses b For Add Address click c For Address enter the IPv6 address or network that can access the device s iperf service Allowed values are l A single IP address or host name l A network designation in CIDR notat...

Страница 514: ...onfig 3 Enable the iPerf server config service iperf enable true config 4 Optional Set the port number for the iPerf server listening port The default is 5201 config service iperf port port_number config 5 Optional Set the access control list to restrict access to the iPerf server n To limit access to specified IPv4 addresses and networks config add service iperf acl address end value config Where...

Страница 515: ...ditional Configuration defaultip Default IP defaultlinklocal Default Link local IP eth ETH loopback Loopback modem Modem config Repeat this step to list additional interfaces n To limit access based on firewall zones config add service iperf acl zone end value Where value is a firewall zone defined on your device or the any keyword Display a list of available firewall zones Type firewall zone at t...

Страница 516: ... 2 00 sec 28 4 MBytes 238 Mbits sec 29 1 39 MBytes 4 2 00 3 00 sec 29 8 MBytes 250 Mbits sec 0 1 46 MBytes 4 3 00 4 00 sec 31 2 MBytes 262 Mbits sec 0 1 52 MBytes 4 4 00 5 00 sec 32 1 MBytes 269 Mbits sec 0 1 56 MBytes 4 5 00 6 00 sec 32 5 MBytes 273 Mbits sec 0 1 58 MBytes 4 6 00 7 00 sec 33 9 MBytes 284 Mbits sec 0 1 60 MBytes 4 7 00 8 00 sec 33 7 MBytes 282 Mbits sec 0 1 60 MBytes 4 8 00 9 00 s...

Страница 517: ...Configuration window is displayed 3 Click Services Ping responder The ping responder service is enabled by default Click Enable to disable all ping responses 4 Click to expand Access control list to restrict ping responses to specified IP address interfaces and or zones n To limit access to specified IPv4 addresses and networks a Click IPv4 Addresses b For Add Address click c For Address enter the...

Страница 518: ...rough additional interfaces n To limit access based on firewall zones a Click Zones b For Add Zone click c For Zone select the appropriate firewall zone from the dropdown See Firewall configuration for information about firewall zones d Click again to allow access through additional firewall zones 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remo...

Страница 519: ...host name l A network designation in CIDR notation for example 2001 db8 48 l any No limit to IPv6 addresses that can access the service type Repeat this step to list additional IP addresses or networks n To limit access to hosts connected through a specified interface on the IX10 device config add service iperf acl interface end value config Where value is an interface defined on your device Displ...

Страница 520: ...pending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Example performance test using iPerf3 On a remote host with Iperf3 installed enter the following command iperf3 c device_ip where device_ip is the IP address of the IX10 device For example iperf3 c 192 168 2 1 Connecting to host 192 168 2 1 port 5201 4 local 192 168 3 100...

Страница 521: ...es 4 7 00 8 00 sec 33 7 MBytes 282 Mbits sec 0 1 60 MBytes 4 8 00 9 00 sec 33 5 MBytes 281 Mbits sec 0 1 60 MBytes 4 9 00 10 00 sec 33 2 MBytes 279 Mbits sec 0 1 60 MBytes ID Interval Transfer Bandwidth Retr 4 0 00 10 00 sec 315 MBytes 264 Mbits sec 37 sender 4 0 00 10 00 sec 313 MBytes 262 Mbits sec receiver iperf Done ...

Страница 522: ...stem restarts at specific intervals or at a specified time This chapter contains the following topics Develop Python applications 523 Run a Python application at the shell prompt 526 Start an interactive Python session 528 Python modules 529 Configure scripts to run automatically 563 Configure scripts to run manually 570 Start a manual script 576 Stop a script that is currently running 577 Show sc...

Страница 523: ... and test a Python application In addition to the standard Python library the IX10 includes a set of extensions to access its configuration and interfaces See Python modules The IX10 provides you with the ability to n Run Python applications on the device interactively or from a file n Specify Python applications and other scripts to be run each time the device system restarts at specific interval...

Страница 524: ...uration see the following topics n Change the default LAN subnet n Change the LAN address type n Allow remote access for web administration and SSH 4 Enable service discovery mDNS a Click Services Service Discovery mDNS b Enable the mDNS service Note For more information see Enable service discovery mDNS 5 Configure SSH access a Click Services SSH b Click Enable Note For more information see the f...

Страница 525: ...with your Digi device through the integrated SSH console to see the application output or execute quick tests Manually install and launch an application To create build and launch your application 1 Write your Python application code Code can include n Any Python 3 6 standard feature n Access to the IX10 configuration and hardware with the Python modules n Third party modules included in the IX10 ...

Страница 526: ...ompletes displaying output and prompting for additional user input if needed To interrupt the application enter CTRL C Note Python applications cannot be run from the Admin CLI You must access the device shell in order to run Python applications from the command line See Authentication groups for information about configuring authentication groups that include shell access 1 Upload the Python appl...

Страница 527: ...h full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI b At the command line use the scp command to upload the Python application script to the IX10 device scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remo...

Страница 528: ... ports storage Start an interactive Python session Use the python command without specifying any parameters to start an interactive Python session The Python session operates interactively using REPL Read Evaluate Print Loop to allow you to write Python code on the command line Note The Python interactive session is not available from the Admin CLI You must access the device shell in order to run ...

Страница 529: ...ious extensions that allow Python to interact with additional features offered by the device 4 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Python modules The IX10 supports Python 3 6 and provides you with the ability to run Python applications on the device interactively or from a file It also offers extensions to manage your IX10 ...

Страница 530: ...ce module The Python digidevice module provides platform specific extensions that allow you to interact with the device s configuration and interfaces The following submodules are included with the digidevice module This section contains the following topics ...

Страница 531: ...n command with no parameters to enter an interactive Python session python Python 3 10 1 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Execute a CLI command using the cli execute command function For example to print the system status and statistics to stdout using the show system c...

Страница 532: ...n Python 3 10 1 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the cli submodule from digidevice import cli 4 Use the help command with cli execute help cli execute Help on function execute in module digidevice cli execute command timeout 5 Execute a CLI command with the timeout specified returning the results 5 Use Ctrl D to exi...

Страница 533: ...021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the datapoint submodule and other necessary modules from digidevice import datapoint import time 4 Upload the datapoints to Remote Manager datapoint upload Velocity 69 units mph datapoint upload Temperature 24 geo_location 54 409469 1 718836 129 datapoint upload Emergency_Door closed timestamp time...

Страница 534: ...igi Remote Manager Programmers Guide for more information on web services and datapoints Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint upload and datapoint upload_multiple 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click...

Страница 535: ...configuration Use the config Python module to access and modify the device configuration Read the device configuration 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access s...

Страница 536: ...nfig load interfaces cfg get network interfaces print interfaces get lan ipv4 address Which returns 192 168 2 1 24 Modify the device configuration Use the set and commit methods to modify the device configuration 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user ...

Страница 537: ...guration by accessing help for digidevice config 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell pro...

Страница 538: ...odule on your IX10 device to create a response 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell promp...

Страница 539: ... device d Click Add e Click OK 3 Click Examples SCI Data Service Send Request Code similar to the following will be displayed in the HTTP message body text box sci_request version 1 0 data_service targets device id 00000000 00000000 0000FFFF A83CF6A3 targets requests device_request target_name myTarget my payload string device_request requests data_service sci_request Note The value of the target_...

Страница 540: ...ef status_cb error_code error_description if error_code 0 print error handling showSystem device request s error_ description device_request register showSystem handler status_callback status_ cb Do not let the process finish so that it handles device requests while True time sleep 10 2 Upload the showsystem py application to the etc config scripts directory on two or more Digi devices In this exa...

Страница 541: ...evice ii Click the Device ID iii Click Settings iv Click to expand Config Web UI i On the menu click System Under Configuration click Device Configuration The Configuration window is displayed iii Click System Scheduled tasks Custom scripts iv Click to add a custom script v For Label type Show system application vi For Run mode select On boot vii For Exit action select Restart script ...

Страница 542: ...tion entry config add system schedule script end config system schedule script 0 Scheduled scripts are enabled by default To disable config system schedule script 0 enable false config system schedule script 0 iv Provide a label for the script config system schedule script 0 label Show system application v Configure the application to run automatically when the device reboots config system schedul...

Страница 543: ... Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell ii Type the following at the shell prompt python etc config scripts showsystem py iii Exit the shell exit 4 In Remote Manager click Documentation API Explorer 5 Select the devices to u...

Страница 544: ...reply version 1 0 data_service device id 00000000 00000000 0000FFFF A83CF6A3 requests device_request target_name showSystem status 0 Model Digi IX10 Serial Number IX10 000068 Hostname IX10 MAC 00 40 D0 13 35 36 Hardware Version 50001959 01 A Firmware Version 22 5 50 62 Bootloader Version 1 Firmware Build Date Mon 13 June 2022 20 07 32 Schema Version 461 Timezone UTC Current Time Wed 31 May 2022 9 ...

Страница 545: ... MB Disk tmp Usage 0 004MB 40 96MB 0 Disk var Usage 0 820MB 32 768MB 3 device_ request requests device data_service sci_request Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface SCI requests by accessing help for digidevice device_request 1 Select a device in Remote Manager that is configured to allow shell acc...

Страница 546: ...h device_request unregister help device_request unregister Help on function unregister in module digidevice device_request unregister target str bool 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Use digidevice runtime to access the runtime database Use the runt submodule to access and modify the device runtime database Read from the runtime database Use ...

Страница 547: ...ork pam serial system b Print available keys for the system key print runt keys system This will return the following boot_count chassis cpu_temp cpu_usage disk load_avg local_time mac mcu model ram serial uptime c Use the get method to print the device s MAC address print runt get system mac This will return the MAC address of the device 6 Use the stop method to close the runtime database 7 Use C...

Страница 548: ...y value 6 Use the get method to verify the change print runt get my variable my variable 7 Close the runtime database runt stop 8 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for using Python to access the runtime database Get help for reading and modifying the device runtime database by accessing help for digidevice runt 1 Select a device in Remote M...

Страница 549: ...be removed from the previous device and added to the new device n If Remote Manager is configured to apply a profile to a device based on the device name changing the name of the device may cause Remote Manager to automatically push a profile onto the device Together these two features allow you to swap one device for another by using the name submodule to change the device name while guaranteeing...

Страница 550: ...ght credits or license for more information 3 Import the name submodule from digidevice import name 4 Upload the name to Remote Manager name upload my_name 5 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for uploading the device name to Digi Remote Manager Get help for uploading the device name to Digi Remote Managerby accessing help for digidevice nam...

Страница 551: ...can be subsequently updated by using the update method Determine if the device s location 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to a...

Страница 552: ...n You can also exit the session using exit or quit Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database You can update this snapsot 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with sh...

Страница 553: ... user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 10 1 default May 9 2021 22 49 59 GCC ...

Страница 554: ... source_idx 1 label gnss source_idx 1 quality No Fix Invalid state Enabled signal utc_date_time May 05 2022 9 03 04 vertical_velocity 0 0 6 Use Ctrl D to exit the Python session You can also exit the session using exit or quit Help for the digidevice location module Get help for the digidevice location module 1 Select a device in Remote Manager that is configured to allow shell access to the admin...

Страница 555: ... details 1 Select a device in Remote Manager that is configured to allow shell access to the admin user and click Actions Open Console Alternatively log into the IX10 local command line as a user with shell access Depending on your device configuration you may be presented with an Access selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no param...

Страница 556: ...ess selection menu Type shell to access the device shell 2 At the shell prompt use the python command with no parameters to enter an interactive Python session python Python 3 10 1 default May 9 2021 22 49 59 GCC 8 3 0 on linux Type help copyright credits or license for more information 3 Import the maintenance submodule from digidevice import maintenance 4 Use the help command with maintenance he...

Страница 557: ...he local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Sched...

Страница 558: ...nfig to enter configuration mode config config 3 At the config prompt type config system schedule sms_script_handling true config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device See Configure scripts to run...

Страница 559: ...rint exception occured while waiting print err COND release my_callback unregister_callback Use Python to access serial ports You can use the Python serial module to access serial ports on your IX10 device that are configured to be in Application mode See Configure Application mode for information about configuring a serial port in Application mode To use Python to access serial ports 1 Select a d...

Страница 560: ...us applications including cloud based applications such as Amazon Web Services and Microsoft Azure The following is example code that reads CPU and RAM usage on the device updates the device firmware then publishes information about DHCP clients and system information to the MQTT server at 192 168 1 100 The MQTT server IP is configurable MQTT client example Reporting some device metrics from runt ...

Страница 561: ...date file fname 60 except print Failed to run firmware update command return HTTPStatus INTERNAL_SERVER_ERROR if not Firmware update completed in ret print Failed to update firmware return HTTPStatus INTERNAL_SERVER_ERROR finally os remove fname print Firmware update finished return HTTPStatus OK CMD_HANDLERS reboot cmd_reboot fw update cmd_fwupdate def send_cmd_reply client cmd_path cid cmd statu...

Страница 562: ...oad cid m cid cmd m cmd try payload m params except payload None except print Invalid command format format msg payload if not cid Return if client ID not passed return None send_cmd_reply client msg topic cid cmd HTTPStatus BAD_REQUEST try status CMD_HANDLERS cmd payload except print Invalid command format cmd status HTTPStatus NOT_IMPLEMENTED send_cmd_reply client msg topic cid cmd status def pu...

Страница 563: ...ial runt get system serial PREFIX router serial PREFIX_EVENT event PREFIX PREFIX_CMD cmd PREFIX PREFIX_RSP rsp PREFIX client mqtt Client client on_connect on_connect client on_message on_message try client connect 192 168 1 100 1883 60 client loop_start except print Failed to connect to MQTT server sys exit 1 while True publish_dhcp_leases publish_system time sleep POLL_TIME Configure scripts to r...

Страница 564: ...ipt finishes The actions that can be taken are l None l Restart the script l Reboot the device n Whether to write the script output and errors to the system log n If the script is set to run at a specified interval whether another instance of the script should be run at the specified interval if the previous instance is still running n The memory available to be used by the script n Whether the sc...

Страница 565: ... address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the IX10 device n local path is the location on the IX10 device where the copied file will be placed For example To upload a script from a remote host with an IP address of 192 168 4 1 to the etc config scripts directory on t...

Страница 566: ...n Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add Script click The script configuration window is disp...

Страница 567: ...lick to enable Run single to run only a single instance of the script at a time If Run single is not enabled a new instance of the script will be started at every interval regardless of whether the script is still running from a previous interval n Set time Runs the script at a specified time of the day l If Set Time is selected specify the time that the script should run in Run time using the for...

Страница 568: ...cess rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a script config add system schedule script end config system schedule script 0 Scheduled scripts are enabled by default To disable config system schedule script 0 enable false confi...

Страница 569: ...true config system schedule script 0 If once is set to false a new instance of the script will be started at every interval regardless of whether the script is still running from a previous interval n set_time Runs the script at a specified time of the day l If set_time is set set the time that the script should run using the format HH MM config system schedule script 0 run_time HH MM config syste...

Страница 570: ...cript 0 If once is enabled rebooting the device will cause the script to run again The only way to re run the script is to n Remove the script from the device and add it again n Make a change to the script n Disable once 10 Sandbox is enabled by default This option protects the script from accidentally destroying the system it is running on config system schedule script 0 sandbox true config syste...

Страница 571: ...stem The File System page appears 3 Highlight the scripts directory and click to open the directory 4 Click upload 5 Browse to the location of the script on your local machine Select the file and click Open to upload the file The uploaded file is uploaded to the etc config scripts directory Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local...

Страница 572: ... home admin bin test py local etc config scripts to local admin 192 168 4 1 s password adminpwd test py 100 36MB 11 1MB s 00 03 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Note You can also create scripts by using the vi command when logged in with shell access Task two Configure...

Страница 573: ...The script configuration window is displayed Custom scripts are enabled by default To disable toggle off Enable to toggle off 5 Optional For Label provide a label for the script 6 For Run mode select Manual 7 For Commands enter the commands that will execute the script If the script begins with then the script will be invoked in the location specified by the path for the script command Otherwise t...

Страница 574: ...ain The only way to re run the script is to n Remove the script from the device and add it again n Make a change to the script n Uncheck Once 12 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configura...

Страница 575: ...yslog_stdout and syslog_stderr are not enabled only the script s exit code is written to the system log 8 Set the maximum amount of memory available to be used by the script and its subprocesses config system schedule script 0 max_memory value config system schedule script 0 where value uses the syntax number b bytes KB k MB MB M GB G TB T 9 To run the script only once at the specified time config...

Страница 576: ... Scripts page displays 3 For scripts that are enabled and configured to have a run mode of Manual click Start Script to start the script Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin ...

Страница 577: ...in access 2 At the Status page click Scripts The Scripts page displays 3 For scripts that are currently running click Stop Script to stop the script Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu...

Страница 578: ...tatistics about location information from either the WebUI or the command line Web 1 Log into the IX10 WebUI as a user with Admin access 2 At the Status page click Scripts The Scripts page displays Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration y...

Страница 579: ...pt information IX10 User Guide 579 1 script2 true idle 01 00 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 580: ...1 Authentication groups 589 Local users 600 Terminal Access Controller Access Control System Plus TACACS 613 Remote Authentication Dial In User Service RADIUS 620 LDAP 626 Configure serial authentication 633 Disable shell access 636 Set the idle timeout for IX10 users 638 Example user configuration 641 IX10 User Guide 580 ...

Страница 581: ...ns for a group You can modify the released groups and create additional groups as needed for your site A user can be assigned to more than one group n admin Provides the logged in user with administrative and shell access n serial Provides the logged in user with access to serial ports Users Defines local users for the IX10 n admin Belongs to both the admin and serial groups TACACS Configures supp...

Страница 582: ...tion Dial In User Service RADIUS for information about configuring RADIUS authentication n TACACS Users authenticated by using a remote TACACS server for authentication See Terminal Access Controller Access Control System Plus TACACS for information about configuring TACACS authentication n LDAP Users authenticated by using a remote LDAP server for authentication See LDAP for information about con...

Страница 583: ...te Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displa...

Страница 584: ... in the list 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add the new authentication method t...

Страница 585: ...on in the list use an index value to indicate the appropriate position For example config add auth method 1 auth_type config where auth_type is one of local radius tacacs or ldap n You can also use the move command to rearrange existing methods See Rearrange the position of authentication methods for information about how to reorder the authentication methods 4 Save the configuration and apply the...

Страница 586: ...ow is displayed 3 Click Authentication Methods 4 Click the menu icon next to the method and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acc...

Страница 587: ...t to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Rearrange the position of authentication methods Web Authentication methods are reordered by changing the method type in the Method drop down for each authentication method to match the appropriate order For example the following configuration ha...

Страница 588: ... In the Method drop down select RADIUS 5 Click to expand the second Method 6 In the Method drop down select Local users 7 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be present...

Страница 589: ...from the device Authentication groups Authentication groups are used to assign access rights to IX10 users Three types of access rights can be assigned n Admin access Users with Admin access can be configured to have either l The ability to manage the IX10 device by using the WebUI or the Admin CLI l Read only access to the WebUI and Admin CLI n Shell access Users with Shell access have the abilit...

Страница 590: ...erial group is configured by default to have Serial access The preconfigured authentication groups cannot be deleted but the access rights defined for the group are configurable This section contains the following topics Change the access rights for a predefined group 591 Add an authentication group 593 Delete an authentication group 598 ...

Страница 591: ... device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Groups 4 Click the authentication group to be changed either admi...

Страница 592: ... Full access n Serial access n Interactive shell access Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter 6 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a u...

Страница 593: ...enable false config n Shell access l To enable Shell access for the serial group config auth group serial acl shell enable true config Shell access is not available if the Allow shell parameter has been disabled See Disable shell access for more information about the Allow shell parameter n Serial access l To enable Serial access for the admin group config auth group admin acl serial enable true c...

Страница 594: ...nitoring To add an authentication group Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configurati...

Страница 595: ...ess full provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI l Read only access read only provides users of this group with read only access to the WebUI and Admin CLI The default is Full access full n Serial access 6 Optional Configure the serial ports to which users of this group have access a Click Serial ports to expand the Serial ports n...

Страница 596: ...he box next to Bluetooth scanner access 12 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the co...

Страница 597: ...ods config auth group test config b Enable captive portal access rights for users of this group config auth group test acl portal enable true config c Add a captive portal to which users of this group will have access i Determine available portals config show firewall portal portal1 auth none enable true http redirect no interface no message no redirect_url no terms timeout 24h no title config ii ...

Страница 598: ...y default the IX10 device has two preconfigured authentication groups admin and serial These groups cannot be deleted To delete an authentication group that you have created Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and ...

Страница 599: ...ne as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth group groupname 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exi...

Страница 600: ... the device and is the most critical security feature for the device If you reset the device to factory defaults you must log in using the default user and password and you should immediately change the password to a custom password Before deploying or mounting the IX10 device record the default password so you have the information available when you need it even if you cannot physically access th...

Страница 601: ...nd Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 Click the username to expand the user s configuration node 5 For Password enter the new password The password must be at least eight characters long and must contain at least one uppercase letter one lowercase letter one number and one spec...

Страница 602: ...ve the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config co...

Страница 603: ...ups for information about configuring groups Additional configuration items n An alias for the user Because the username cannot contain any special characters such as hyphens or periods an alias allows the user to log in using a name that contains special characters n The number of unsuccessful login attempts before the user is locked out of the system n The amount of time that the user is locked ...

Страница 604: ...ger a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication Users 4 In Add User type a name for the user and click The user configuration window is displayed ...

Страница 605: ...expand Login failure lockout The login failure lockout feature is enabled by default To disable toggle off Enable a For Lockout tries type the number of unsuccessful login attempts before the user is locked out of the device The default is 5 b For Lockout duration type the amount of time that the user is locked out after the number of unsuccessful login attempts defined in Lockout tries Allowed va...

Страница 606: ...erification only select Disallow code reuse to prevent a code from being used more than once during the time that it is valid f For time based verification only in Code refresh interval type the amount of time that a code will remain valid Allowed values are any number of weeks days hours minutes or seconds and take the format number w d h m s For example to set Code refresh interval to ten minute...

Страница 607: ...uth user new_user enable false config auth user new_user 4 Optional Create a username alias for the user Because the name to create the user cannot contain special characters such as hyphens or periods an alias allows the user to log in using a name that contains special characters For security purposes if two users have the same alias the alias will be disabled config auth user new_user username ...

Страница 608: ... group to the user For example to add the admin group to the user config auth user new_user add group end admin config auth user new_user Note Every user must be configured with at least one group b Optional Add additional groups by repeating the add group command config auth user new_user add group end serial config auth user new_user To remove a group from a user a Use the show command to determ...

Страница 609: ...ime Password TOTP authentication uses the current time to generate a one time password n hotp HMAC based One Time Password HOTP uses a counter to validate a one time password The default value is totp config auth user new_user 2fa type totp config auth user new_user 2fa d Add a secret key config auth user new_user 2fa secret key config auth user new_user 2fa This key should be used by an applicati...

Страница 610: ...r new_user 2fa login_limit 3 config auth user new_user 2fa i Configure the login limit period This is the amount of time that the user is allowed to attempt to log in config auth user new_user 2fa login_limit_period value config auth user new_user 2fa where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set login_limit_period to ten ...

Страница 611: ...sconnect from the device Delete a local user To delete a user from your IX10 Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On th...

Страница 612: ...ine as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config del auth user username 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit...

Страница 613: ...nd connection parameters to a TACACS server over TCP The TACACS server then authenticates the TACACS client requests and sends back a response message to the device When you are using TACACS authentication you can have both local users and TACACS users able to log in to the device To use TACACS authentication you must set up a TACACS server that is accessible by the IX10 device prior to configurat...

Страница 614: ... sudo gedit etc tacacs tac_plus conf 2 Add users to the file using the following format This example will create two users one with admin and serial access and one with only serial access user user1 name User1 for IX10 pap cleartext password1 service system groupname admin serial user user2 name User2 for IX10 pap cleartext password2 service system groupname serial The groupname attribute is optio...

Страница 615: ...lable or if the user is not defined on the TACACS server then you should list the TACACS authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the TACACS servers are unavailable and the IX10 device falls back to local authentication only users defined locally on the device are able to log in TACACS ...

Страница 616: ...to Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration wind...

Страница 617: ...the TACACS server s configuration to identify the IX10 authentication group or groups that the user is a member of For example in TACACS user configuration the group attribute in the sample tac_plus conf file is groupname which is also the default setting in the IX10 configuration 7 Optional For Service type the value of the service attribute in the the TACACS server s configuration For example in...

Страница 618: ...min CLI 2 At the command line type config to enter configuration mode config config 3 Optional Prevent other authentication methods from being used if TACACS authentication fails Other authentication methods will only be used if the TACACS server is unavailable config auth tacacs authoritative true config 4 Optional Configure the group_attribute This is the name of the attribute used in the TACACS...

Страница 619: ...rver end config auth tacacs server 0 b Enter the TACACS server s IP address or hostname config auth tacacs server 0 hostname hostname ip address config auth tacacs server 0 c Optional Change the default port setting to the appropriate port config auth tacacs server 0 port port config auth tacacs server 0 d Optional Repeat the above steps to add additional TACACS servers 9 Add TACACS to the authent...

Страница 620: ...erver over UDP The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device When you are using RADIUS authentication you can have both local users and RADIUS users able to log in to the device To use RADIUS authentication you must set up a RADIUS server that is accessible by the IX10 device prior to configuration The process of setting up a RADIUS...

Страница 621: ...ely if the user is also configured as a local user on the IX10 device and the RADIUS server authenticates the user but does not return any groups the local configuration determines the list of groups See Authentication groups for more information about authentication groups The Unix FTP Group Names attribute can contain one group or multiple groups in a comma separated list 3 Save and close the fi...

Страница 622: ...a RADIUS server for authentication and authorization Required configuration items n Define the RADIUS server IP address or domain name n Define the RADIUS server shared secret n Add RADIUS as an authentication method for your IX10 device Additional configuration items n Whether other user authentication methods should be used in addition to the RADIUS server or if the RADIUS server should be consi...

Страница 623: ... of the RADIUS server c Optional Change the default Port setting to the appropriate port Normally this should be left at the default setting of port 1812 d For Secret type the RADIUS server s shared secret This is configured in the secret parameter of the RADIUS server s client conf file for example secret testing123 e For Timeout type or select the amount of time in seconds to wait for the RADIUS...

Страница 624: ...k Authentication Methods b For Add method click c Select RADIUS for the new method from the Method drop down Authentication methods are attempted in the order they are listed until the first successful authentication result is returned See Rearrange the position of authentication methods for information about rearranging the position of the methods in the list 9 Click Apply to save the configurati...

Страница 625: ...name config auth radius server 0 hostname hostname ip address config auth radius server 0 c Optional Change the default port setting to the appropriate port config auth radius server 0 port port config auth radius server 0 d Configure the amount of time in seconds to wait for the RADIUS server to respond Allowed value is any integer from 3 to 60 The default value is 3 config auth radius server 0 t...

Страница 626: ...the IX10 device acts as an LDAP client which sends user credentials and connection parameters to an LDAP server The LDAP server then authenticates the LDAP client requests and sends back a response message to the device When you are using LDAP authentication you can have both local users and LDAP users able to log in to the device To use LDAP authentication you must set up a LDAP server that is ac...

Страница 627: ...ng the following format dn uid john dc example dc com objectClass inetOrgPerson cn John Smith sn Smith uid john userPassword password ou admin serial n The value of uid and userPassword must correspond to the username and password used to log into the IX10 device n The ou attribute is optional If used the value must correspond to authentication groups configured on your IX10 Alternatively if the u...

Страница 628: ...P server then you should list the LDAP authentication method prior to the Local users authentication method See User authentication methods for more information about authentication methods If the LDAP servers are unavailable and the IX10 device falls back to local authentication only users defined locally on the device are able to log in LDAP users cannot log in until the LDAP servers are brought...

Страница 629: ...ss the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Authentication LDAP Servers ...

Страница 630: ...This is the preferred method for LDAP 7 If Enable TLS or Start TLS are selected for TLS connection n Leave Verify server certificate at the default setting of enabled to verify the server certificate with a known Certificate Authority n Disable Verify server certificate if the server is using a self signed certificate 8 Optional For Server login type a distinguished name DN that is used to bind to...

Страница 631: ...lt is returned See Rearrange the position of authentication methods for information about rearranging the position of the methods in the list 15 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configura...

Страница 632: ...this option unset if the server allows anonymous connections config auth ldap bind_dn dn_value config For example config auth ldap bind_dn cn user dc example dc com config 7 Set the password used to log into the LDAP server Leave this option unset if the server allows anonymous connections config auth ldap bind_password password config 8 Set the distinguished name DN on the server to search for us...

Страница 633: ... the appropriate port config auth ldap server 0 port port config auth ldap server 0 d Optional Repeat the above steps to add additional LDAP servers 13 Add LDAP to the authentication methods Authentication methods are attempted in the order they are listed until the first successful authentication result is returned This example will add LDAP to the end of the list See User authentication methods ...

Страница 634: ...l For TLS identity certificate paste a TLS certificate and private key in PEM format If empty the certificate for the web administration service is used See Configure the web administration service for more information 5 For Peer authentication select the method used to verify the certificate of a remote peer 6 Include standard CAs is enabled by default This allows peers with certificates that hav...

Страница 635: ...iguration mode config config 3 Optional Paste a TLS certificate and private key in PEM format config auth serial identiy cert and private key config 4 Set the method used to verify the certificate of a remote peer config auth serial verify value config where value is either n ca Uses certificate authorities CAs to verify n peer Uses the remote peer s public certificate to verify 5 By default peers...

Страница 636: ...llow shell parameter This does not prevent access to the Admin CLI Note If shell access is disabled re enabling it will erase the device s configuration and perform a factory reset Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to vi...

Страница 637: ...vice in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the allow_shell parameter to false config auth allow_shell ...

Страница 638: ...t the user s active session can be inactive before it is automatically disconnected set the Idle timeout parameter By default the Idle timeout is set to 10 minutes Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage you...

Страница 639: ...guration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At th...

Страница 640: ...config auth idle_timeout 600s config 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 641: ...og into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration...

Страница 642: ...min access to enable iv Verify that Access level is set to Full access If not select Full access e Verify that Local users is one of the configured authentication methods i Click Authentication Methods ii Verify that Local users is one of the methods listed in the list If not i For Add Method click ii For Method select Local users 7 Click Apply to save the configuration and apply the change Comman...

Страница 643: ...up admin acl admin level full config 4 Verify that local is one of the configured authentication methods config show auth method 0 local config If local is not listed config add auth method end local config 5 Create the user In this example the user is being created with the username adminuser config add auth user adminuser config auth user adminuser 6 Assign a password to the user config auth use...

Страница 644: ...sing all three authentication methods In this example when the user attempts to log in to the IX10 device user authentication will occur in the following order 1 The user is authenticated by the RADIUS server If the RADIUS server is unavailable 2 The user is authenticated by the TACACS server If both the RADIUS and TACACS servers are unavailable 3 The user is authenticated by the IX10 device using...

Страница 645: ... Names parameter c Save and close the users file 2 Configure a user on the TACACS server a On the ubuntu machine hosting the TACACS server open the etc tacacs tac_plus conf file sudo gedit etc tacacs tac_plus conf b Add a TACACS user to the tac_plus conf file user admin1 name Admin1 for TX64 pap cleartext password1 service system groupname admin In this example n The user s username is admin1 n Th...

Страница 646: ...ngs d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 5 Configure the authentication methods a Click Authentication Methods b For Method select RADIUS c For Add Method click to add a new method d For the new method select TACACS e Click to add another new method f For the new method select Local users ...

Страница 647: ... i Click Authentication Groups ii Click admin iii Verify that the admin group has Admin access enabled If not click Admin access to enable iv Verify that Access level is set to Full access If not select Full access 7 Click Apply to save the configuration and apply the change Command line 1 Configure a user on the RADIUS server a On the ubuntu machine hosting the FreeRadius server open the etc free...

Страница 648: ...this example n The user s username is admin1 n The user s password is password1 n The authentication group on the IX10 device admin is identified in the groupname parameter c Save and close the tac_plus conf file 3 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration...

Страница 649: ...full administrator rights config show auth group admin acl admin enable true level full config If admin enable is set to false config auth group admin acl admin enable true config If admin level is set to read only config auth group admin acl admin level full config 7 Configure the local user a Create a local user with the username admin1 config add auth user admin1 config auth user admin1 b Assig...

Страница 650: ...650 8 Save the configuration and apply the change config auth user adminuser save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 651: ...his chapter contains the following topics Firewall configuration 652 Port forwarding rules 657 Packet filtering 665 Configure custom firewall rules 673 Configure Quality of Service options 675 IX10 User Guide 651 ...

Страница 652: ...in the initial setup of the device By default the firewall will only allow this zone to access administration services l IPsec The default zone for IPsec tunnels l Dynamic routes Used for routes learned using routing services n Port forwarding A list of rules that allow network connections to the IX10 to be forwarded to other servers by translating the destination address n Packet filtering A list...

Страница 653: ...ration window is displayed 5 Optional If traffic on this zone will be forwarded from a private network to the internet enable Network Address Translation NAT 6 Click Apply to save the configuration and apply the change See Configure the firewall zone for a network interface for information about how to configure network interfaces to use a zone Command line 1 Select the device in Remote Manager an...

Страница 654: ...nnect from the device See Configure the firewall zone for a network interface for information about how to configure network interfaces to use a zone Configure the firewall zone for a network interface Firewall zones allow you to group network interfaces for the purpose of packet filtering and access control There are several preconfigured firewall zones and you can create custom zones as well The...

Страница 655: ...nal 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter confi...

Страница 656: ...t from the device Delete a custom firewall zone You cannot delete preconfigured firewall zones To delete a custom firewall zone Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Cli...

Страница 657: ...ration mode config config 3 Use the del command to delete a custom firewall rule For example config del firewall zone my_zone 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Port forwarding rules Most compu...

Страница 658: ...he port forwarding rule n The IP version either IPv4 or IPv6 that incoming network connections must match n The protocols that incoming network connections must match n A white list of devices based on either IP address or firewall zone that are authorized to leverage this forwarding rule To configure a port forwarding rule Web 1 Log into Digi Remote Manager or log into the local Web UI as a user ...

Страница 659: ...version select either IPv4 or IPv6 Network connections will only be forwarded if they match the selected IP version 8 For Protocol select the type of internet protocol Network connections will only be forwarded if they match the selected protocol 9 For Incoming port s type the public facing port number that network connections must use for their traffic to be forwarded 10 For To Address type the I...

Страница 660: ...ck Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 At the config prompt type config add firewall dnat end config firewall dnat 0 Port forwarding...

Страница 661: ...l dnat 0 to_address ip address config firewall dnat 0 n For IPv6 addresses config firewall dnat 0 to_address6 ip address config firewall dnat 0 9 Set the public facing port number s that network connections must use for their traffic to be forwarded config firewall dnat 0 to_port value config firewall dnat 0 where value is the port number comma separated list of port numbers or range of port numbe...

Страница 662: ...work interfaces that can be referred to by packet filtering rules and access control lists Additional Configuration any dynamic_routes edge external internal ipsec loopback setup config firewall dnat 0 acl 11 Save the configuration and apply the change config save Configuration saved 12 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selec...

Страница 663: ...ice Configuration The Configuration window is displayed 3 Click Firewall Port forwarding 4 Click the menu icon next to the appropriate port forwarding rule and select Delete 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Dep...

Страница 664: ...0 10 10 10 to_port 10001 1 acl no address6 no zone enable false interface ip_version ipv6 label IPv6 port forwarding rule port 10002 protocol tcp to_address6 c097 4533 bd63 bb12 9a6f 5569 4b53 c29a to_port 10003 config 4 To delete the rule use the index number with the del command For example config del firewall dnat 1 5 Save the configuration and apply the change config save Configuration saved 6...

Страница 665: ...e will be accepted rejected or dropped by this rule Additional configuration requirements n A label for the rule n The IP version to be matched either IPv4 IPv6 or Any n The protocol to be matched one of l TCP l UDP l ICMP l ICMP6 l Any To configure a packet filtering rule Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device co...

Страница 666: ...Label that will be used to identify the rule 5 For Action select one of n Accept Allows matching network connections n Reject Blocks matching network connections and sends an ICMP error if appropriate n Drop Blocks matching network connections and does not send a reply 6 Select the IP version 7 Select the Protocol 8 For Source zone select the firewall zone that will be monitored by this rule for i...

Страница 667: ...To edit the default packet filtering rule or another existing packet filtering rule a Determine the index number of the appropriate packet filtering rule config show firewall filter 0 action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal 1 action drop dst_zone internal enable true ip_version any label myfilter protocol any src_zone ex...

Страница 668: ...ons from network interfaces that are a member of this zone See Firewall configuration for more information about firewall zones config firewall filter 1 src_zone my_zone config firewall filter 1 6 Set the destination firewall zone Packets destined for network interfaces that are members of this zone will either be accepted rejected or dropped by this rule See Firewall configuration for more inform...

Страница 669: ...ice Enable or disable a packet filtering rule To enable or disable a packet filtering rule Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config ...

Страница 670: ...en Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the appropriate port forwarding rule config show firewall filter 0 action ac...

Страница 671: ...e 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Delete a packet filtering rule To delete a packet filtering rule Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin a...

Страница 672: ...ote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Determine the index number of the packet filtering rule you want to delete...

Страница 673: ...igure custom firewall rules Custom firewall rules consist of a script of shell commands that can be used to install firewall rules ipsets and other system configuration These commands are run whenever system configuration changes occur that might cause changes to the firewall To configure custom firewall rules Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admi...

Страница 674: ...figuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Ena...

Страница 675: ...g packets on each interface egress packets not what is received on the interface packet ingress A QoS binding contains the policies and rules that apply to packets exiting the IX10 device on the binding s interface By default the IX10 device has two preconfigured QoS bindings Outbound and Inbound These bindings are an example configuration designed for a typical VoIP site n Outbound provides an ex...

Страница 676: ...ppropriate for your network 8 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line ty...

Страница 677: ... 6 Save the configuration and apply the change config save Configuration saved 7 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Create a new binding Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuratio...

Страница 678: ...Interface to queue egress packets on The binding will only match traffic that is being sent out on this interface 8 Optional For Interface bandwidth Mbit set the maximum egress bandwidth of the interface in megabits allocated to this binding Typically this should be 95 of the available bandwidth Allowed value is any integer between 1 and 1000 9 Create a policy for the binding At least one policy i...

Страница 679: ...icy For example if a binding contains three policies and each policy contains a weight of 10 each policy will be allocated one third of the total interface bandwidth e For Latency type the maximum delay before the transmission of packets A lower latency means that the packets will be scheduled more quickly for transmission f Select Default to identify this policy as a fall back policy The fall bac...

Страница 680: ...ess n IPv6 address Only traffic from the IP address typed in IPv6 address will be matched Use the format IPv6_address prefix_length or use any to match any IPv6 address n MAC address Only traffic from the MAC address typed in MAC address will be matched ix Click to expand Destination address and select the Type n Any Traffic destined for anywhere will be matched n Interface Only traffic destined f...

Страница 681: ...or example config firewall qos 2 interface network interface eth1 config firewall qos 2 6 Optional Set the maximum egress bandwidth of the interface in megabits allocated to this binding config firewall qos 2 bandwidth int config firewall qos 2 where int is an integer between 1 and 1000 Typically this should be 95 of the available bandwidth The default is 95 7 Create a policy for the binding At le...

Страница 682: ... means that the packets will be scheduled more quickly for transmission config firewall qos 2 policy 0 latency int config firewall qos 2 policy 0 where int is any integer 1 or greater The default is 100 f To identify this policy as a fall back policy config firewall qos 2 policy 0 default true config firewall qos 2 policy 0 The fall back policy will be used for traffic that is not matched by any o...

Страница 683: ...licy 0 rule 0 srcport value config firewall qos 2 policy 0 rule 0 where value is the IP port number a range of port numbers using the format IP_port IP_port or any vii Set the destination port to define a destination matching criteria config firewall qos 2 policy 0 rule 0 dstport value config firewall qos 2 policy 0 rule 0 where value is the IP port number a range of port numbers using the format ...

Страница 684: ...ddress config network qos 2 policy 0 rule 0 ix Set the destination address type config network qos 2 policy 0 rule 0 dst type value config network qos 2 policy 0 rule 0 where value is one of n any Traffic destined for anywhere will be matched See Firewall configuration for more information about firewall zones n interface Only traffic destined for the selected Interface will be matched Set the int...

Страница 685: ...ses the format IPv6_address prefix_length or any to match any IPv6 address Repeat to add a new rule Up to 30 rules can be configured 8 Save the configuration and apply the change config save Configuration saved 9 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 686: ...s 3 Click Upload New Container 4 From your local file system select the container file in tgz format You can download a simple example container file test_lxc tgz from the Digi website 5 Create Configuration is selected by default This will create a configuration on the device for the container when it is installed If deselected you will need to create the configuration manually 6 Click Apply 7 If...

Страница 687: ...ties Additional configuration items n If virtual networking is enabled l The bridge to be used to provide network connectivity l A static IP address for the container l The network gateway n Serial ports on the device that the container will have access to Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remot...

Страница 688: ...iner This must be a valid IP address for the bridge or if left blank a DHCP server can assign the container an IP address c Optional For Gateway type the IP address of the network gateway 7 Click to expand Serial ports to sssign serial ports that the container will have access to a For Add Port click b For Port select the serial port 8 Click Apply to save the configuration and apply the change Com...

Страница 689: ... container name network true config system container name b Set the network bridge device that will be used to provide network access i Use the to determine the available bridges config system container name bridge Network Bridge Device Containers require a bridge to access the network Choose which bridge to connect the container to Format lan1 Current value config system container name ii Set the...

Страница 690: ...Starting and stopping the container Container commands are not available from the Admin CLI You must access the device shell in order to run Python applications from the command line See Authentication groups for information about configuring authentication groups that include shell access Starting the container There are two methods to start containers n Non persistent Changes made to the contain...

Страница 691: ...is will start the container by using bin sh l which runs the shell and loads the shell profile The default shell profile includes an lxc prompt Starting a container by including an executable You can supply an executable to run when you start the container along with any parameters If you don t supply a parameter the default behavior is to run the executable by using bin sh l which runs the shell ...

Страница 692: ... Containers status page is displayed Command line Show status of all containers Use the show containers command with no additional arguments to show the status of all containers on the system 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented...

Страница 693: ... to access the Admin CLI 2 At the prompt type show containers container test_lxc Container Configured Enabled State test_lxc True enabled RUNNING PID 19327 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Schedule a script to run in the container This simple example will 1 Start the c...

Страница 694: ...figuration The Configuration window is displayed 3 Click System Scheduled tasks Custom scripts 4 For Add Script click The script configuration window is displayed 5 Optional For Label type container_script 6 For Run mode select Interval 7 For Interval type 10s 8 For Commands type the following lxc container_name bin ping c 1 IP_address ...

Страница 695: ...mmand line type config to enter configuration mode config config 3 Add a script config add system schedule script end config system schedule script 0 4 Provide a label for the script for example config system schedule script 0 label test_lxc config system schedule script 0 5 Set the mode to interval config system schedule script 0 when interval config system schedule script 0 6 Set the interval to...

Страница 696: ...ner that contains a python script in the etc directory In this example we will use a simple container file named test_lxc tgz You can download test_lxc tgz from the Digi website At the command line of a Linux host we will unpack the file add a simple python script and create a new container file that includes the python script Create the custom container file 1 At the command line of a Linux host ...

Страница 697: ...lect the container file You can download a simple example container file test_lxc tgz from the Digi website v Create Configuration is selected by default This will create a configuration on the device for the container when it is installed If deselected you will need to create the configuration manually vi Click Apply 2 Select a device in Remote Manager that is configured to allow shell access to ...

Страница 698: ... cellular module firmware 708 Reboot your IX10 device 712 Erase device configuration and reset to factory defaults 715 Locate the device by using the Find Me feature 720 Configure a power profile 721 Configuration files 725 Schedule system maintenance tasks 730 Disable device encryption 735 Configure the speed of your Ethernet port 737 IX10 User Guide 698 ...

Страница 699: ... basic system information 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter show system at the prompt show system Model Digi IX10 Serial Number IX10 000065 SKU IX10 Hos...

Страница 700: ...on 50001947 01 1P Firmware Version 22 5 50 62 Alt Firmware Version 22 5 50 62 Alt Firmware Build Date Mon 13 June 2022 20 07 32 Bootloader Version 19 7 23 0 15f936e0ed Schema Version 715 Timezone UTC Current Time Wed 31 May 2022 9 03 04 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Load Average 0 01 0 03 0 02 RAM Usage 119 554MB 1878 984MB 6 Temperature 40C Disk Load Average 0 0...

Страница 701: ... into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration w...

Страница 702: ... config to enter configuration mode config config 3 Set a name for the device This name will appear in log messages and at the command prompt config system name 192 168 3 1 192 168 3 1 config 4 Set the contact for the device 192 168 3 1 config system contact Jane User 192 168 3 1 config 5 Set the location for the device 192 168 3 1 config system location 9350 Excelsior Blvd Suite 700 Hopkins MN 19...

Страница 703: ...the device The IX10 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated Downgrading Downgrading to an earlier release of the firmware may result in the device configuration being erased Downgrading from firmware version 22 2 9 x Beginning with firmware version 22 2 9 x the IX10 device uses certific...

Страница 704: ...85 Checking for latest IX10 firmware Newest firmware version available to download is 22 5 50 62 Device firmware update from 22 2 9 85 to 22 5 50 62 is needed 3 Use the modem firmware ota list command to list available firmware on the Digi firmware repository system firmware ota list 22 2 9 85 22 5 50 62 4 Perform an OTA firmware update n To perform an OTA firmware update by using the most recent ...

Страница 705: ...version 22 5 50 62 Downloaded firmware tmp cli_firmware bin remaining Applying firmware version 22 5 50 62 41388K netflash got tmp cli_firmware bin length 42381373 netflash authentication successful netflash vendor and product names are verified netflash programming FLASH device dev flash image1 41408K 100 Firmware update completed reboot device b Reboot the device reboot Update firmware from a lo...

Страница 706: ...of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the IX10 device n local path is the location on the IX10 device where the copied file will be placed For example scp host 192 168 4 1 user admin remote home admin bin IX10 22 5 50 62 bin local tmp to local admin 192 168 4 1 s password...

Страница 707: ... of firmware in two flash memory banks n The current firmware version that is used to boot the device n A copy of the firmware that was in use prior to your most recent firmware update When the device reboots it will attempt to use the current firmware version If the current firmware version fails to load after three consecutive attempts it is marked as invalid and the device will use the previous...

Страница 708: ...r device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Duplicate the firmware system duplicate firmware Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository or by uploading firmware from your local storage onto the device You can also schedule modem firmware updates See Schedu...

Страница 709: ...rmware over the air OTA You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you m...

Страница 710: ...atest Generic firmware Retrieving modem firmware list Newest firmware version available to download is 25 20 666_CUST_ 067_1 Retrieving download location for modem firmware 25 20 666_CUST_067_ 1 n To perform an OTA firmware update by using a specific version from the Digi firmware repository use the version parameter to identify the appropriate firmware version as determined by using modem firmwar...

Страница 711: ...at the firmware file may not have a tar gz extension but it is a tar file and can be unzipped with tar or a similar tool See Use the scp command for information about uploading files to the IX10 device 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be...

Страница 712: ...you may be presented with an Access selection menu Type quit to disconnect from the device Reboot your IX10 device You can reboot the IX10 device immediately or schedule a reboot for a specific time every day Note You may want to save your configuration settings to a file before rebooting See Save configuration to a file Reboot your device immediately Web 1 Log into the IX10 WebUI as a user with A...

Страница 713: ...ith full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Select System Scheduled tasks 4 For Reboot ti...

Страница 714: ...ng on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the reboot time config system schedule reboot_time time config where time is the time of the day that the device should reboot using the format HH MM For example the set the device to reboot at two in...

Страница 715: ...system log files Additionally if the ERASE button is used to erase the configuration pressing the ERASE button a second time immediately after the device has rebooted n Erases all automatically generated certificates and keys n With firmware release 22 2 9 x and newer erases the client side certificate used for communication with Digi Remote Manager If you are using Digi Remote Manager with firmwa...

Страница 716: ...mand line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 Enter the following system factory erase 3 After resetting the device a Connect to the IX10 by using the serial po...

Страница 717: ...using the serial port or by using an Ethernet cable to connect the IX10 ETH port to your PC b Log into the IX10 User name Use the default user name admin Password Use the unique password printed on the bottom label of the device or the printed label included in the package c Optional Reset the default password for the admin account See Change the default password for the admin user for further inf...

Страница 718: ...s This way when you erase the device s configuration the device will reset to your custom configuration rather than to the original factory defaults Note To clear the custom default configuration press the ERASE button wait for the device to reboot then press the ERASE button again Required configuration items n Custom factory default file Web 1 Log into the IX10 WebUI as a user with Admin access ...

Страница 719: ...nloaded rename the file to custom default config bin 6 Upload the file to the device a From the main menu select System Filesystem b Under Default device configuration click c Select the file from your local file system Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your ...

Страница 720: ...Me A notification message appears noting that the LED is flashing on the device Click the x in the message to close it 3 On the menu click System again Ablue circle next to Find Me is blinking indicating that the Find Me feature is active 4 To deactivate the Find Me feature click System and click Find Me again A notification message appears noting that the LED is no longer flashing on the device C...

Страница 721: ... in terms of power consumption during standard operating mode You can choose to preserve power performance or to balance both To change the active power profile Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your d...

Страница 722: ...ofile and allows you to change it The available options are n Performance The CPU clock frequency is scaled up to work in the highest available frequency and provide a better system performance n Auto The CPU clock frequency is dynamically scaled up and down to provide better performance during high demanding conditions and also to save power during inactivity periods ...

Страница 723: ...selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Set the profile you prefer config system power profile profile_name config where profile_name is one of n auto The CPU clock frequency is dynamically scaled up and down to provide better performance during high demanding conditions and also to save power during inactivity...

Страница 724: ...00 n 792000 The default is 792000 5 Save the configuration and apply the change config save Configuration saved 6 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 725: ...ou make changes to the IX10 configuration the changes are not automatically saved You must explicitly save configuration changes which also applies the changes If you do not save configuration changes the system discards the changes Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your ...

Страница 726: ...uration changes 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Save configuration to a file You can save your IX10 device s configuration to a file and use this file to restore the configuration either to ...

Страница 727: ... system backup path passphrase passphrase type type where n path is the location on the IX10 s filesystem where the configuration backup file should be saved n passphrase optional is a passphrase used to encrypt the configuration backup n type is the type of backup either l archive Creates a binary archive file containing the device s configuration certificates and keys and other information l cli...

Страница 728: ...ckup from the device or a backup from a similar device Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the main menu click System Under Configuration click Configuration Maintenance The Configuration Maintenance windows is displayed 3 In the Configuration Restore section a If a passphrase was used to create the configuration backup for Passphrase save restore enter the passphrase b ...

Страница 729: ...username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied to the IX10 device n local path is the location on the IX10 device where the copied file will be placed For example scp host 192 168 4 1 user admin remote home admin bin backup archive 0040FF800120 22 5 50 62 19 23 42 bin local opt to local 3 Enter the follo...

Страница 730: ...one of the triggers must be met n The tasks to be performed Options are l Firmware updates l Digi Remote Manager configuration check n Whether the device will check for updates to the device firmware n Whether the device will check for updates to the modem firmware n The frequency daily weekly or monthly that checks for firmware updates will run Web 1 Log into Digi Remote Manager or log into the l...

Страница 731: ... type the time of day that the maintenance window should start using the syntax HH MM If Start time is not set maintenance tasks are not scheduled and will not be run The behavior of Start time varies depending on the setting of Duration window which is configured in the next step l If Duration window is set to Immediately all scheduled tasks will begin at the exact time specified in Start time l ...

Страница 732: ...ice s firmware version You should not enable this option 8 Optional Click to enable Modem firmware update to instruct the system to look for any updated modem firmware during the maintenance window If updated firmware is found it will then be installed Modem firmware update looks for updated firmware both on the local device and over the network using either a WAN or cellular connection 9 Optional...

Страница 733: ...nce trigger 0 n out_of_service The maintenance window will only start if the Python Out of Service is set See Use Python to set the maintenance window for further information n time Configure a time period for the maintenance window i Configure the time of day that the maintenance window should start using the syntax HH MM If the start time is not set maintenance tasks are not scheduled and will n...

Страница 734: ...s either daily or weekly Daily is the default 4 Optional Configure the device to look for any updated device firmware during the maintenance window If updated firmware is found it will then be installed The device will look for updated firmware both on the local device and over the network using either a WAN or cellular connection config system schedule maintenance device_fw_update value config wh...

Страница 735: ...is being shipped When device encryption is disabled the following occurs n The device is reset to the default configuration and rebooted n After the reboot l Access to the device via the WebUI and SSH are disabled l All internet connectivity is disabled including WAN and WWAN Connectivity to central management software is also disabled l All IP networks and addresses are disabled except for the de...

Страница 736: ... the device Re enable cryptography after it has been disabled To re enable cryptography 1 Configure your PC network to connect to the 192 168 210 subnet For example on a Windows PC a Select the Properties of the relevant network connection on the Windows PC b Click the Internet Protocol Version 4 TCP IPv4 parameter c Click Properties The Internet Protocol Version 4 TCP IPv4 Properties dialog appea...

Страница 737: ...e IX10 device at the IP address of 192 168 210 1 4 Log into the device n Username admin n Password The default unique password for your device is printed on the device label 5 At the shell prompt type rm etc config nocrypt flatfsd i This will re enable encryption and leave the device at its factory default setting Configure the speed of your Ethernet port You can configure the speed of your IX10 d...

Страница 738: ...enu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Network Device ETH 4 For Speed select the appropriate speed for the Ethernet port or select Auto to automatically detect the speed The default is Auto 5 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Cons...

Страница 739: ... of l 10 Sets the speed to 10 Mbps l 100 Sets the speed to 100 Mbps l 1000 Sets the speed to 1 Gbps Available only for devices with Gigabit Ethernet ports auto Configures the device to automatically determine the best speed for the Ethernet port The default is auto 4 Save the configuration and apply the change config save Configuration saved 5 Type exit to exit the Admin CLI Depending on your devi...

Страница 740: ...Monitoring This chapter contains the following topics intelliFlow 741 Configure NetFlow Probe 748 IX10 User Guide 740 ...

Страница 741: ...e the chart to drill down to view more granular information and menu options allow you to change various aspects of the information being displayed Note When intelliFlow is enabled and the device is connected to Digi aView it adds an estimated 50MB of data usage for the device by reporting the metrics to aView intelliflow does not currently work with Digi Remote Manager Enable intelliFlow Required...

Страница 742: ... by IntelliFlow should be present on the specified zone 6 Click Apply to save the configuration and apply the change Command line 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin ...

Страница 743: ...elies on an internal to external relationship where the internal clients are present on the zone specified Format any dynamic_routes edge external internal ipsec loopback setup Default value internal Current value internal config b Set the zone to be used by IntelliFlow config monitoring intelliflow zone my_zone 5 Save the configuration and apply the change config save Configuration saved 6 Type e...

Страница 744: ...into the IX10 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow The System Utilisation chart is displayed n Display more granular information 1 Click and drag over an area in the chart to zoom into that area and provide more granular information 2 Release to display the selected portion of the char...

Страница 745: ... Select the time period to be displayed n Save or print the chart 1 Click the menu icon 2 To save the chart to your local filesystem select Export to PNG 3 To print the chart select Print chart Use intelliFlow to display top data usage information With intelliFlow you can display top data usage information based on the following n Top data usage by host n Top data usage by server n Top data usage ...

Страница 746: ... the Top Data Usage by Server chart click Top Data Usage by Server n To display the Top Data Usage by Service chart click Top Data Usage by Service 5 Change the type of chart that is used to display the data a Click the menu icon b Select the type of chart 6 Change the number of top users displayed You can display the top five top ten or top twenty data users ...

Страница 747: ... Use intelliFlow to display data usage by host over time To generate a chart displaying a host s data usage over time Web 1 Log into the IX10 WebUI as a user with Admin access 2 If you have not already done so enable intelliFlow See Enable intelliFlow 3 From the menu click Status intelliFlow 4 Click Host Data Usage Over Time n Display more granular information a Click and drag over an area in the ...

Страница 748: ...d configuration items n Enable NetFlow n The IP address of a NetFlow collector Additional configuration items n The NetFlow version n Enable flow sampling and select the flow sampling technique n The number of flows from which the flow sampler can sample n The number of seconds that a flow is inactive before it is exported to the NetFlow collectors n The number of seconds that a flow is active bef...

Страница 749: ...the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed 3 Click Monitoring NetFlow probe 4 Enable NetFlow probe ...

Страница 750: ... and 16383 The default is 100 8 For Inactive timeout type the the number of seconds that a flow can be inactive before sent to a collector Allowed value is any number between 1 and 15 The default is 15 9 For Active timeout type the number of seconds that a flow can be active before sent to a collector Allowed value is any number between 1 and 1800 The default is 1800 10 For Maximum flows type the ...

Страница 751: ...istic Selects every nth flow where n is the value of the flow sample population n random Randomly selects one out of every n flows where n is the value of the flow sample population n hash Randomly selects one out of every n flows using the hash of the flow key where n is the value of the flow sample population 5 If you are using a flow sampler set the number of flows for the sampler config monito...

Страница 752: ...ess ip_address config monitoring netflow collector 0 c Optional Set the port used by the collector config monitoring netflow collector 0 port port config monitoring netflow collector 0 d Optional Set a label for the collector config monitoring netflow collector 0 label This is a collector config monitoring netflow collector 0 Repeat to add additional collectors 10 Save the configuration and apply ...

Страница 753: ...he IX10 local file system 754 Display directory contents 754 Create a directory 755 Display file contents 756 Copy a file or directory 756 Move or rename a file or directory 757 Delete a file or directory 758 Upload and download files 759 IX10 User Guide 753 ...

Страница 754: ... across reboots but are deleted if a factory reset of the system is performed See Erase device configuration and reset to factory defaults for more information Display directory contents To display directory contents by using the WebUI or the Admin CLI Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the menu click System Under Administration click File System The File System page ap...

Страница 755: ...mand specifying the name of the directory For example 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mkdir path dir_name For example to create...

Страница 756: ...ser admin password 2a 05 W1sls1oxsadf n4J0XT Rgr6ewr1yerHtXQdbafsatGswKg0YUm schema version 461 3 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Copy a file or directory This procedure is not available through the WebUI To copy a file or directory by using the Admin CLI use the cp com...

Страница 757: ...me a file named test py in etc config scripts to final py 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt type mv etc config scripts test py etc con...

Страница 758: ...o be deleted and click to open the directory 4 Highlight the file to be deleted and click 5 Click OK to confirm Command line To delete a file named test py in etc config scripts 1 Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Acces...

Страница 759: ... exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Upload and download files You can download and upload files by using the WebUI or from the command line by using the scp Secure Copy command or by using a utility such as SSH File Transfer Protocol SFTP or an SFTP application like FileZilla Upload an...

Страница 760: ...o the IX10 device To copy a file from a remote host to the IX10 device use the scp command as follows scp host hostname or ip user username remote remote path local local path to local where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the path and filename of the file on the remote host that will be copied...

Страница 761: ... the IP address of 192 168 4 1 1 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 05 31 9 03 04 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 05 31 ...

Страница 762: ...ost This example downloads a file named test py from the IX10 device at the IP address of 192 168 2 1 with a username of ahmed to the local directory on the remote host sftp ahmed 192 168 2 1 Password Connected to 192 168 2 1 sftp get test py Fetching test py to test py test py 100 254 0 3KB s 00 00 sftp exit ...

Страница 763: ...rt report 764 View system and event logs 766 Configure syslog servers 771 Configure options for the event and system logs 774 Analyze network traffic 779 Use the ping command to troubleshoot network connections 797 Use the traceroute command to diagnose IP routing problems 797 IX10 User Guide 763 ...

Страница 764: ... 1110 Mbps Tx latency 31 45 ms Rx download average 44 7588 Mbps Rx latency 30 05 ms 3 To output the result in json format use the output parameter speedtest host output json tx_avg 51 8510 tx_avg_units Mbps tx_latency 31 07 tx_latency_units ms rx_avg 39 5770 rx_avg_units Mbps rx_latency 34 19 rx_latency_units ms 4 To change the size of the speedtest packet use the size parameter speedtest host siz...

Страница 765: ...ed with an Access selection menu Type admin to access the Admin CLI 2 Use the system support report command to generate the report system support report var log Saving support report to var log support report 0040D0133536 22 05 31 9 03 04 bin Support report saved 3 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log suppo...

Страница 766: ... about configuring the information displayed in event and system logs View System Logs Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the main menu click System Logs The system log displays 3 Limit the display in the system log by using the Find search tool 4 Use filters to configure the types of information displayed in the system logs ...

Страница 767: ...lld 621 reloading status 3 Optional Use the show log number num command to limit the number of lines that are displayed For example to limit the log to the most recent ten lines show log number 10 Timestamp Message Nov 26 21 54 34 IX10 netifd Interface interface_wan is setting up now Nov 26 21 54 35 IX10 firewalld 621 reloading status 4 Optional Use the show log filter value command to limit the n...

Страница 768: ...ype quit to disconnect from the device View Event Logs Web 1 Log into the IX10 WebUI as a user with Admin access 2 On the main menu click System Logs 3 Click System Logs to collapse the system logs viewer or scroll down to Events 4 Click Events to expand the event viewer 5 Limit the display in the event log by using the Find search tool 6 Click to download the event log Command line ...

Страница 769: ...s 3 Optional Use the show event number num command to limit the number of lines that are displayed For example to limit the event list to the most recent ten lines show event number 10 Timestamp Type Category Message Nov 26 21 42 37 status stat intf eth1 type ethernet rx 11332435 tx 5038762 Nov 26 21 42 35 status system local_time Thu 08 Aug 2019 21 42 35 0000 uptime 3 hours 0 minutes 48 seconds 4...

Страница 770: ...s View system and event logs IX10 User Guide 770 5 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device ...

Страница 771: ...or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate your device as described in Use Digi Remote Manager to view and manage your device b Click the Device ID c Click Settings d Click to expand Config Web UI a On the menu click System Under Configuration click Device Configuration The Configuration window is displayed ...

Страница 772: ... error informational and status event categories by clicking to toggle off the category e For Syslog egress port type the port number to use for the syslog server The default is 514 f For Protocol select the IP protocol to use for communication with the syslog server Available options are TCP and UPD The default is UPD 5 Click Apply to save the configuration and apply the change Command line 1 Sel...

Страница 773: ...tically enabled when the server is enabled n To disable informational event messages config system log remote 0 info false config system log remote 0 n To disable status event messages config system log remote 0 status false config system log remote 0 n To disable informational event messages config system log remote 0 error false config system log remote 0 4 Set the port number to use for the sys...

Страница 774: ... of time to wait before sending a heartbeat event if no other events have been sent is set to 30 minutes n All event categories are enabled To change or disable the heartbeat interval or to disable event categories and to perform other log configuration Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote M...

Страница 775: ... disabled a Click to expand Event Categories b Click an event category to expand c Depending on the event category you can enable or disable informational events status events and error events Some categories also allow you to set the Status interval which is the time interval between periodic status events 6 Optional See Configure syslog servers for information about configuring remote syslog ser...

Страница 776: ...e is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set the heartbeat interval to ten minutes enter either 10m or 600s config system log heartbeat_interval 600s config To disable the heartbeat interval set the value to 0s 4 Enable preserve system logs functionality to save the current session s system log after a reboot By default the IX10 de...

Страница 777: ... categories also allow you to set the status interval which is the time interval between periodic status events For example to configure DHCP server logging i Use the question mark to determine what events are available for DHCP server logging configuration config system log event dhcpserver DHCP server Settings for DHCP server events Informational events are generated when a lease is obtained or ...

Страница 778: ...et the status interval to ten minutes enter either 10m or 600s config system log event dhcpserver status_interval 600s config 6 Optional See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device config...

Страница 779: ... more detailed analysis you can download the captured data traffic from the device and view it using a third party application Note Data traffic is captured to RAM and the captured data is lost when the device reboots unless you save the data to a file See Save captured data traffic to a file This section contains the following topics Configure packet capture for the network analyzer 780 Example f...

Страница 780: ...s or time that will trigger the analyzer to run using this capture configuration l The amount of time that the analyzer session will run l The frequency with which captured events will be saved To configure a packet capture configuration Web 1 Log into Digi Remote Manager or log into the local Web UI as a user with full Admin access rights 2 Access the device configuration Remote Manager a Locate ...

Страница 781: ...ew capture filter configuration is displayed 5 Optional Add a filter type a Click to expand Filter You can select from preconfigured filters to determine which types of packets to capture or ignore or you can create your own Berkeley packet filter expression b To create a filter that either captures or ignores packets from a particular IP address or network ...

Страница 782: ...tion is disabled which means that the filter will capture packets that use this protocol v Click to add additional IP protocols filters d To create a filter that either captures or ignores packets from a particular port i Click to expand Filter TCP UDP port ii Click to add a TCP UDP port iii For IP TCP UDP port to capture or ignore type the number of the port to be captured or ingored iv For TCP o...

Страница 783: ...setting instance c For Device select an interface d Repeat to add additional interfaces to the capture filter 7 Optional For Berkeley packet filter expression type a filter using Berkeley Packet Filter BPF syntax See Example filters for capturing data traffic for examples of filters using BPF syntax 8 Optional Schedule the analyzer to run using this capture filter based on a specified event or at ...

Страница 784: ...ull Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the command line type config to enter configuration mode config config 3 Add a new capture filter config add network analyzer name config network analyzer name 4 Add an interface to the capture filter config network analyzer name add device end d...

Страница 785: ...hen the IP address network is either the source or the destination iv Optional Set the filter should ignore packets from this IP address network config network analyzer name filter address 0 ignore true config network analyzer name filter address 0 By default is option is set to false which means that the filter will capture packets from this IP address network v Repeat these steps to add addition...

Страница 786: ...kets from this protocol vi Repeat these steps to add additional protocol filters c To create a filter that either captures or ignores packets from a particular port i Add a new port filter config network analyzer name add filter port end config network analyzer name filter port 0 ii Set the transport protocol that should be filtered for the port config network analyzer name filter port 0 protocol ...

Страница 787: ... example 00 aa 11 bb 22 cc iii Set whether the filter should apply to packets when the MAC address is the source the destination or both config network analyzer name filter mac_address 0 match value config network analyzer name filter mac_address 0 where value is one of n source The filter will apply to packets when the MAC address is the source n destination The filter will apply to packets when ...

Страница 788: ...yntax 6 Optional Schedule the analyzer to run using this capture filter based on a specified event or at a particular time a Enable scheduling for this capture filter config network analyzer name schedule enable true config network analyzer name b Set the mode that will be used to run the capture filter config network analyzer name when mode config network analyzer name where mode is one of the fo...

Страница 789: ...me save_interval value config network analyzer name where value is any number of weeks days hours minutes or seconds and takes the format number w d h m s For example to set save_interval to ten minutes enter either 10m or 600s config network analyzer name save_interval 600s config network analyzer name 7 Save the configuration and apply the change config save Configuration saved 8 Type exit to ex...

Страница 790: ...o and from IP host 10 0 0 1 but filter out ports 22 and 80 ip host 10 0 0 1 and not port 22 or port 80 Example Ethernet capture filters n Capture Ethernet packets to and from a host with a MAC address of 00 40 D0 13 35 36 ether host 00 40 D0 13 35 36 n Capture Ethernet packets from host 00 40 D0 13 35 36 ether src 00 40 D0 13 35 36 n Capture Ethernet packets to host 00 40 D0 13 35 36 ether dst 00 ...

Страница 791: ...art name capture_filter where capture_filter is the name of a packet capture configuration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the analyzer start name name Name of the capture filter to use Format test_capture capture_ping analyzer start name You can capture up to 10 MB of data traffic in two 5 MB files...

Страница 792: ...t show the following information for each packet n The packet number n The timestamp for when the packet was captured n The length of the packet and the amount of data captured n Whether the packet was sent or received by the device n The interface on which the packet was sent or received n A hexadecimal dump of the packet of up to 256 bytes n Decoded information of the packet To show captured dat...

Страница 793: ...5670 0x3d36 Flags Do not fragment Fragment Offset 0 0x0000 TTL 128 0x80 Protocol TCP 6 Checksum 0x14bc Source IP Address 10 10 74 130 Dest IP Address 10 10 74 72 TCP Header Source Port 52654 Destination Port 22 Sequence Number 2756443999 Ack Number 3995064355 Data Offset 5 Flags ACK Window 2050 Checksum 0xc740 Urgent Pointer 0 TCP Data 00 00 00 00 00 00 where capture_filter is the name of a packet...

Страница 794: ...e n filename is the name of the file that the captured data will be saved to Determine filenames already in use Use the tab autocomplete feature to determine filenames that are currently in use analyzer save name tab test1_analyzer_capture test2_analyzer_capture analyzer save name n capture_filter is the name of a packet capture configuration See Configure packet capture for the network analyzer f...

Страница 795: ...n menu Type admin to access the Admin CLI 2 Type scp to use the Secure Copy program to copy the file to your PC scp host hostname or ip user username remote remote path local local path to remote where n hostname or ip is the hostname or ip address of the remote host n username is the name of the user on the remote host n remote path is the location on the remote host where the file will be copied...

Страница 796: ...ou may be presented with an Access selection menu Type admin to access the Admin CLI 2 Type the following at the Admin CLI prompt analyzer clear name capture_filter where capture_filter is the name of a packet capture configuration See Configure packet capture for the network analyzer for more information To determine available packet capture configurations use the anaylzer clear name name Name of...

Страница 797: ...Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Stop ping commands To stop pings when the number of pings to send the count parameter has been set to a high value enter Ctrl C Use the traceroute command to diagnose IP routing problems Use the traceroute command to diagnose IP routing problems This command t...

Страница 798: ...Select the device in Remote Manager and click Actions Open Console or log into the IX10 local command line as a user with full Admin access rights Depending on your device configuration you may be presented with an Access selection menu Type admin to access the Admin CLI 2 At the Admin CLI prompt use the traceroute command to view IP routing information traceroute 8 8 8 8 traceroute to 8 8 8 8 8 8...

Страница 799: ...to correct the interference by one or more of the following measures n Reorient or relocate the receiving antenna n Increase the separation between the equipment and the receiver n Connect the equipment into an outlet that is on a circuit different from the receiver n Consult the dealer or an experienced radio TV technician for help Labeling Requirements FCC 15 19 IX10 complies with Part 15 of FCC...

Страница 800: ...ration of Conformity DoC IX10 User Guide 800 Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market Refer to the radio regulatory agency in the desired countries of operation for more information ...

Страница 801: ...00 MHz Cellular LTE 2100 MHz 200 mW Cellular LTE 2600 MHz Cellular LTE 2300 MHz Cellular LTE 2500 MHz 158 49 mW Innovation Science and Economic Development Canada IC certifications This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le present appareil n...

Страница 802: ...Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Use only the accessories attachments and power supplies provided by the manufacturer connecting non approved antennas or power supplies may damage the router cause interference or create an electric shock hazard and will void the warranty n Do not attempt...

Страница 803: ... of cellular services to the offender legal action or both As with any electrical equipment do not operate the router in the presence of flammable gases fumes or potentially explosive atmospheres Do not use radio devices anywhere that blasting operations occur Wireless routers receive and transmit radio frequency energy when power is on Interference can occur when using the router close to TV sets...

Страница 804: ...български Croatian Hrvatski French Français Greek Ε λληνικά Hungarian Magyar Italian Italiano Latvian Latvietis Lithuanian Lietuvis Polish Polskie Portuguese Português Slovak Slovák Slovenian Esloveno Spanish Español IX10 User Guide 804 ...

Страница 805: ...ble parts Never open the equipment For safety reasons the equipment should be opened only by qualified personnel The unit must be powered off where blasting is in progress where explosive atmospheres are present or near medical or life support equipment Do not power on the unit in any aircraft Operation of this equipment in a residential environment could cause radio interference For ambient tempe...

Страница 806: ... потребителя Н икога не отваряйте оборудването О т съображения за безопасност оборудването трябва да се отваря само от квалиф ициран персонал У редът трябва да се изключи там където се извърш ва взривяване където има експлозивна атмосф ера или в близост до медицинско оборудване или оборудване за поддържане на живота Н е включвайте устройството в самолет Р аботата с това оборудване в жилищ на среда...

Страница 807: ...servisirati Nikada ne otvarajte opremu Iz sigurnosnih razloga opremu bi trebalo otvarati samo kvalificirano osoblje Uređaj se mora isključiti tamo gdje je u tijeku miniranje gdje su prisutne eksplozivne atmosfere ili u blizini medicinske opreme ili opreme za održavanje života Nemojte uključivati jedinicu ni u jednom zrakoplovu Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje...

Страница 808: ...r Ne jamais ouvrir l équipement Pour des raisons de sécurité l équipement ne doit être ouvert que par du personnel qualifié L unité doit être éteinte là où le dynamitage est en cours où des atmosphères explosives sont présentes ou à proximité d équipements médicaux ou de survie N allumez pas l appareil dans un avion L utilisation de cet équipement dans un environnement résidentiel peut provoquer d...

Страница 809: ...οίγετ ε ποτ έ τ ον εξ οπλισμό Γ ια λόγους ασφαλείας ο εξ οπλισμός πρέπει να ανοίγει μόνο από εξ ειδικευμένο προσωπικό Η μονάδα πρέπει να είναι απενεργοποιημένη ότ αν βρίσκετ αι σε εξ έλιξ η η έκρηξ η όπου υπάρχουν εκρηκτ ικές ατ μόσφαιρες ή κοντ ά σε ιατ ρικό εξ οπλισμό ή εξ οπλισμό υποστ ήριξ ης τ ης ζ ωής Μην ενεργοποιείτ ε τ η μονάδα σε κανένα αεροσκάφος Η λειτ ουργία αυτ ού τ ου εξ οπλισμού σε...

Страница 810: ... személyzet nyithatja meg Az egységet ki kell kapcsolni ha robbantás folyik ahol robbanásveszélyes környezet van vagy orvosi vagy életmentő berendezések közelében Semmilyen repülőgépen ne kapcsolja be az egységet A berendezés lakókörnyezetben történő működtetése rádiózavarokat okozhat 60 C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni A...

Страница 811: ...ire mai l apparecchiatura Per motivi di sicurezza l apparecchiatura deve essere aperta solo da personale qualificato L unità deve essere spenta dove sono in corso esplosioni dove sono presenti atmosfere esplosive o vicino ad apparecchiature mediche o di supporto vitale Non accendere l unità in nessun aereo Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare inte...

Страница 812: ...etotāja apkalpojamas daļas Nekad neatveriet aprīkojumu Drošības apsvērumu dēļ aprīkojumu drīkst atvērt tikai kvalificēts personāls Iekārtai jābūt izslēgtai ja notiek spridzināšana sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā Nevienā lidmašīnā neieslēdziet ierīci Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus Ja apkārtējā temperatūra pārsniedz 60...

Страница 813: ...tojui prižiūrimų dalių Niekada neatidarykite įrangos Saugumo sumetimais įrangą turėtų atidaryti tik kvalifikuotas personalas Įrenginys turi būti išjungtas ten kur vyksta sprogdinimas sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos Neįjunkite įrenginio jokiuose orlaiviuose Naudojant šią įrangą gyvenamojoje aplinkoje gali kilti radijo trukdžių Esant aukštesnei nei 60 C aplinkos temp...

Страница 814: ...ie otwieraj urządzenia Ze względów bezpieczeństwa urządzenie powinno być otwierane wyłącznie przez wykwalifikowany personel Urządzenie musi być wyłączone w miejscach w których trwają prace wybuchowe w atmosferze wybuchowej lub w pobliżu sprzętu medycznego lub podtrzymującego życie Nie włączaj urządzenia w żadnym samolocie Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiow...

Страница 815: ...er feita pelo usuário Nunca abra o equipamento Por razões de segurança o equipamento deve ser aberto apenas por pessoal qualificado A unidade deve ser desligada onde houver detonações em andamento onde houver presença de atmosferas explosivas ou próximo a equipamentos médicos ou de suporte à vida Não ligue a unidade em nenhuma aeronave A operação deste equipamento em um ambiente residencial pode c...

Страница 816: ...ateľom Nikdy neotvárajte zariadenie Z bezpečnostných dôvodov by malo zariadenie otvárať iba kvalifikovaný personál Jednotka musí byť vypnutá tam kde prebiehajú trhacie práce kde je prítomné výbušné prostredie alebo v blízkosti lekárskych prístrojov alebo zariadení na podporu života Jednotku nezapínajte v žiadnom lietadle Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové ruše...

Страница 817: ...ih lahko uporabljal uporabnik Nikoli ne odpirajte opreme Iz varnostnih razlogov naj opremo odpira samo usposobljeno osebje Enoto je treba izklopiti tam kjer poteka razstreljevanje kjer so prisotne eksplozivne atmosfere ali v bližini medicinske opreme ali opreme za vzdrževanje življenja Enote ne vklopite v nobenem letalu Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje Pri ...

Страница 818: ...bierto únicamente por personal calificado La unidad debe estar apagada donde se estén realizando explosiones cuando haya atmósferas explosivas o cerca de equipos médicos o de soporte vital No encienda la unidad en ningún avión El funcionamiento de este equipo en un entorno residencial puede provocar interferencias de radio Para temperaturas ambiente superiores a 60 C este equipo debe instalarse ún...

Страница 819: ...N 300 328 v1 8 1 n EN 301 893 v1 7 2 n EN 301 489 n FCC Part 15 Subpart B Class B Safety compliance standards EN 62368 E UTRA CA E UTRA FDD E UTRA TDD UMTS FDD PTCRB Cellular carriers See the current list of carriers on the IX10 datasheet available on the Digi IX10 Specifications page Electrical safety compliance The IX10 model 50002009 01 shall be powered using a DC power source Approved in its c...

Страница 820: ... the web interface 822 Display help for commands and parameters 824 Auto complete commands and parameters 826 Available commands 827 Use the scp command 828 Display status and statistics using the show command 829 Device configuration using the command line interface 830 Execute configuration commands at the root Admin CLI prompt 831 Configuration mode 833 Command line reference 845 IX10 User Guid...

Страница 821: ...WebUI Configure the web administration service n SSH Configure SSH access n Telnet Configure telnet access Log in to the command line interface Command line 1 Connect to the IX10 device by using a serial connection SSH or telnet or the Terminal in the WebUI or the Console in the Digi Remote Manager See Access the command line interface for more information n For serial connections the default conf...

Страница 822: ...rface Command line 1 At the command prompt type exit exit 2 Depending on the device configuration you may be presented with another menu for example Access selection menu a Admin CLI s Shell q Quit Select access or quit admin Type q or quit to exit Execute a command from the web interface 1 Log into the IX10 WebUI as a user with Admin access 2 At the main menu click Terminal The device console app...

Страница 823: ...Command line interface Execute a command from the web interface IX10 User Guide 823 The Admin CLI prompt appears ...

Страница 824: ... start of line Ctrl E Move cursor to end of line Ctrl W Delete word under cursor until start of line or Ctrl R If the current input is invalid then characters will be deleted until a prefix for a valid command is found Ctrl left Jump cursor left until start of line or Ctrl right Jump cursor right until start of line or The question mark command When executed from the root command prompt displays a...

Страница 825: ...ture Show manufacturer information modbus gateway Show modbus gateway status statistics modem Show modem statistics network Show network interface statistics ntp Show NTP information openvpn Show OpenVPN statistics route Show IP routing information scripts Show scheduled scripts serial Show serial statistics surelink Show Surelink statistics system Show system statistics version Show firmware vers...

Страница 826: ...ailable commands are displayed instead Auto complete applies to these command elements only n Command names For example typing net Tab auto completes the command as network n Parameter names For example l ping hostname int Tab auto completes the parameter as interface l system b Tab auto completes the parameter as backup n Parameter values where the value is one of an enumeration or an on off type...

Страница 827: ... for information about the help command ls Lists the contents of a directory mkdir Creates a directory modem Executes modem commands more Displays the contents of a file mv Moves a file or directory ping Pings a remote host using Internet Control Message Protocol ICMP Echo Request messages reboot Reboots the IX10 device rm Removes a file scp Uses the secure copy protocol SCP to transfer files betw...

Страница 828: ... being copied to a remote host from the IX10 device o The path and filename of the file on the IX10 device that will be copied to the remote host o The location on the remote host where the file will be copied Copy a file from a remote host to the IX10 device To copy a file from a remote host to the IX10 device use the scp command as follows scp host hostname or ip user username remote remote path...

Страница 829: ...rt report 0040D0133536 22 05 31 9 03 04 bin Support report saved 2 Use the scp command to transfer the report to a remote host scp host 192 168 4 1 user admin remote home admin temp local var log support report 00 40 D0 13 35 36 22 05 31 9 03 04 bin to remote admin 192 168 4 1 s password adminpwd support report 0040D0133536 22 05 31 9 03 04 bin Display status and statistics using the show command ...

Страница 830: ...ersion 19 7 23 0 15f936e0ed Current Time Wed 31 May 2022 9 03 04 0000 CPU 1 4 Uptime 6 days 6 hours 21 minutes 57 seconds 541317s Temperature 40C show network The show network command displays status and statistics for network interfaces show network Interface Proto Status Address defaultip IPv4 up 192 168 210 1 24 defaultlinklocal IPv4 up 169 254 100 100 16 lan IPv4 up 192 168 2 1 lan IPv6 up 0 0...

Страница 831: ...able false The IX10 device s ssh service is now disabled Note When the config command is executed at the root prompt certain configuration actions that are available in configuration mode cannot be performed This includes validating configuration changes canceling and reverting configuration changes and performing actions on elements in lists See Configuration mode for information about using conf...

Страница 832: ...mote_control Remote control snmp SNMP ssh SSH telnet Telnet web_admin Web administration config service 3 Next display help for the config service ssh command config service ssh SSH An SSH server for managing the device Parameters Current Value enable true Enable key private Private key port 22 Port Additional Configuration acl Access control list mdns config service ssh 4 Lastly display the allow...

Страница 833: ... configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode n Enter the full command string from the config prompt For example to disable the ssh service by entering the full command string at the config prompt config service ssh enable false config n Execute commands by moving through the configuration schema For example to disable ...

Страница 834: ...fig cancel After using cancel to discard unsaved changes to the configuration you will automatically exit configuration mode Configuration actions In configuration mode configuration actions are available to perform tasks related to saving or canceling the configuration changes and to manage items and elements in lists The commands can be listed by entering a question mark at the config prompt The...

Страница 835: ...ple 1 Enter at the config prompt config This will display the following help information config Additional Configuration application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System vpn VPN config 2 You can then display help for the additional configuration commands For example to displa...

Страница 836: ...display help for the service ssh command use one of the following methods n At the config prompt enter service ssh config service ssh n At the config prompt a Enter service to move to the service node config service config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter to display help for the ssh node config service ssh Either of these methods will displa...

Страница 837: ...config service b Enter ssh to move to the ssh node config service ssh config service ssh c Enter enable to display help for the enable parameter config service ssh enable config service ssh Either of these methods will display the following information config service ssh enable Enable Enable the service Format true false yes no 1 0 Default value true Current value true config service ssh enable Mo...

Страница 838: ...uration by entering two periods config service ssh acl zone config service ssh acl You can also move back multiples nodes in the configuration by typing multiple sets of two periods config service ssh acl zone config service n Move to the root of the config prompt from anywhere within the configuration by entering three periods config service ssh acl zone config Manage elements in lists While in c...

Страница 839: ... keyword is used to add an element to the end of a list Additionally the end keyword is used to add an element to a list that does not have any elements For example to add an authentication group to a user that has just been created 1 Use the show command to verify that the user is not currently a member of any groups config show auth user new user group config 2 Use the end keyword to add the adm...

Страница 840: ...ements in a list For example to reorder the authentication methods 1 Use the show command to display current authentication method configuration config show auth method 0 local 1 tacacs 2 radius config 2 To configure the device to use TACACS authentication first to authenticate a user use the move index_number_1 index_number_2 command config move auth method 1 0 config 3 Use the show command again...

Страница 841: ...min password pwd config 3 Save the configuration and apply the change config save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Revert a subset of configuration changes to the default settings There are two methods to revert a subset of configuration changes to ...

Страница 842: ...e auth node config auth config auth 2 Enter the revert command with the path set to method config auth revert method config auth 3 Save the configuration and apply the change config auth save Configuration saved 4 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type quit to disconnect from the device Enter strings in configu...

Страница 843: ...od one Create a user at the root of the config prompt config add auth user user1 config auth user user1 n Method two Create a user by moving through the configuration a At the config prompt enter auth to move to the auth node config auth config auth b Enter user to move to the user node config auth user config auth user c Create a new user with the username user1 config auth user add user1 config ...

Страница 844: ... serial enable true ports 0 port1 shell enable false config auth user user1 6 Add the user to the admin group config auth user user1 add group end admin config auth user user1 7 Save the configuration and apply the change config auth user user1 save Configuration saved 8 Type exit to exit the Admin CLI Depending on your device configuration you may be presented with an Access selection menu Type q...

Страница 845: ... modem firmware ota list 852 modem firmware ota update 852 modem firmware update 852 modem pin change 853 modem pin disable 853 modem pin enable 853 modem pin status 854 modem pin unlock 854 modem puk status 854 modem puk unlock 854 modem reset 855 modem scan 855 modem sim slot 855 monitoring 855 monitoring metrics upload 856 more 856 mv 856 ping 856 reboot 858 rm 859 scp 860 show analyzer 860 sho...

Страница 846: ...68 ssh 868 system backup 868 system disable cryptography 869 system duplicate firmware 869 system factory erase 869 system find me 870 system firmware ota check 870 system firmware ota list 870 system firmware ota update 870 system firmware update 870 system power ignition off_delay 871 system restore 871 system script start 871 system script stop 871 system serial clear 871 system serial save 872...

Страница 847: ...l be used as the root directory for the path and file analyzer start Start a capture session of packets on this devices interfaces Syntax analyzer start name Parameters name Name of the capture filter to use analyzer stop Stops the traffic capture session Syntax analyzer stop name Parameters name Name of the capture filter to use clear dhcp lease ip address Clear the DHCP lease for the specified I...

Страница 848: ...ilepath for container image to be created container delete Delete a LXC container This will remove the LXC container configuration and the container image Syntax container delete container Parameters container Filepath for container image to be deleted This process also removes any associated configuration cp Copy a file or directory Syntax cp source destination force Parameters source The source ...

Страница 849: ...Command line interface Command line reference IX10 User Guide 849 Parameters None ...

Страница 850: ... Command line reference IX10 User Guide 850 ls List a directory Syntax ls path show hidden Parameters path List files and directories under this path show hidden Show hidden files and directories Hidden filenames begin with ...

Страница 851: ...LI command on modem at interactive Start an AT command session on the modem s AT serial port Syntax modem at interactive name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware check Inspect opt MODEM_MODEL Custom_Firmware directory for new modem firmware file Syntax modem firmw...

Страница 852: ...ersions Syntax modem firmware ota list name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem firmware ota update Perform FOTA firmware over the air update The modem will be updated to the latest modem firmware image unless a specific firmware version is specified Syntax modem firmware ...

Страница 853: ...ured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem pin disable Disable the PIN lock on the SIM card that is active in the modem Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin disable pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute ...

Страница 854: ...h a PIN code Set the PIN field in the modem interface s configuration to unlock the SIM card automatically before use Warning Attempting to use an incorrect PIN code may PUK lock the SIM Syntax modem pin unlock pin name STRING imei STRING Parameters pin The SIM s PIN code name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on ...

Страница 855: ...xecute this CLI command on imei The IMEI of the modem to execute this CLI command on modem scan List of carriers present in the network Syntax modem scan name STRING imei STRING Parameters name The configured name of the modem to execute this CLI command on imei The IMEI of the modem to execute this CLI command on modem sim slot Show or change the modem s active SIM slot This applies only to modem...

Страница 856: ...rent device health metrics Functions as if a scheduled upload was triggered Syntax monitoring metrics upload Parameters None more View a file Syntax more path Parameters path The file to view mv Move a file or directory Syntax mv source destination force Parameters source The source file or directory to move destination The destination path to move the source file or directory to force Do not ask ...

Страница 857: ... reachable over a default route If not specified the system s primary default route will be used source The ping command will send a packet with the source address set to the IP address of this interface rather than the address of the interface the packet is sent from ipv6 If a hostname is defined as the value of the host parameter use the hosts IPV6 address size The number of bytes sent in the IC...

Страница 858: ...Command line interface Command line reference IX10 User Guide 858 reboot Reboot the system Parameters None ...

Страница 859: ...Command line interface Command line reference IX10 User Guide 859 rm Remove a file or directory Syntax rm path force Parameters path The path to remove force Force the file to be removed without asking ...

Страница 860: ... host or from the remote host to the local device port The SSH port to use to connect to the remote host Minimum 1 Maximum 65535 Default 22 show analyzer Show packets from a specified analyzer capture Syntax show analyzer name Parameters name Name of the capture filter to use show arp Show ARP tables If no IP version is specified IPv4 IPV6 will be displayed Syntax show arp ipv4 ipv6 verbose Parame...

Страница 861: ... session although individual output lines maybe context sensitive and unable to be entered in isolation show containers Show container status statistics Syntax show containers container STRING Parameters container Display more details and config data for a specific container show dhcp lease Show DHCP leases Syntax show dhcp lease all verbose Parameters all Show all leases active and inactive not i...

Страница 862: ...s of a specific client to limit the status display to only this client show ipsec Show IPsec status statistics Syntax show ipsec tunnel STRING all verbose Parameters tunnel Display more details and config data for a specific IPsec tunnel all Display all tunnels including disabled tunnels verbose Display status of one or all tunnels in plain text show l2tp lac Show L2TP access concentrator status s...

Страница 863: ...mation show log Show system log low level Syntax show log number INTEGER filter critical warning debug info Parameters number Number of lines to retrieve from log Minimum 1 Default 20 filter Filters for type of log message displayed critical warning info debug Note filters from the number of messages retrieved not the whole log this can be very time consuming If you require more messages of the fi...

Страница 864: ... modem to execute this CLI command on verbose Display more information less concise more detail show nemo Show NEMO status and statistics Syntax show nemo name STRING Parameters name Display more details and configuration data for a specific NEMO instance show network Show network interface status statistics Syntax show network interface STRING all verbose Parameters interface Display more details...

Страница 865: ...lients show openvpn server Show OpenVPN server status statistics Syntax show openvpn server name STRING all Parameters name Display more details and config data for a specific OpenVPN server all Display all servers including disabled servers show route Show IP routing information Syntax show route ipv4 ipv6 verbose Parameters ipv4 Display IPv4 routes ipv6 Display IPv6 routes verbose Display more i...

Страница 866: ...G Parameters port Display more details and config data for a specific serial port show surelink interface Show SureLink status statistics for network interfaces Syntax show surelink interface name STRING all Parameters name The name of a specific network interface all Show all network interfaces show surelink ipsec Show SureLink status statistics for IPsec tunnels Syntax show surelink ipsec tunnel...

Страница 867: ...all Show all OpenVPN clients show system Show system status statistics Syntax show system verbose Parameters verbose Display more information disk usage etc show usb Show USB information Syntax show usb Parameters None show version Show firmware version Syntax show version verbose Parameters verbose Display more information build date show vrrp Show VRRP status statistics Syntax show vrrp name STR...

Страница 868: ...speed test host server size The number of kilobytes sent in the speed test packets Minimum 0 Default 1000 mode The type of speed test protocol to run Default nuttcp output The format of output to display the speed test results as Default text ssh Use SSH protocol to log into a remote server Syntax ssh host user port INTEGER command STRING Parameters host The hostname or IP address of the remote ho...

Страница 869: ...ackup file system disable cryptography Erase the device s configuration and reboot into a limited mode with no cryptography available The device s shell will be accessible over Telnet port 23 at IP address 192 168 210 1 To return the device to normal operation perform the configuration erase procedure with the device s ERASE button twice consecutively Syntax system disable cryptography Parameters ...

Страница 870: ...k Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA firmware over the air update The device will be updated to the latest firmware version unless the version argument is used to specify the firmware version Syntax system firmware ota update version ST...

Страница 871: ...ackup archive or CLI commands file Syntax system restore path passphrase STRING Parameters path The path to the backup file passphrase Decrypt the archive with a passphrase system script start Run a manual script Scripts that are disabled not a manual script or already running can not be run Syntax system script start script Parameters script Script to start system script stop Stop an active runni...

Страница 872: ...traffic to If a relative path is provided etc config serial will be used as the root directory for the path and file system serial show Displays the serial log on the screen Syntax system serial show port Parameters port Serial port system serial start Start logging data on a serial port Syntax system serial start port size INTEGER Parameters port Serial port size Maximum size of serial log Defaul...

Страница 873: ...et in the system time timezone config setting Syntax system time set datetime Parameters datetime The date in year month day hour minute second format e g 2021 09 26 12 24 48 system time sync Perform a NTP query to the configured server s and set the local time to the first server that responds Syntax system time sync Parameters None system time test Test the configured NTP server s for connectivi...

Страница 874: ...Minimum 1 Default 30 port Specifies the destination port base traceroute will use the destination port number will be incremented by each probe A value of 1 specifies that no specific port will be used Minimum 1 Default 1 nqueries Sets the number of probe packets per hop A value of 1 indicated Minimum 1 Default 3 src_addr Chooses an alternative source address Note that you must select the address ...

Результаты поиска

Содержание IX10

Отзывы:

Похожие инструкции для IX10

Бренды по названию

Популярные бренды

Digi IX10, Руководство пользователя

Результаты поиска

Содержание IX10

Отзывы:

Похожие инструкции для IX10

Бренды по названию

Популярные бренды