1. Manuals
  2. Brands
  3. Digi Manuals
  4. Extender
  5. 6300-CX
  6. User manual

Digi 6300-CX User Manual

Hide thumbs Also See for 6300-CX:
1
2
3
Table Of Contents
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
Table of Contents

Advertisement

Quick Links

Download this manual
6300-CX
User Guide
User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 6300-CX and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi 6300-CX

Summary of Contents for Digi 6300-CX

  • Page 1 6300-CX User Guide User Guide...

  • Page 2: Revision History-90002316

    Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
  • Page 3 Include the document title and part number (6300-CX User Guide, 90002316 B) in the subject line of your email. 6300-CX User Guide...

  • Page 4: Table Of Contents

    Contents Revision history—90002316 What's new in Digi 6300-CX version 20.2 Digi 6300-CX Quick start Quick start using the Digi Remote Manager mobile app Step 1: What's in the box Step 2: Connect Step 3: Power up Step 4: Configure Digi 6300-CX hardware reference...
  • Page 5 Show VRRP status and statistics Virtual Private Networks (VPN) IPsec IPsec data protection IPsec modes Internet Key Exchange (IKE) settings Authentication Configure an IPsec tunnel Configure IPsec failover Configure SureLink active recovery for IPsec Show IPsec status and statistics 6300-CX User Guide...
  • Page 6 Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager User authentication 6300-CX user authentication 6300-CX User Guide...
  • Page 7 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your 6300-CX device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
  • Page 8 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 9 Display command line help in configuration mode Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer help 6300-CX User Guide...
  • Page 10 Antenna notes and solutions Antenna terminology Physical specifications Antennas tested by Digi Extra-small IoT paddle antennas Large external MIMO antenna (outdoor rated) Flat MIMO antenna #1 Flat MIMO antenna #2 Paddle extender 6300-CX User Guide...

  • Page 11: What's New In Digi 6300-Cx Version 20.2

    What's new in Digi 6300-CX version 20.2 Release of Digi 6300-CX firmware version 20.02. 6300-CX User Guide...

  • Page 12: Digi 6300-Cx Quick Start

    Quick start using the Digi Remote Manager mobile app After connecting your hardware and powering up, you can use the Digi Remote Manager mobile app to quickly install your 6300-CX into your Digi Remote Manager account. Here's how: If you already have a Digi Remote Manager account: 1.

  • Page 13: Step 1: What's In The Box

    Digi 6300-CX Quick start Step 1: What's in the box Step 1: What's in the box Item Description 6300-CX unit Cellular antennas (2) Power supply Temporary battery pack Ethernet cables: 1 x 18 inch 1 x 156 inch 6300-CX User Guide...
  • Page 14 Digi 6300-CX Quick start Step 1: What's in the box Item Description Passive power-over- Ethernet injector Mounting bracket Ceiling rail clips, narrow (2) Ceiling rail clips, wide (2) Screws (2) Drywall anchors (2) Zipties (2) Adhesive strips (2) 6300-CX User Guide...

  • Page 15: Step 2: Connect

    Once power has been connect, the device will initialize and attempt to connect to the cellular network. Device initialization may take 30-60 seconds. By default your 6300-CX will attempt to use DHCP to establish an internet connection through its cellular modem.

  • Page 16: Step 4: Configure

    CAUTION! If the Network Status LED is flashing red or yellow, do not remove power. Step 4: Configure a. On the PC connected to the 6300-CX, open a browser and go to http://192.168.210.1. b. Log into the 6300-CX: User name: Use the default user name: admin.

  • Page 17: Digi 6300-Cx Hardware Reference

    Digi 6300-CX hardware reference Hardware features 1. SIM slot 2. WAN Port 3. RESET Button The RESET button is used to perform a device reset, and it has three modes: a. Configuration reset: Pressing the RESET button one time will reset the device configurations to the factory default.

  • Page 18: Device Status Leds

    Once power has been established, your device will initialize and attempt to connect to the network. Device initialization may take 30-60 seconds. By default your 6300-CX will attempt to use DHCP to establish an Internet connection either through its cellular modem or the ethernet port .

  • Page 19: Signal Quality Bars Explained

    For 3G networks (including HSPA+) and 2G networks, the signal strength bars are determined by the RSSI value. 4G LTE algorithms For 4G LTE, the 6300-CX device determines the RSRP, SNR, and RSSI values separately and uses the following algorithms to display the signal quality: RSRP > -85, rsrp_bars=5 -95 <...
  • Page 20 RSSI <= -106, if we're connected to the cellular network, bars=1, if not bars=0 bars is then reported as the signal strength bars. 2G algorithm For 2G, the 6300-CX determines RSSI signal strength: RSSI > -80, bars=5 -89 < RSSI <= -80, bars=4 -98 <...

  • Page 21: Hardware Setup

    Hardware setup This chapter contains the following topics: Site survey Physical installation Install SIM cards Mount the 6300-CX device 6300-CX User Guide...

  • Page 22: Site Survey

    Verify your SIM has been activated with your cellular operator. If you do not get a cellular signal when the 6300-CX is located indoors, then take the device outdoors to verify that your cellular network operator has coverage in your location.

  • Page 23: Physical Installation

    Install SIM cards To install SIM cards: 1. If the 6300-CX device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 24: Mount The 6300-Cx Device

    2. Attach the 6300-CX device to the mounting bracket by aligning the tabs on bracket with the tab slots on the device.

  • Page 25: Configuration And Management

    Configuration and management This chapter contains the following topics: Review 6300-CX default settings Reset default password for the default admin user Enable router mode Configuration methods Using Digi Remote Manager Access Digi Remote Manager Configure the device to use aView for central management...

  • Page 26: Review 6300-Cx Default Settings

    Configure the device to use aView for central management. You can review the default settings for your 6300-CX device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. See Using the web interface details.

  • Page 27: Reset Default Password For The Default Admin User

       WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 28    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 29: Enable Router Mode

    Type quit to disconnect from the device. Enable router mode By default, the 6300-CX device is configured to operate in passthrough mode, which means that the device passes the IP address assigned to it via DHCP on its WAN interface, to a client connected to its LAN interface.
  • Page 30    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 31: Configuration Methods

    With the Remote Manager, you can configure your 6300-CX device and use the configuration as a basis for a profile which can be applied to other similar devices. See...

  • Page 32: Using Digi Remote Manager

    By default, your 6300-CX device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your 6300-CX device, see...
  • Page 33 If the syslog server is not enabled and set to syslog.accns.com, the device will be able to connect to aView and receive configuration updates, but unless the aView configuration updates set the syslog server, the device will not be able to send any metrics or logs to aView. 6300-CX User Guide...
  • Page 34    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 35 (config)> system log remote 0 info false (config)> ii. Disable status messages from being sent to aView: (config)> system log remote 0 status false (config)> iii. Disable error messages from being sent to aView: (config)> system log remote 0 error false (config)> 6300-CX User Guide...

  • Page 36: Using The Web Interface

    Using the web interface To connect to the 6300-CX local WebUI: 1. Use an Ethernet cable to connect the 6300-CX's WAN port to a laptop or PC. 2. Open a browser and go to 192.168.2.1. 3. Log into the device using a configured user name and password.

  • Page 37: Log Out Of The Web Interface

    Displays the status of the network interfaces configured on the device. Interfaces Modems Provides information about the signal strength and technology of the cellular modem (s). Log out of the web interface On the main menu, click your user name. Click Log out. 6300-CX User Guide...

  • Page 38: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the 6300-CX device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 39: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the 6300-CX command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...

  • Page 40: Interfaces

    Interfaces 6300-CX devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs) Local Area Networks (LANs)

  • Page 41: Wireless Wide Area Networks (Wwans)

    Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the 6300-CX device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 42   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 43 For Attempts, type the number of probe attempts before the WAN is considered to have failed. d. For Response timeout, type the amount of time that the device should wait for a response to a probe attempt before considering it to have failed. 6300-CX User Guide...
  • Page 44 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 45 (config network interface my_wwan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: 6300-CX User Guide...
  • Page 46 Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config network interface my_wwan ipv4 surelink)> timeout value (config network interface my_wwan ipv4 surelink> The default is 15 seconds. 6300-CX User Guide...

  • Page 47: Configure The Device To Reboot When A Failure Is Detected

    Wireless Wide Area Networks (WWANs) 8. (Optional) Repeat this procedure for IPv6. Configure the device to reboot when a failure is detected Using SureLink, you can configure the 6300-CX device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 48   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 49 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. 6300-CX User Guide...
  • Page 50 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 51 (config network interface my_wwan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: 6300-CX User Guide...

  • Page 52: Disable Surelink

    DNS resolution, follow this procedure to disable the default SureLink connectivity tests. You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 6300-CX User Guide...
  • Page 53    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 54    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 55 9. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...

  • Page 56: Using Cellular Modems In A Wireless Wan (Wwan)

    Wireless Wide Area Networks (WWANs)    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 57 Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the 6300-CX device cannot connect to the network using SIM1, it automatically fails over to SIM2. 6300-CX devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 58    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 59 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...
  • Page 60 The modem status window is displayed    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 61   Command line To unlock a SIM card: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 62 To run AT commands from the 6300-CX command line:    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 63 To accomplish this, we will create separate WWAN interfaces that use the same modem but use different APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 6300-CX User Guide...
  • Page 64 For Interface type, select Modem. d. For Zone, select External. e. For Device, select WWAN1 cellular modem . f. (Optional): Configure the public APN. If the public APN is not configured, the 6300-CX will attempt to determine the APN. 6300-CX User Guide...
  • Page 65 For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from a device with the IP address of 192.168.2.101 through the private APN: 6300-CX User Guide...
  • Page 66    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 67 Set the modem device: (config network interface WWANPublic)> modem device wwan1 (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the 6300-CX will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
  • Page 68 Set the type to interface: (config network route policy 1)> dst type interface (config network route policy 1)> ii. Set the interface to WWANPrivate : (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> 6300-CX User Guide...

  • Page 69: Configure A Wireless Wide Area Network (Wwan)

    The IPv6 management priority of the WAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. The IPv6 Maximum Transmission Unit (MTU) of the WAN. 6300-CX User Guide...
  • Page 70    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 71 The default setting is When primary default route. f. SIM failover is enabled by default, which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect. If 6300-CX User Guide...
  • Page 72 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the 6300-CX device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 73 Set theSIM matching criteria to determine when this WWAN should be used: (config network interface my_wwan)> modem match value (config network interface my_wwan)> Where value is one of: carrier Set the cellular carrier must be in active for this WWAN to be used: 6300-CX User Guide...
  • Page 74 (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> sim_slot Set which SIM slot must be in active for this WWAN to be used: (config network interface my_wwan)> modem sim_slot value (config network interface my_wwan)> 6300-CX User Guide...
  • Page 75 Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: (config network interface my_wwan)> modem sim_failover_retries num (config network interface my_wwan)> The default setting is 5. 6300-CX User Guide...
  • Page 76 The device will reboot if automatic SIM switching is unavailable. 7. The 6300-CX device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.

  • Page 77: Show Wwan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 78 : 10 IPv6 DNS Server(s) : fd00:244::1, fe80::234:f3f4:fe0e:4320 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 79: Delete A Wwan

       Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 80 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 81: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The 6300-CX device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for LAN1, and you can create new LANs. This section contains the following topics:...

  • Page 82: About Local Area Networks (Lans)

    The IPv6 management priority of the LAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. The IPv6 Maximum Transmission Unit (MTU) of the LAN. 6300-CX User Guide...
  • Page 83 To create a new LAN or edit an existing LAN:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 84 13. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 85 Local Area Networks (LANs)    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 86 (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): (config network interface my_lan)> ipv6 ? 6300-CX User Guide...

  • Page 87: Show Lan Status And Statistics

    > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show LAN status and statistics    WebUI 6300-CX User Guide...
  • Page 88 3. Under Networking, click Interfaces.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 89: Delete A Lan

    LAN, LAN1.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 90 Interfaces Local Area Networks (LANs) the page to locate it. 6300-CX User Guide...

  • Page 91: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your 6300-CX device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 92    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 93    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 94 Determine how the DHCP server should broadcast the gateway server: (config)> network interface my_lan ipv4 dhcp_server advanced gateway value (config)> where value is one of: none: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. 6300-CX User Guide...
  • Page 95 Interfaces Local Area Networks (LANs) auto: Broadcasts the 6300-CX device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)> The default is auto.
  • Page 96 MAC address of the device. Additional configuration items A label for this instance of the static lease. To map static IP addresses:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 6300-CX User Guide...
  • Page 97    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 98 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:    WebUI 6300-CX User Guide...
  • Page 99 3. Under Networking, click DHCP Leases.    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 100    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 101 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your 6300-CX device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 102 The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. 6300-CX User Guide...
  • Page 103 0)> force true (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. 6300-CX User Guide...
  • Page 104 LAN. For the 6300-CX device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 105    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 106 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the 6300-CX device and to diagnose DHCP issues. 6300-CX User Guide...

  • Page 107: Create A Virtual Lan (Vlan) Route

    3. Under Networking, click DHCP Leases.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 108 To create a VLAN:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 109 Local Area Networks (LANs)    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 110: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) 6300-CX User Guide...

  • Page 111: Ip Routing

    IP routing IP routing The 6300-CX device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 112: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 113 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the 6300-CX device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 114 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the 6300-CX device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>interface ?

  • Page 115: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 116    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 117: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the 6300-CX device so that high- priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 118: Configure A Routing Policy

    To configure a routing policy:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 119 New route policies are enabled by default. To disable, click to toggle Enable to off. 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the 6300-CX device that will be used with this route policy.
  • Page 120    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 121 Routing IP routing 5. Set the interface on the 6300-CX device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>interface ? Interface: The network interface used to reach the destination. Packets that satisfy the matching criteria will be routed through this interface.
  • Page 122 Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup 6300-CX User Guide...
  • Page 123 Matches the source IPv6 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> src address6 value (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. 6300-CX User Guide...
  • Page 124 Matches the destination IP address to the selected interface's network address. Set the interface: a. Use the ? to determine available interfaces: (config network route policy 0)>dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback 6300-CX User Guide...
  • Page 125 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 126: Routing Services

    Routing IP routing Routing services Your 6300-CX includes support for dynamic routing services and protocols. The following routing services are supported: Service or protocol Information RFC2453 The IPv4 Routing Information Protocol (RIP) service supports RIPv2 ( RFC1058 and RIPv1 (...
  • Page 127 IP routing    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Routing services.
  • Page 128 IP routing    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 129: Show The Routing Table

    To display the routing table:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...

  • Page 130: Dynamic Dns

    WAN or public IP address changes. Your 6300-CX device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 131 The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. 6300-CX User Guide...
  • Page 132 Dynamic DNS    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
  • Page 133    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 134 Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br dnsdynamic.org Default value: custom Current value: custom (config network ddns new_ddns_instance)> service 6300-CX User Guide...
  • Page 135 For example, to set force_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> force_interval 600s (config network ddns new_ddns_instance)> The default is 3d. 6300-CX User Guide...

  • Page 136: Virtual Router Redundancy Protocol (Vrrp)

    Multiple 6300-CX devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 137    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
  • Page 138    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 139 IP address of the VRRP pool, then the priority of this device should be set to 255 . Allowed values are from 1 and 255, and it is configured to 100 by default. 6300-CX User Guide...

  • Page 140: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a 6300-CX device. VRRP status is available from the Web UI only. ...
  • Page 141 Routing Virtual Router Redundancy Protocol (VRRP) 3. Click Status > VRRP. The Virtual Router Redundancy Protocol window is displayed. 6300-CX User Guide...

  • Page 142: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) 6300-CX User Guide...

  • Page 143: Ipsec

    Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. 6300-CX User Guide...

  • Page 144: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the 6300-CX device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 145 The lifetime of the IPsec tunnel before it is renegotiated. The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. 6300-CX User Guide...
  • Page 146 Virtual Private Networks (VPN) IPsec    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 147 Transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. 12. Select the Protocol, either: ESP (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. AH (Authentication Header): Provides authentication and integrity only. 6300-CX User Guide...
  • Page 148 Type the Username and Password that the device will use to authenticate as an XAUTH client with the peer. 16. (Optional) Click Enable MODECFG client to receive configuration information, such as the private IP address, from the remote peer. 6300-CX User Guide...
  • Page 149 IPv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ ADDR IKE identity. For IPv4 ID value, type an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. 6300-CX User Guide...
  • Page 150 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . 6300-CX User Guide...
  • Page 151 For Hash, select the type of hash to use to verify communication integrity. iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key exchange. v. You can add additional Phase 1 proposals by clicking  next to Add Phase 1 Proposal. 6300-CX User Guide...
  • Page 152 24. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 153 IPsec    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 154 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. 6300-CX User Guide...
  • Page 155 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> 6300-CX User Guide...
  • Page 156 MODECFG client functionality configures the device to receive configuration information, such as the private IP address, from the remote peer. a. Enable MODECFG client functionality: (config vpn ipsec tunnel ipsec_example)> modecfg_client enable true (config vpn ipsec tunnel ipsec_example)> 6300-CX User Guide...
  • Page 157 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> local id rfc822_id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. 6300-CX User Guide...
  • Page 158 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id ipv6_id id (config vpn ipsec tunnel ipsec_example)> 6300-CX User Guide...
  • Page 159 (config vpn ipsec tunnel ipsec_example)> e. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: (config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value (config vpn ipsec tunnel ipsec_example)> 6300-CX User Guide...
  • Page 160 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. 6300-CX User Guide...
  • Page 161 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. 6300-CX User Guide...
  • Page 162 (config)> c. Set the number of seconds between transmissions of dead peer packets. Dead peer packets are only sent when the tunnel is idle. The default is 60. (config)> vpn ipsec tunnel ipsec_example dpd delay value (config)> 6300-CX User Guide...
  • Page 163 Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)>local address Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: defaultip defaultlinklocal loopback modem 6300-CX User Guide...
  • Page 164 IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. d. Set the IP address and optional netmask of the remote network. The keyword any can also be used. 6300-CX User Guide...
  • Page 165 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 166: Configure Ipsec Failover

    IPsec Configure IPsec failover You can configure the 6300-CX device to fail over from a primary IPsec tunnel to a backup tunnel. During configuration of the backup IPsec tunnel, identify the primary IPsec tunnel in the Preferred tunnel parameter. The Preferred tunnel parameter instructs the backup IPsec tunnel to start only when the preferred tunnel has been determined to have failed.

  • Page 167: Configure Surelink Active Recovery For Ipsec

    Type quit to disconnect from the device. Configure SureLink active recovery for IPsec You can configure the 6300-CX device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 168 To configure the 6300-CX device to regularly probe the IPsec connection:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 169 IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size. DNS test or DNS test (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. 6300-CX User Guide...
  • Page 170    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 171 (config vpn ipsec tunnel ipsec_example)> connection_monitor attempts num (config vpn ipsec tunnel ipsec_example)> The default is 3. 10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: 6300-CX User Guide...
  • Page 172 (IPv4) or dns6 (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_server ip_address (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> 6300-CX User Guide...
  • Page 173 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 connection_monitor target 0)> interface_timeout 600s 6300-CX User Guide...

  • Page 174: Show Ipsec Status And Statistics

       Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 175 : ipsec Mode : tunnel Type : esp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 176: Openvpn

    OpenVPN client’s LAN interface are on the same IP subnet as devices. With TAP mode, the 6300-CX device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration).

  • Page 177: Configure An Openvpn Server

    The range of IP addresses that the OpenVPN server will provide to clients. The TCP/UDP port to use. By default, the 6300-CX device uses port 1194. Access control list configuration to restrict access to the OpenVPN server through the firewall.
  • Page 178 OpenVPN    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 179 If not enabled, certificates must be created externally and added to the server. 12. If Server managed certificates is not enabled: a. Select the Authentication type: Certificate only: Uses only certificates for client authentication. Each client requires a public and private key. 6300-CX User Guide...
  • Page 180 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces. b. For Add Interface, click .
  • Page 181    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 182 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. 6300-CX User Guide...
  • Page 183 Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> 6300-CX User Guide...
  • Page 184 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 185 (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 12. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> 6300-CX User Guide...
  • Page 186 13. Save the configuration and apply the change: (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 187: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Add an OpenVPN authentication group: a.
  • Page 188 Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. 6300-CX User Guide...
  • Page 189 5. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 190 OpenVPN    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 191: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 192    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 193 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > 6300-CX User Guide...

  • Page 194: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 195 13. Paste the contents of the CA certificate (usually in a ca.crt file), the Public key (for example, client.crt), and the Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN 6300-CX User Guide...
  • Page 196    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 197 (config vpn openvpn client name)> The default is 1194. 11. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn client name)> cacert value (config vpn openvpn client name)> 6300-CX User Guide...

  • Page 198: Configure Active Recovery For Openvpn

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure active recovery for OpenVPN You can configure the 6300-CX device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 199 To configure the 6300-CX device to regularly probe the OpenVPN connection:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 200 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 6300-CX User Guide...
  • Page 201 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. 6300-CX User Guide...
  • Page 202    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 203 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1)> connection_monitor interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 6300-CX User Guide...
  • Page 204 (IPv4) or http6 (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. Specify the url. Allowed value uses the format http[s]://hostname/[path]. (config vpn openvpn client openvpn_client1 connection_monitor target 0)> http_url url (config vpn openvpn client openvpn_client1 connection_monitor target 0)> 6300-CX User Guide...
  • Page 205 (config openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 206: Show Openvpn Server Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 207: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 208: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 209    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 210 Task Two: Configure the GRE tunnel    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 211    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 212 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 213: Show Gre Tunnels

       Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 214: Example: Gre Tunnel Over An Ipsec Tunnel

    Generic Routing Encapsulation (GRE) Example: GRE tunnel over an IPSec tunnel The 6300-CX device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 215 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on 6300-CX-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 216    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 217 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the 6300-CX-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 218 7. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 219 Task three: Create a GRE tunnel    WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). 6300-CX User Guide...
  • Page 220 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on 6300-CX-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 221 7. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 222 Task one: Create an IPsec tunnel    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 223 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the 6300-CX-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 224 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the 6300-CX-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 225 Task two: Create an IPsec endpoint interface    WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6300-CX User Guide...
  • Page 226 4. Set the device to /network/device/loopback: (config network interface ipsec_endpoint2)> device /network/device/loopback (config network interface ipsec_endpoint2)> 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6300-CX User Guide...
  • Page 227 (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on 6300-CX-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.
  • Page 228 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on 6300-CX-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 229 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> 5. Set 172.31.0.1/30 as the virtual IP address on the GRE tunnel: (config network interface gre_interface2)> ipv4 address 172.31.1.1/30 (config network interface gre_interface2)> 6300-CX User Guide...
  • Page 230 (config network interface gre_interface2)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 231: Services

    Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service 6300-CX User Guide...

  • Page 232: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the 6300-CX's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The 6300-CX device must have a publicly reachable IP address.
  • Page 233    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 234 Allow remote access for web administration and SSH    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 235 Services Allow remote access for web administration and SSH the page to locate it. 6300-CX User Guide...

  • Page 236: Configure The Web Administration Service

    Type quit to disconnect from the device. Configure the web administration service The web administration service allows you to monitor and configure the 6300-CX device by using the WebUI, a browser-based interface. By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the 6300-CX's LAN can access the WebUI.
  • Page 237    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 238 Configure the service    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
  • Page 239 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces.
  • Page 240    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 241 Services Configure the web administration service To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service web_admin acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 242 Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> 6300-CX User Guide...
  • Page 243 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 244: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 245    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 246 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces.
  • Page 247    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 248 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service ssh acl interface end value (config)>...
  • Page 249 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 250: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items If you want to access the 6300-CX device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
  • Page 251 These instructions assume an existing user named temp_user. 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 252 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 253: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 254    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 255 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces.
  • Page 256    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 257 Services Configure telnet access To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...

  • Page 258: Configure Dns

    Type quit to disconnect from the device. Configure DNS The 6300-CX device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 259 To configure the DNS server:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
  • Page 260 Services Configure DNS To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces.
  • Page 261 Services Configure DNS 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...
  • Page 262 5. (Optional) Query all servers By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: 6300-CX User Guide...
  • Page 263 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve a. Add a host: (config)> add service dns host end (config service dns host 0)> b. Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> 6300-CX User Guide...
  • Page 264 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 265: Simple Network Management Protocol (Snmp)

    By default, the 6300-CX device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a 6300-CX device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 266 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: a. Click Interfaces.
  • Page 267    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 268 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service snmp acl interface end value (config)>...
  • Page 269 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES (config)> 6300-CX User Guide...

  • Page 270: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the 6300-CX device.

  • Page 271: System Time

    Configure the system time for details about changing the default configuration. The 6300-CX device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 272    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 273 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your 6300-CX device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...

  • Page 274: Network Time Protocol

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The 6300-CX device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
  • Page 275 3. Click Services > NTP. 4. Enable the 6300-CX device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the 6300-CX device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 276 The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. 6300-CX User Guide...
  • Page 277 See Configure the system time more information about NTP client configuration. 5. (Optional) Configure the access control list to limit downstream access to the 6300-CX device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 278 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service ntp acl interface end value (config)>...
  • Page 279 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the 6300-CX device can use the NTP service. 6. (Optional) Set the timezone for the location of your 6300-CX device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 280: Configure A Multicast Route

    7. Type the Source port. Ensure the port is not used by another protocol. 8. Select a Source interface where multicast packets will arrive. 9. Select a Destination interface that the 6300-CX device will use to send mutlicast packets. 10. Click Apply to save the configuration and apply the change.
  • Page 281 Services Configure a multicast route 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 282 Services Configure a multicast route 8. Set the destination interface that the 6300-CX device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)> a. Use the ? to determine available interfaces: (config service multicast test)>interface ? Destination interface: Which interface to send the multicast packets.

  • Page 283: Enable Service Discovery (Mdns)

    You can enable the 6300-CX device to use mDNS.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 284    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 285 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service mdns acl interface end value (config)>...

  • Page 286: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your 6300-CX device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 287 Use the iPerf service Additional configuration Items The port that the 6300-CX device's iPerf server will use to listen for incoming connections. The access control list for the iPerf server. When the iPerf server is enabled, the 6300-CX device will automatically configure its firewall rules to allow incoming connections on the configured listening port.
  • Page 288 To enable the Iperf3 server:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > IPerf.
  • Page 289    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 290 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6300-CX device: (config)> add service iperf acl interface end value (config)>...

  • Page 291: Example Performance Test Using Iperf3

    Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the 6300-CX device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 292 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. 6300-CX User Guide...

  • Page 293: Applications

    Applications The 6300-CX supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 294: Configure Applications To Run Automatically

    Whether the script should run one time only. Task one: Upload the application    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 6300-CX User Guide...
  • Page 295 6300-CX device. local-path is the location on the 6300-CX device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the 6300-CX device, issue the following command: >...

  • Page 296: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Applications.
  • Page 297 If neither option is selected, only the script's exit code is written to the system log. 9. For Maximum memory, enter the maximum amount of memory available to be used by the script and its subprocesses, using the format number{b|bytes|KB|k|MB|MB|M|GB|G|TB|T}. 6300-CX User Guide...
  • Page 298    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 299 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). 6300-CX User Guide...

  • Page 300: Run A Python Application At The Shell Prompt

    Python applications cannot be run from the Admin CLI. You must access the device shell in order to run Python applications from the command line. See Authentication groups for information about configuring authentication groups that include shell access. 6300-CX User Guide...
  • Page 301 6300-CX device. local-path is the location on the 6300-CX device where the copied file will be placed. For example: 6300-CX User Guide...

  • Page 302: Start An Interactive Python Session

    You can also create Python applications by using the vi command when logged in with shell access. 2. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 303 Start an interactive Python session >>> help("digidevice") Help on package digidevice: NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().

  • Page 304: Digidevice Module

    Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager 6300-CX User Guide...

  • Page 305: Use Digidevice.cli To Execute Cli Commands

    1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 306: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Help for using Python to execute 6300-CX CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 307 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: 1. Log into the 6300-CX command line as a user with shell access.

  • Page 308: Use Digidevice.config For Device Configuration

    Read the device configuration Use the get() method to read the device configuration: 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 309 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 310: Use Python To Respond To Digi Remote Manager Sci Requests

    Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your 6300-CX device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 311 Applications Digidevice module Task one: Use the device_request module on your 6300-CX device to create a response 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 312 Remote Manager. 1. Create a Python application, called showsystem.py, that uses the digidevice.cli module to create a response containing information about device and the device_request module to respond with this information to a request from Remote Manager: 6300-CX User Guide...
  • Page 313    WebUI i. Log into the 6300-CX WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
  • Page 314    Command line i. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 315 > reboot To run the application from the shell prompt: i. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 316 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi 6300-CX Serial Number : 6300-CX-000068 Hostname : 6300-CX : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 20.2.162.60...
  • Page 317 : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi 6300-CX Serial Number : 6300-CX-000023 Hostname : 6300-CX : 0040D026791C Hardware Version : 50001959-01 A Firmware Version : 20.2.162.60...
  • Page 318 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the 6300-CX command line as a user with shell access.

  • Page 319: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 320 Get help for reading and modifying the device runtime database by accessing help for digidevice.runt: 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 321: Using Python To Upload The Device Name To Digi Remote Manager

    Using Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 322 Digidevice module Upload a custom name 1. Log into the 6300-CX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 323 Applications Digidevice module NAME digidevice.name - API for uploading name from the device 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). 6300-CX User Guide...

  • Page 324: User Authentication

    This chapter contains the following topics: 6300-CX user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) Disable shell access Set the idle timeout for 6300-CX users Example user configuration 6300-CX User Guide...

  • Page 325: 6300-Cx User Authentication

    User authentication 6300-CX user authentication 6300-CX user authentication User authentication on the 6300-CX has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 326 RADIUS: Users authenticated by using a remote RADIUS server for authentication. Remote Authentication Dial-In User Service (RADIUS) for information about configuring RADIUS authentication. TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. 6300-CX User Guide...

  • Page 327: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 328 This procedure describes how to add methods to various places in the list. 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 329: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 330    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 331: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second: 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 332    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 333: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the 6300-CX device by using the serial console. Preconfigured authentication groups The 6300-CX device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.
  • Page 334 User authentication Authentication groups Change the access rights for a predefined group Add an authentication group Delete an authentication group 6300-CX User Guide...

  • Page 335: Change The Access Rights For A Predefined Group

       WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
  • Page 336    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 337: Add An Authentication Group

    Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 6300-CX User Guide...
  • Page 338 For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the 6300-CX device by using the WebUI or the Admin CLI. 6300-CX User Guide...
  • Page 339    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 340 (config)> where value is either: full: provides users of this group with the ability to manage the 6300-CX device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 341: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the 6300-CX device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
  • Page 342    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 343 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 344: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each 6300-CX device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 345: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 346 6. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...

  • Page 347: Configure A Local User

    Local users    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 348 To configure a local user:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 349 To display the QR code for the secret key, click ... next to the field label and select Show secret key QR code. iii. Copy the secret key, or scan or copy the QR code, for use with an application or mobile device to generate passcodes. 6300-CX User Guide...
  • Page 350    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 351 (config auth user new_user)> del group n (config auth user new_user)> Where n is index number of the authentication method to be deleted. For example, to delete the serial group as displayed by the example show command, above: 6300-CX User Guide...
  • Page 352 (config auth user new_user 2fa)> disallow_reuse true (config auth user new_user 2fa)> f. For time-based verification only, configure the code refresh interval. This is the amount of time that a code will remain valid. 6300-CX User Guide...
  • Page 353 Change to the user's scratch code node: (config auth user new_user 2fa)> scratch_code (config auth user new_user 2fa scratch_code)> ii. Add a scratch code: (config auth user new_user 2fa scratch_code)> add end code (config auth user new_user 2fa scratch_code)> 6300-CX User Guide...

  • Page 354: Delete A Local User

    To delete a user from your 6300-CX:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 355 User authentication Local users the page to locate it. 6300-CX User Guide...
  • Page 356 Local users    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 357: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the 6300-CX device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 358: Tacacs+ User Configuration

    After setting up the TACACS+ server, you will need to configure one or more users on the server. When configured with TACACS+ support, the 6300-CX device uses the TACACS+ server for authentication (password verification) and authorization (assigning the access level of the user).

  • Page 359: Tacacs+ Server Failover And Fallback To Local Authentication

    Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your 6300-CX device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 360 = testing123 8. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the 6300-CX authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 361 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) the sample tac_plus.conf file is system, which is also the default setting in the 6300-CX configuration. 10. (Optional) Click  again to add additional TACACS+ servers. 11. Add TACACS+ to the authentication methods: a.
  • Page 362 (config auth tacacs+ server 0)> ... (config)> 8. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the 6300-CX authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_...
  • Page 363 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 364: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the 6300-CX device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 365: Radius User Configuration

    /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your 6300-CX device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.

  • Page 366: Configure Your 6300-Cx Device To Use A Radius Server

    Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the 6300-CX device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 367 Remote Authentication Dial-In User Service (RADIUS)    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > RADIUS > Servers.
  • Page 368 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the 6300-CX device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the 6300-CX device by using ssh, the default value is sshd.
  • Page 369 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the 6300-CX device by using the WebUI, the default value is for NAS ID is httpd.

  • Page 370: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 371    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 372: Set The Idle Timeout For 6300-Cx Users

    By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 373    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 374: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 375    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 376: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the 6300-CX device, user authentication will occur in the following order: 6300-CX User Guide...
  • Page 377 2. The user is authenticated by the TACACS+ server. If both the RADIUS and TACACS+ servers are unavailable, 3. The user is authenticated by the 6300-CX device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu.
  • Page 378 The authentication group on the 6300-CX device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the 6300-CX WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. 6300-CX User Guide...
  • Page 379 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. 6300-CX User Guide...
  • Page 380 Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the 6300-CX device, admin, is identified in the Unix- FTP-Group-Names parameter. 6300-CX User Guide...
  • Page 381 Save and close the tac_plus.conf file. 3. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 382 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 383: Firewall

    Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options 6300-CX User Guide...

  • Page 384: Firewall Configuration

    IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the 6300-CX to be forwarded to other servers by translating the destination address.
  • Page 385    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 386: Configure The Firewall Zone For A Network Interface

    Internal, to External.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 387    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 388: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 389 Firewall Firewall configuration the page to locate it. 6300-CX User Guide...

  • Page 390: Port Forwarding Rules

    Port forwarding rules    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 391 To configure a port forwarding rule:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
  • Page 392    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 393 (config firewall dnat 0)> ip_version ipv6 (config firewall dnat 0)> 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. (config firewall dnat 0)> port port (config firewall dnat 0)> 6300-CX User Guide...
  • Page 394 To specify the firewall zone for white listing: (config firewall dnat 0 acl)> add zone end zone Repeat for each appropriate zone. To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? 6300-CX User Guide...

  • Page 395: Delete A Port Forwarding Rule

    To delete a port forwarding rule:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 396    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 397 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 398: Packet Filtering

    By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the 6300-CX device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
  • Page 399 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change. 6300-CX User Guide...
  • Page 400    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 401 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> 6300-CX User Guide...

  • Page 402: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 403    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 404: Delete A Packet Filtering Rule

    To delete a packet filtering rule:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
  • Page 405    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 406: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
  • Page 407 Firewall Configure custom firewall rules The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...

  • Page 408: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the 6300-CX device on the binding's interface. By default, the 6300-CX device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 409    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 410 Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Create a new binding    WebUI 6300-CX User Guide...
  • Page 411 Firewall Configure Quality of Service options 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
  • Page 412 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. 6300-CX User Guide...
  • Page 413 10. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. 6300-CX User Guide...
  • Page 414 Firewall Configure Quality of Service options 6300-CX User Guide...
  • Page 415 Configure Quality of Service options    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 416 The fall-back policy will be used for traffic that is not matched by any other policy. If there is no default policy associated with this binding, packets that do not match any policy rules will be dropped. If the policy is not a fall-back policy, you must configure at least one rule: 6300-CX User Guide...
  • Page 417 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. 6300-CX User Guide...
  • Page 418 (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Only traffic from the MAC address typed in MAC address will be matched. Set the MAC address to be matched: 6300-CX User Guide...
  • Page 419 Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> 6300-CX User Guide...
  • Page 420 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 421: System Administration

    System administration This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your 6300-CX device Reset the device to factory defaults Configuration files Schedule system maintenance tasks 6300-CX User Guide...

  • Page 422: Review Device Status

    Show basic system information: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 423: Configure System Information

    Disk /var Usage : 1.132MB/262.144MB(0%) > Configure system information You can configure information related to your 6300-CX device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
  • Page 424    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 425: Update System Firmware

    For example, 6300-CX-20.2.162.60.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
  • Page 426 System administration Update system firmware 5. Browse to the system firmware file location and select the file. 6. Click Update Firmware. 6300-CX User Guide...
  • Page 427 Update system firmware    Command line 1. Download the 6300-CX operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 428: Update Cellular Module Firmware

    > reboot Rebooting system > 7. Once the device has rebooted, log into the 6300-CX's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 429: Reboot Your 6300-Cx Device

    Select the firmware. 7. Click Update. Reboot your 6300-CX device You can reboot the 6300-CX device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 430: Reboot Your Device Immediately

    Schedule reboots of your device    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 431    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 432: Reset The Device To Factory Defaults

       WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 6300-CX User Guide...
  • Page 433 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the 6300-CX by using the serial port or by using an Ethernet cable to connect the 6300-CX LAN1 port to your PC. b. Log into the 6300-CX: User name: Use the default user name: admin.
  • Page 434 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the 6300-CX by using the serial port or by using an Ethernet cable to connect the 6300-CX LAN1 port to your PC. b. Log into the 6300-CX: User name: Use the default user name: admin.
  • Page 435 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 436: Configuration Files

    Save configuration changes When you make changes to the 6300-CX configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 437: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your 6300-CX device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 438: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your 6300-CX device by using a backup from the device, or a backup from a similar device. ...
  • Page 439 6300-CX device. local-path is the location on the 6300-CX device where the copied file will be placed. 6300-CX User Guide...
  • Page 440 3. Enter the following: > system restore path [passphrase passphrase] where path is the location of configuration backup file on the 6300-CX's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.

  • Page 441: Schedule System Maintenance Tasks

    Custom scripts that should be run as part of the configuration check.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 442 Use with care. Scripts created here are also automatically entered in Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. Scheduled scripts are enabled by default. To disable, click Enable to toggle off. 6300-CX User Guide...
  • Page 443 If Once is enabled, rebooting the device will cause the script to not run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Uncheck Once. 10. Click Apply to save the configuration and apply the change. 6300-CX User Guide...
  • Page 444    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 445 The script will run once each time the device boots. If boot is selected, set the action that will be taken when the script completes: (config system schedule script 0)> exit_action action (config system schedule script 0)> where action is one of the following: 6300-CX User Guide...
  • Page 446 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). 6300-CX User Guide...
  • Page 447 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 448: Monitoring

    Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe 6300-CX User Guide...

  • Page 449: Intelliflow

    WebUI. To use intelliFlow, the 6300-CX must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 450    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 451 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 452: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 453: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 454 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. 6300-CX User Guide...

  • Page 455: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 456: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the 6300-CX device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 457 Configure NetFlow Probe    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 458    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 459 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. 6300-CX User Guide...
  • Page 460 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...
  • Page 461 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 462: Central Management With Digi Remote Manager

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your 6300-CX device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
  • Page 463 Central management with Digi Remote Manager Configure Digi Remote Manager 6300-CX User Guide...
  • Page 464 4. (Optional) For Management server, type the URL for the central management server. The default is the Digi Remote Manager server, my.devicecloud.com. 5. (Optional) For Retry interval, type the amount of time that the 6300-CX device should wait before reattempting to connect to the Digi Remote Manager server after being disconnected.
  • Page 465 (config)> cloud drm drm_url url (config)> 5. (Optional) Set the amount of time that the 6300-CX device should wait before reattempting to connect to the Digi Remote Manager server after being disconnected. The minimum value is ten seconds. The default is 30 seconds.

  • Page 466: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 467 Collect device health data and set the sample interval    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 468: Log Into Digi Remote Manager

    Log into Digi Remote Manager    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 469: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 470: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your 6300-CX device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...

  • Page 471: Use The Digi Remote Manager Mobile App

    The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.

  • Page 472: Configure Multiple Devices Using Profiles

    Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple 6300-CX routers. Typically, if you want to provision multiple 6300-CX routers: 1. Using the 6300-CX local WebUI, configure one 6300-CX router to use as the model configuration for all subsequent 6300-CXs you need to manage.
  • Page 473 File system This chapter contains the following topics: The 6300-CX local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 474: File System

    The 6300-CX local file system The 6300-CX local file system The 6300-CX local file system has approximately of space available for storing files, such as alternative configuration files and firmware versions, and release files, such as cellular module images. The...

  • Page 475: Create A Directory

    For example: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 476: Display File Contents

    For example:    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 477: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 478: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 479: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the 6300-CX WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 480: Upload And Download Files By Using The Secure Copy Command

    6300-CX device. local-path is the location on the 6300-CX device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the 6300-CX device, issue the following command: >...

  • Page 481: Upload And Download Files Using Sftp

    6300-CX device. For example: To copy a support report from the 6300-CX device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 482 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit 6300-CX User Guide...

  • Page 483: Diagnostics

    Generate a support report View system event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems 6300-CX User Guide...

  • Page 484: Generate A Support Report

    Attach the support report to any support requests.    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 485 Diagnostics Generate a support report 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 486: View System Event Logs

    View System Logs    WebUI 1. Log into the 6300-CX WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 487 Diagnostics View system event logs 5. Click  to download the system log. 6300-CX User Guide...
  • Page 488 View system event logs    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 489: View Event Logs

    6. Click  to download the event log.    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 490 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 491: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 492    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 493: Configure Options For The Event And System Logs

    To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6300-CX User Guide...
  • Page 494 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the 6300-CX device erases system logs each time the device is powered off or rebooted.
  • Page 495 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the 6300-CX device erases system logs each time the device is powered off or rebooted.
  • Page 496 (config)> system log event dhcpserver ? DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ 6300-CX User Guide...
  • Page 497 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 498: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The 6300-CX device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 499: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the 6300-CX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
  • Page 500 For example, to set Duration to ten minutes, enter 10m or 600s. d. For Save interval, type the frequency with which captured events will be saved. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. 6300-CX User Guide...
  • Page 501    Command line 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 502 (config network analyzer name)> save_interval value (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set save_interval to ten minutes, enter either 10m or 600s: 6300-CX User Guide...

  • Page 503: Example Filters For Capturing Data Traffic

    Capture traffic from UDP port 53: ip proto udp and src port 53 Capture to and from IP host 10.0.0.1 but filter out ports 22 and 80: ip host 10.0.0.1 and not (port 22 or port 80) 6300-CX User Guide...

  • Page 504: Capture Packets From The Command Line

    To start packet capture from the command line:    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 505: Stop Capturing Packets

    To stop packet capture from the command line:    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 506 To show captured data traffic:    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 507: Save Captured Data Traffic To A File

       Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...

  • Page 508: Download Captured Data To Your Pc

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 509: Clear Captured Data

       Command line 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...

  • Page 510: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 511 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the 6300-CX device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.

  • Page 512: Regulatory Guide

    AVOIDED UNLESS THE USER TAKES SPECIAL MEASURES TO REDUCE ELECTROMAGNETIC EMISSIONS TO PREVENT INTERFERENCE TO THE RECEPTION OF RADIO AND TELEVISION BROADCASTS. Supported Countries FOR A FULL LIST OF CERTIFIED COUNTRIES GO VISIT: www.digi.com/legal/terms End user license agreement To view the end user license agreement, visit: www.digi.com/legal/terms 6300-CX User Guide...
  • Page 513 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 6300-CX User Guide...

  • Page 514: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the 6300-CX device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 515: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. 6300-CX login: 3. Log into the 6300-CX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 516: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the 6300-CX command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...

  • Page 517: Display Help For Individual Commands

    Show syslog. manufacture Show manufacturer information. modem Show modem statistics. network Show network interface statistics. openvpn Show OpenVPN statistics. route Show IP routing information. serial Show serial statistics. system Show system statistics. version Show firmware version. > show 6300-CX User Guide...

  • Page 518: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. 6300-CX User Guide...

  • Page 519: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the 6300-CX device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the 6300-CX device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 520: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the 6300-CX device from a remote host, or to the remote host from the 6300-CX device.

  • Page 521: Display Status And Statistics Using The Show Command

    6300-CX device. For example: To copy a support report from the 6300-CX device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 522: Show System

    "445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi 6300-CX Serial Number : 6300-CX-000068 Hostname : T6300-CX : 00:40:D0:13:35:36 Hardware Version : 50001947-01 1P Firmware Version : 20.2.162.60...

  • Page 523: Execute Configuration Commands At The Root Admin Cli Prompt

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The 6300-CX device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 524 > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true 6300-CX User Guide...

  • Page 525: Configuration Mode

    2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> Move within the configuration schema for more information about moving within the configuration. 6300-CX User Guide...

  • Page 526: Save Changes And Exit Configuration Mode

    Reverts the configuration to default revert settings. See The revert command more information. show Displays configuration settings. Adds a named element, or an element in a list. See Manage elements in lists for information about using the add command with lists. 6300-CX User Guide...

  • Page 527: Display Command Line Help In Configuration Mode

    At the config prompt, enter service ?: (config)> service ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> 6300-CX User Guide...
  • Page 528 Enter ? to display help for the ssh node: (config service ssh)> ? Either of these methods will display the following information: (config)> service ssh ? SSH: An SSH server for managing the device. Parameters Current Value -------------------------------------------------------------------------- 6300-CX User Guide...

  • Page 529: Move Within The Configuration Schema

    (config)> service ssh enable Move within the configuration schema You can perform configuration tasks at the CLI by moving within the configuration. Move forward one node in the configuration by entering the name of an Additional Configuration option: 6300-CX User Guide...

  • Page 530: Manage Elements In Lists

    Add elements to a list When used with parameters that contains lists of elements, the add command is used to add an element to the list. For example, to add an authentication method: 6300-CX User Guide...
  • Page 531 (config)> show auth user new-user group 0 admin (config)> Delete elements from a list When used with parameters that contains lists of elements, the del command is used to delete an element in the list. For example, to delete an authentication method: 6300-CX User Guide...

  • Page 532: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the 6300-CX device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 533 2. Save the configuration and apply the change: (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 534: Enter Strings In Configuration Commands

    (config)> system description "Digi 6300-CX" Example: Create a new user by using the command line In this example, you will use the 6300-CX command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 535 Command line interface Configuration mode 1. Log into the 6300-CX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 536 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6300-CX User Guide...

  • Page 537: Command Line Reference

    Command line interface Command line reference Command line reference analyzer help mkdir modem more ping reboot show system traceroute update 6300-CX User Guide...

  • Page 538: Analyzer

    Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Ref: /network/analyzer Type: string analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Ref: /network/analyzer 6300-CX User Guide...
  • Page 539 Command line interface Command line reference Type: string 6300-CX User Guide...
  • Page 540 Do not ask to overwrite the destination file if it exists. Syntax: {True|False} Type: boolean source The source file or directory to copy. Type: string destination The destination path to copy the source file or directory to. Type: string 6300-CX User Guide...

  • Page 541: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None 6300-CX User Guide...
  • Page 542 Command line interface Command line reference ls [show-hidden] PATH List a directory. Parameters show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: {True|False} Type: boolean References List files and directories under this path. Type: string 6300-CX User Guide...

  • Page 543: Mkdir

    Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters References The directory path to create. Type: string 6300-CX User Guide...

  • Page 544: Modem

    The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. 6300-CX User Guide...
  • Page 545 Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. 6300-CX User Guide...
  • Page 546 SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters imei The IMEI of the modem to execute this CLI command on. Optional: True Type: string 6300-CX User Guide...
  • Page 547 Unlock the SIM with a PUK code from the SIM provider. Parameters imei The IMEI of the modem to execute this CLI command on. Optional: True Type: string name The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string 6300-CX User Guide...
  • Page 548 The IMEI of the modem to execute this CLI command on. Optional: True Type: string name The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string slot The SIM slot to change to. Syntax: (1|2|show) Type: string 6300-CX User Guide...

  • Page 549: More

    Command line interface Command line reference more more PATH View a file. Parameters References The file to view. Type: string 6300-CX User Guide...
  • Page 550 Do not ask to overwrite the destination file if it exists. Syntax: {True|False} Type: boolean source The source file or directory to move. Type: string destination The destination path to move the source file or directory to. Type: string 6300-CX User Guide...

  • Page 551: Ping

    The number of bytes sent in the ICMP ping request. Default: 56 Minimum: 0 Syntax: {Integer} Type: integer host The name or address of the remote host to send ICMP ping requests to. Syntax: {hostname|IPv4_address|IPv6_address} Type: string 6300-CX User Guide...

  • Page 552: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None 6300-CX User Guide...
  • Page 553 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters force Force the file to be removed without asking. Syntax: {True|False} Type: boolean References The path to remove. Type: string 6300-CX User Guide...

  • Page 554: Scp

    Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) Type: string user The username to use when connecting to the remote host. Type: string 6300-CX User Guide...

  • Page 555: Show

    Display IPv6 routes. If no IP version is specififed IPv4 IPV6 will be displayed Syntax: {True|False} Type: boolean verbose Display more information (less concise, more detail). Syntax: {True|False} Type: boolean show cloud Show drm status statistics. Parameters None show config Show changes made to default configuration. Parameters None 6300-CX User Guide...
  • Page 556 [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Optional: True Syntax: IPv4_address Type: string name The configured instance name of the hotspot. 6300-CX User Guide...
  • Page 557 (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Optional: True Syntax: (critical|warning|debug|info) Type: string number Number of lines to retrieve from log. Default: 20 Minimum: 1 Syntax: {Integer} Type: integer 6300-CX User Guide...
  • Page 558 [all|verbose] [interface STRING] Show network interface status and statistics. Parameters Display all interfaces including disabled interfaces. Syntax: {True|False} Type: boolean interface Display more details and config data for a specific network interface. Optional: True Ref: /network/interface Type: string 6300-CX User Guide...
  • Page 559 Show OpenVPN server status and statistics. Parameters Display all servers including disabled servers. Syntax: {True|False} Type: boolean name Display more details and config data for a specific OpenVPN server. Optional: True Ref: /vpn/openvpn/server Type: string show route [ipv4|ipv6|verbose] Show IP routing information. 6300-CX User Guide...
  • Page 560 Ref: /serial Type: string show system [verbose] Show system status and statistics. Parameters verbose Display more information (disk usage, etc) Syntax: {True|False} Type: boolean show usb Show USB information. Parameters None show version [verbose] Show firmware version. 6300-CX User Guide...
  • Page 561 Display details for Wi-Fi client mode connections. Parameters Display all Wi-Fi clients including disabled Wi-Fi client mode connections. Syntax: {True|False} Type: boolean name Display more details for a specific Wi-Fi client mode connection. Optional: True Ref: /network/wifi/client 6300-CX User Guide...
  • Page 562 Command line interface Command line reference Type: string 6300-CX User Guide...

  • Page 563: System

    Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Parameters system restore [passphrase STRING] PATH Restore the device's configuration from a backup archive or CLI commands file. 6300-CX User Guide...
  • Page 564 References The path to the backup file. Type: string system support-report PATH Save a support report to a file and include with support requests. Parameters References The file path to save the support report to. Type: string 6300-CX User Guide...

  • Page 565: Traceroute

    Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Optional: True Syntax: {IPv4_address|IPv6_address} Type: string icmp Use ICMP ECHO for probes. Syntax: {True|False} Type: boolean 6300-CX User Guide...
  • Page 566 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Default: -1 Minimum: -1 Syntax: {Integer} Type: integer pausemsecs Minimal time interval between probes Default: 0 Minimum: 0 Syntax: {Integer} Type: integer 6300-CX User Guide...
  • Page 567 Type: boolean waittime Determines how long to wait for a response to a probe. Default: 5 Minimum: 1 Syntax: {Integer} Type: integer host The host that we wish to trace the route packets for. Syntax: {hostname|IPv4_address|IPv6_address} Type: string 6300-CX User Guide...

  • Page 568: Update

    Networks must leverage MIMO antenna transmission to be technically considered 4G. Physical specifications Many Digi devices use industry-standard female SMA connectors to affix antennas to the internal cellular radio. External antennas improve clarity when compared to internal antennas, which are prone to electromagnetic interference.

  • Page 569: Antennas Tested By Digi

    30 feet of cabling. Certain Digi products are designed to provide the ability to place the unit where reception is best (moving the radio is always preferred). This allows the device to capture optimal Radio Frequency (RF) before converting it to IP packets and transmit data via Ethernet cabling, an approach that yields increased performance and cost savings over coax cabling.

  • Page 570: Large External Mimo Antenna (Outdoor Rated)

    This is a hardened antenna designed to be mounted outdoors. This is a MIMO antenna with two short pig tail connectors and the overall dimensions are 187 mm in height and 106 mm at the base. Digi typically provides this antenna with a kit including dual coax cables at 5M in length. If you are using this antenna with a Digi PoE (for example, the Digi 6300-CX) we typically recommend you mount the unit on the inside and run the 5M cables to the outside.

  • Page 571: Flat Mimo Antenna #2

    Antenna notes and solutions Antennas tested by Digi Manufacturer: Taoglas Antennas Solutions Product: Gemini LMA100 and the Product Datasheet MSRP: $99 with dual 5M cables Deployment notes This is an easy-to-use MIMO antenna. It offers a low-profile form factor that accommodates simple mounting.

Table of Contents