Digi IX14 User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Network Router
  5. IX14
  6. User manual

Digi IX14 User Manual

Hide thumbs Also See for IX14:
1
2
3
4
5
Table Of Contents
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
Table of Contents

Advertisement

Quick Links

Download this manual
IX14
User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IX14 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi IX14

Summary of Contents for Digi IX14

  • Page 1: Stop Bits

    IX14 User Guide...

  • Page 2: Revision History-90002291

    Revision history—90002291 Revision Date Description Initial release of Digi IX14 firmware version 19.1. January 2019 Digi IX14 firmware version 19.8 release. September 2019 IX14 User Guide...
  • Page 3 ID. DHCP hostname option to allow the device to advertise its hostname to the DHCP server upon connection. Receive encrypted SMS commands from Digi Remote Manager. Ability in OpenVPN to push routes in subnet mode.
  • Page 4 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
  • Page 5 Revision history—90002291 Include the document title and part number (IX14 User Guide, 90002291 C) in the subject line of your email. IX14 User Guide...

  • Page 6: Table Of Contents

    Step 4: Sign up for Digi Remote Manager Step 5: Access the IX14 local web interface Step 6: Configure cellular connection using the web interface Step 7: Add your IX14 to your Digi Remote Manager account Next steps IX14 User Guide...
  • Page 7 Change a local user's password Configure a local user Delete a local user Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your IX14 device to use a TACACS+ server IX14 User Guide...

  • Page 8: Data Bits

    Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your IX14 device to use a RADIUS server Disable shell access Set the idle timeout for IX14 users Example user configuration Example 1: Administrator user with local authentication...
  • Page 9 Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager Central management with Digi Remote Manager Digi Remote Manager support...
  • Page 10 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Routing IP routing Configure a static route Delete a static route Policy-based routing Configure a routing policy Routing services IX14 User Guide...
  • Page 11 Upload and download files by using the WebUI Upload and download files by using the Secure Copy command Upload and download files using SFTP Digi IX14 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
  • Page 12 Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer help mkdir modem more ping reboot show system traceroute update IX14 User Guide...

  • Page 13: What's New In Digi Ix14 Version 20.2

    What's new in Digi IX14 version 20.2 Digi IX14 firmware version 20.2 release. IX14 User Guide...

  • Page 14: Digi Ix14 Hardware Reference

    Digi IX14 hardware reference IX14 features and specifications IX14 is a compact LTE CAT1 machine-to-machine (M2M) router suitable for a broad range of applications in rugged industrial environments. Key features include: Industrial grade components (operating temperatures from -29° F to +165° F/-34° C to +74° C)

  • Page 15: Ix14 Power Supply Requirements

    Power Power on the IX14. WWAN1-1 Attach and position antennas. WWAN1-2 IX14 power supply requirements IX14 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 c IX14 User Guide...

  • Page 16: Digi Ix14 Serial Connector Pinout

    100 Mbps connection; Off for no connection Solid green Valid link detected; Flashing for Ethernet activity Digi IX14 serial connector pinout The IX14 is a DTE device. The pinout for the DB9 serial connector is as follows: DTE signal Signal name RS232 signal...

  • Page 17: Ix14 Accessory Kits

    Part numbers and accessories for details. IX14 antennas IX14 obtained complete certification by using the antenna described here. Use an antenna that matches these specifications to maintain the product certification. You can use antennas of the same type but operating with a lower gain.

  • Page 18: Ix14 Quick Start

    Quick start with Digi Remote Manager mobile app. Quick start with IX14 local WebUI If you do not have a smart phone or tablet, access the IX14 local WebUI to manually set up your IX14. Go to Quick start with IX14 local WebUI.

  • Page 19: Quick Start With Digi Remote Manager Mobile App

    The following steps guide you through IX14 setup using the Digi Remote Manager mobile app. Note If you do not have a smart phone or tablet, access the IX14 local WebUI to manually set up your IX14. Go to Quick start with IX14 local WebUI.

  • Page 20: Step 3: Connect Hardware

    Name), and SIM pin (if any) for each card. Laptop or personal computer Use an Ethernet cable to connect the IX14 WAN/ETH1 port to a laptop or PC to access the local web interface via a browser. Step 3: Connect hardware a.

  • Page 21: Step 4: Quick Setup Using The Digi Remote Manager Mobile App

    Quick start with Digi Remote Manager mobile app Step 4: Quick setup using the Digi Remote Manager mobile app Power LED is solid blue when the IX14 is ready. Step 4: Quick setup using the Digi Remote Manager mobile app Use the Digi Remote Manager mobile app to: Register your device in your Digi Remote Manager account using the QR code on the IX14 label.

  • Page 22: Quick Start With Ix14 Local Webui

    The following steps guide you through the IX14 setup using the IX14 local WebUI. Note If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to quickly set up your IX14. Go to Quick start with Digi Remote Manager mobile app.

  • Page 23: Step 3: Connect Hardware

    Quick start with IX14 local WebUI Step 3: Connect hardware Ethernet cable Use an Ethernet cable to connect the IX14 WAN/ETH1 port to a laptop or PC to access the local web interface via a browser or connect to a WAN. Phillips-head screwdriver Use a #1 Phillips-head screwdriver to remove and replace the SIM door when installing SIM cards.

  • Page 24: Step 4: Sign Up For Digi Remote Manager

    Click on the link in the email to log into Digi Remote Manager. Step 5: Access the IX14 local web interface a. If you have not already done so, use an Ethernet cable to connect your IX14 WAN/ETH1 port to your PC.

  • Page 25: Step 6: Configure Cellular Connection Using The Web Interface

    The same default password is also shown on the label affixed to the bottom of the device. a. Click Add. b. Click OK. Digi Remote Manager adds your IX14 to your account and it appears in the Device Management view. IX14 User Guide...

  • Page 26: Next Steps

    To manage and configure your IX14 remotely using Digi Remote Manager, see Configure Digi Remote Manager.  To manage and configure your IX14 locally using the local web interface, see Using the web interface. Reset the device to factory defaults Resetting the device to factory defaults performs the following actions: Clears all configuration settings.

  • Page 27: Hardware Setup

    Hardware setup This chapter contains the following topics: Install SIM cards Attach and position antennas Connect the WAN/ETH1 port Connect the serial port Power on the IX14 IX14 User Guide...

  • Page 28: Install Sim Cards

    1. On the IX14 front panel, use a #1 Phillips-head screwdriver to remove the SIM door. 2. If the IX14 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 29: Connect The Wan/Eth1 Port

    Connect the WAN/ETH1 port Connect the WAN/ETH1 port Use an Ethernet cable to connect the IX14 to your local laptop or PC or to your local network (LAN). If you connect directly to your PC, the factory default IP address is 192.168.2.1 If you connect to a LAN that has a DHCP server, reboot the device after you connect and wait for the DHCP server to assign an IP address to the device.

  • Page 30: Review Ix14 Default Settings

       WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 31    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 32: Configuration Methods

    Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX14 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager.

  • Page 33: Access Digi Remote Manager

    Using the web interface To connect to the IX14 local WebUI: 1. Use an Ethernet cable to connect the IX14's LAN port to a laptop or PC. 2. Open a browser and go to 192.168.2.1. 3. Log into the device using a configured user name and password.

  • Page 34: Log Out Of The Web Interface

    Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Displays the device connection status for Digi Remote Manager, the amount of time Remote the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.

  • Page 35: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the IX14 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 36: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX14 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...

  • Page 37: Initial Configuration

    Initial configuration This chapter contains the following topics: Configure cellular modem APNs Change the default LAN subnet Change the LAN address type Configure SIM PIN Configure system settings Enable or disable Bluetooth service IX14 User Guide...

  • Page 38: Configure Cellular Modem Apns

    Configure cellular modem APNs Configure cellular modem APNs The IX14 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 39    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 40 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 41: Change The Default Lan Subnet

    Change the default LAN subnet Change the default LAN subnet You can change the IX14 default LAN subnet—192.168.2.1/24—to any range of private IPs. The local DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet: ...

  • Page 42: Change The Lan Address Type

    By default, the LAN interface uses a static IP address. To configure it to use a DHCP address instead:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 43    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 44: Configure Sim Pin

       Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 45 Initial configuration Configure system settings 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System. 4. Provide the system information settings: Name: (Optional) Enter a name for the device.
  • Page 46    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 47 Initial configuration Configure system settings (config)> system banner "Welcome to the Digi IX14." (config)> 4. Configure scheduled tasks: Set the reboot time: (config)> system schedule reboot_time time (config)> where time is the time of the day that the device should reboot, using the format HH:MM.
  • Page 48 Schedule system maintenance tasks for more information. 6. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
  • Page 49 (config)> system log event netmon error false (config)> system log event netmon info false (config)> Disable status events related to the addresses and routes of network inferfaces, or change the status interval for network status event logging from the default of 5 minutes: IX14 User Guide...
  • Page 50 30 minutes: (config)> system log event network status false (config)> system log event network status_interval value (config)> Disable informational logging of user access events: (config)> system log event user info false (config)> IX14 User Guide...
  • Page 51 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 52: Enable Or Disable Bluetooth Service

       Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 53 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable or disable the Bluetooth service: To enable the Bluetooth service: (config)> service bluetooth enable true (config)> To disable the Bluetooth service: (config)> service bluetooth enable false (config)> IX14 User Guide...
  • Page 54 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Note You will not see the IX14 Bluetooth service listed on your smart phone or tablet. IX14 User Guide...

  • Page 55: User Authentication

    This chapter contains the following topics: IX14 user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) Disable shell access Set the idle timeout for IX14 users Example user configuration IX14 User Guide...

  • Page 56: Ix14 User Authentication

    User authentication IX14 user authentication IX14 user authentication User authentication on the IX14 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 57 RADIUS: Users authenticated by using a remote RADIUS server for authentication. Remote Authentication Dial-In User Service (RADIUS) for information about configuring RADIUS authentication. TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. IX14 User Guide...

  • Page 58: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 59 This procedure describes how to add methods to various places in the list. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 60: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 61    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 62: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second: 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 63    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 64: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the IX14 device by using the serial console. Preconfigured authentication groups The IX14 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.
  • Page 65 The preconfigured authentication groups cannot be deleted, but the access rights defined for the group are configurable. This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group IX14 User Guide...

  • Page 66: Change The Access Rights For A Predefined Group

    For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. Full access provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI.
  • Page 67    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 68: Add An Authentication Group

    Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. IX14 User Guide...
  • Page 69 5. Click the following options, as appropriate, to enable or disable access rights for each: Admin access For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: IX14 User Guide...
  • Page 70 User authentication Authentication groups Full access full: provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 71 (config)> where value is either: full: provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 72: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the IX14 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
  • Page 73    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 74 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 75: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX14 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 76: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 77 6. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...

  • Page 78: Configure A Local User

    Local users    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 79 To configure a local user:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 80 To display the QR code for the secret key, click ... next to the field label and select Show secret key QR code. iii. Copy the secret key, or scan or copy the QR code, for use with an application or mobile device to generate passcodes. IX14 User Guide...
  • Page 81    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 82 (config auth user new_user)> del group n (config auth user new_user)> Where n is index number of the authentication method to be deleted. For example, to delete the serial group as displayed by the example show command, above: IX14 User Guide...
  • Page 83 (config auth user new_user 2fa)> disallow_reuse true (config auth user new_user 2fa)> f. For time-based verification only, configure the code refresh interval. This is the amount of time that a code will remain valid. IX14 User Guide...
  • Page 84 Change to the user's scratch code node: (config auth user new_user 2fa)> scratch_code (config auth user new_user 2fa scratch_code)> ii. Add a scratch code: (config auth user new_user 2fa scratch_code)> add end code (config auth user new_user 2fa scratch_code)> IX14 User Guide...

  • Page 85: Delete A Local User

    To delete a user from your IX14:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 86 User authentication Local users the page to locate it. IX14 User Guide...
  • Page 87 Local users    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 88: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the IX14 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 89: Tacacs+ User Configuration

    After setting up the TACACS+ server, you will need to configure one or more users on the server. When configured with TACACS+ support, the IX14 device uses the TACACS+ server for authentication (password verification) and authorization (assigning the access level of the user).

  • Page 90: Tacacs+ Server Failover And Fallback To Local Authentication

    Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX14 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 91 = testing123 8. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX14 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 92 For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the IX14 configuration. 10. (Optional) Click  again to add additional TACACS+ servers.
  • Page 93 (config auth tacacs+ server 0)> ... (config)> 8. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the IX14 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_...
  • Page 94 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 95: Remote Authentication Dial-In User Service (Radius)

    With RADIUS support, the IX14 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.

  • Page 96: Radius User Configuration

    /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your IX14 device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.

  • Page 97: Configure Your Ix14 Device To Use A Radius Server

    If the RADIUS servers are unavailable and the IX14 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
  • Page 98 Remote Authentication Dial-In User Service (RADIUS)    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > RADIUS > Servers.
  • Page 99 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX14 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the IX14 device by using ssh, the default value is sshd.
  • Page 100 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX14 device by using the WebUI, the default value is for NAS ID is httpd.

  • Page 101: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 102    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 103: Set The Idle Timeout For Ix14 Users

    By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 104    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 105 User authentication Set the idle timeout for IX14 users (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device.

  • Page 106: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 107    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 108: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the IX14 device, user authentication will occur in the following order: IX14 User Guide...
  • Page 109 2. The user is authenticated by the TACACS+ server. If both the RADIUS and TACACS+ servers are unavailable, 3. The user is authenticated by the IX14 device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu.
  • Page 110 The authentication group on the IX14 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the IX14 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. IX14 User Guide...
  • Page 111 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. IX14 User Guide...
  • Page 112 Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the IX14 device, admin, is identified in the Unix-FTP- Group-Names parameter. IX14 User Guide...
  • Page 113 Save and close the tac_plus.conf file. 3. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 114 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
  • Page 115 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options IX14 User Guide...

  • Page 116: Firewall Configuration

    IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the IX14 to be forwarded to other servers by translating the destination address.
  • Page 117    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 118: Configure The Firewall Zone For A Network Interface

    Internal, to External.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 119    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 120: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 121 Firewall Firewall configuration the page to locate it. IX14 User Guide...

  • Page 122: Port Forwarding Rules

    Port forwarding rules    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 123 To configure a port forwarding rule:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
  • Page 124    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 125 (config firewall dnat 0)> ip_version ipv6 (config firewall dnat 0)> 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. (config firewall dnat 0)> port port (config firewall dnat 0)> IX14 User Guide...
  • Page 126 To specify the firewall zone for white listing: (config firewall dnat 0 acl)> add zone end zone Repeat for each appropriate zone. To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? IX14 User Guide...

  • Page 127: Delete A Port Forwarding Rule

    To delete a port forwarding rule:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 128    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 129 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 130: Packet Filtering

    By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the IX14 device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
  • Page 131 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. IX14 User Guide...
  • Page 132    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 133 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> IX14 User Guide...

  • Page 134: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 135    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 136: Delete A Packet Filtering Rule

    To delete a packet filtering rule:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
  • Page 137    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 138: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
  • Page 139    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 140: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the IX14 device on the binding's interface. By default, the IX14 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 141    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 142 Create a new binding    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
  • Page 143 10, each policy will be allocated one third of the total interface bandwidth. e. For Latency, type the maximum delay before the transmission of packets. A lower latency means that the packets will be scheduled more quickly for transmission. IX14 User Guide...
  • Page 144 MAC address: Only traffic from the MAC address typed in MAC address will be matched. ix. Click to expand Destination address and select the Type: Any: Traffic destined for anywhere will be matched. Interface: Only traffic destined for the selected Interface will be matched. IX14 User Guide...
  • Page 145    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 146 The larger the weight, with respect to the other policy weights, the larger portion of the maximum bandwidth is available for this policy. For example, if a binding contains three policies, and each policy contains a weight of 10, each policy will be allocated one third of the total interface bandwidth. IX14 User Guide...
  • Page 147 (config firewall qos 2 policy 0 rule 0)> tos value (config firewall qos 2 policy 0 rule 0)> where value is a hexadecimal number. See https://www.tucny.com/Home/dscp-tos for a list of common TOS values. IX14 User Guide...
  • Page 148 (config network qos 2 policy 0 rule 0)>src interface ? Interface: Match the IP address with the specified interface's network address. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback /network/interface/modem Current value: (config network qos 2 policy 0 rule 0)> src interface IX14 User Guide...
  • Page 149 Use the ? to determine available interfaces: (config network qos 2 policy 0 rule 0)>dst interface ? Interface: Match the IP address with the specified interface's network address. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback /network/interface/modem IX14 User Guide...
  • Page 150 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 151: System Administration

    This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your IX14 device Reset the device to factory defaults Configuration files Schedule system maintenance tasks Create a Virtual LAN (VLAN) route...

  • Page 152: Review Device Status

    Show basic system information: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 153: Configure System Information

    Disk /var Usage : 1.132MB/262.144MB(0%) > Configure system information You can configure information related to your IX14 device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
  • Page 154    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 155: Update System Firmware

    For example, IX14-19.11.72.58.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
  • Page 156 6. Click Update Firmware.    Command line 1. Download the IX14 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 157: Update Cellular Module Firmware

    > reboot Rebooting system > 7. Once the device has rebooted, log into the IX14's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 158: Reboot Your Ix14 Device

    Select the firmware. 7. Click Update. Reboot your IX14 device You can reboot the IX14 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 159: Reboot Your Device Immediately

    Schedule reboots of your device    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 160    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 161: Reset The Device To Factory Defaults

       WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. IX14 User Guide...
  • Page 162 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX14 by using the serial port or by using an Ethernet cable to connect the IX14 LAN port to your PC. b. Log into the IX14: User name: Use the default user name: admin.
  • Page 163 3. After resetting the device: a. Connect to the IX14 by using the serial port or by using an Ethernet cable to connect the IX14 LAN port to your PC.
  • Page 164 System administration Reset the device to factory defaults 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 165: Configuration Files

    Save configuration changes When you make changes to the IX14 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 166: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your IX14 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
  • Page 167 2. Enter the following: > system backup path [passphrase passphrase] type type where path is the location on the IX14's filesystem where the configuration backup file should be saved. passphrase (optional) is a passphrase used to encrypt the configuration backup.

  • Page 168: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX14 device by using a backup from the device, or a backup from a similar device. ...
  • Page 169 IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-19.05.17-19.01.17.bin local /etc/config/ to local...

  • Page 170: Schedule System Maintenance Tasks

    Custom scripts that should be run as part of the configuration check.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 171 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care. Scripts created here are also automatically entered in Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. IX14 User Guide...
  • Page 172 Click to enable Log script output to log the script's output to the system log. ii. Click to enable Log script errors to log script errors to the system log. If neither option is selected, only the script's exit code is written to the system log. IX14 User Guide...
  • Page 173    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 174 (config system schedule script 0)> b. (Optional) Provide a label for the script. (config system schedule script 0)> label value (config system schedule script 0)> where value is any string. if spaces are used, enclose value within double quotes. IX14 User Guide...
  • Page 175 If set_time is set, set the time that the script should run, using the format HH:MM: (config system schedule script 0)> run_time HH:MM (config system schedule script 0)> maintenance_time: The script will run during the system maintenance time window. IX14 User Guide...
  • Page 176 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 177: Create A Virtual Lan (Vlan) Route

    To create a VLAN:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 178    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 179 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 180: Serial Port

    IX14 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your IX14 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the IX14 device's serial port.
  • Page 181 12. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...
  • Page 182 System administration Serial port IX14 User Guide...
  • Page 183 Serial port    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 184: Show Serial Status And Statistics

    3. Under Connections, click Serial.    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 185: Services

    Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service IX14 User Guide...

  • Page 186: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the IX14's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The IX14 device must have a publicly reachable IP address.
  • Page 187    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 188 Add the External firewall zone to the SSH service    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 189 6. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...

  • Page 190: Configure The Web Administration Service

    By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the IX14's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
  • Page 191    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 192 Type quit to disconnect from the device. Configure the service    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 193 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
  • Page 194    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 195 Services Configure the web administration service To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service web_admin acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 196 Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> IX14 User Guide...
  • Page 197 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 198: Configure Ssh Access

    Services Configure SSH access Configure SSH access The IX14's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
  • Page 199    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 200 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. IX14 User Guide...
  • Page 201    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 202 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service ssh acl interface end value (config)>...
  • Page 203 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 204: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items If you want to access the IX14 device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
  • Page 205 These instructions assume an existing user named temp_user. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 206 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 207: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 208    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 209 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
  • Page 210    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 211 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service telnet acl interface end value (config)>...

  • Page 212: Configure Dns

    Type quit to disconnect from the device. Configure DNS The IX14 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 213 To configure the DNS server:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
  • Page 214 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
  • Page 215 Configure DNS    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 216 4. (Optional) Cache negative responses By default, the device's DNS server caches negative responses. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: IX14 User Guide...
  • Page 217 (Optional) Set a label for this DNS server: (config service dns server 0)> label label (config service dns server 0)> 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve a. Add a host: IX14 User Guide...
  • Page 218 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 219: Simple Network Management Protocol (Snmp)

    By default, the IX14 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a IX14 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 220 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
  • Page 221    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 222 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service snmp acl interface end value (config)>...
  • Page 223 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES IX14 User Guide...

  • Page 224: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX14 device.

  • Page 225: System Time

    The IX14 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 226 The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.    Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
  • Page 227 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...

  • Page 228: Network Time Protocol

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The IX14 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
  • Page 229 3. Click Services > NTP. 4. Enable the IX14 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the IX14 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 230 Services Configure the device as an NTP server To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown.
  • Page 231 Configure the device as an NTP server    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 232 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service ntp acl interface end value (config)>...
  • Page 233 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX14 device can use the NTP service. 6. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value (config)>...
  • Page 234 Services Configure the device as an NTP server 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 235: Configure A Multicast Route

    7. Type the Source port. Ensure the port is not used by another protocol. 8. Select a Source interface where multicast packets will arrive. 9. Select a Destination interface that the IX14 device will use to send mutlicast packets. 10. Click Apply to save the configuration and apply the change.
  • Page 236 Configure a multicast route    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 237: Enable Service Discovery (Mdns)

    Services Enable service discovery (mDNS) 8. Set the destination interface that the IX14 device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)> a. Use the ? to determine available interfaces: (config service multicast test)>interface ? Destination interface: Which interface to send the multicast packets.
  • Page 238 No limit to IPv6 addresses that can access the mDNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
  • Page 239    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 240 Services Enable service discovery (mDNS) Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service mdns acl interface end value (config)> Where value is an interface defined on your device.

  • Page 241: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your IX14 device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 242 Services Use the iPerf service 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > IPerf.
  • Page 243    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 244 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service iperf acl interface end value (config)>...

  • Page 245: Example Performance Test Using Iperf3

    Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX14 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 246 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. IX14 User Guide...

  • Page 247: Applications

    Applications The IX14 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 248: Configure Applications To Run Automatically

    Whether the script should run one time only. Task one: Upload the application    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. IX14 User Guide...
  • Page 249 IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX14 device, issue the following command: >...

  • Page 250: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Applications.
  • Page 251 If neither option is selected, only the script's exit code is written to the system log. 9. For Maximum memory, enter the maximum amount of memory available to be used by the script and its subprocesses, using the format number{b|bytes|KB|k|MB|MB|M|GB|G|TB|T}. IX14 User Guide...
  • Page 252    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 253 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). IX14 User Guide...

  • Page 254: Run A Python Application At The Shell Prompt

    Python applications cannot be run from the Admin CLI. You must access the device shell in order to run Python applications from the command line. See Authentication groups for information about configuring authentication groups that include shell access. IX14 User Guide...
  • Page 255 IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: IX14 User Guide...

  • Page 256: Start An Interactive Python Session

    You can also create Python applications by using the vi command when logged in with shell access. 2. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 257 Start an interactive Python session >>> help("digidevice") Help on package digidevice: NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().

  • Page 258: Digidevice Module

    Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager IX14 User Guide...

  • Page 259: Use Digidevice.cli To Execute Cli Commands

    1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 260: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Help for using Python to execute IX14 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 261 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: 1. Log into the IX14 command line as a user with shell access.

  • Page 262: Use Digidevice.config For Device Configuration

    Read the device configuration Use the get() method to read the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 263 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 264: Use Python To Respond To Digi Remote Manager Sci Requests

    Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX14 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 265 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
  • Page 266 Remote Manager: from digidevice import device_request from digidevice import cli import time def handler(target, request): return cli.execute("show system verbose") IX14 User Guide...
  • Page 267    WebUI i. Log into the IX14 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
  • Page 268    Command line i. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 269 > reboot To run the application from the shell prompt: i. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 270 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX14 Serial Number : IX14-000068 Hostname : IX14 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 19.11.72.58...
  • Page 271 : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX14 Serial Number : IX14-000023 Hostname : IX14 : 0040D026791C Hardware Version : 50001959-01 A Firmware Version : 19.11.72.58...
  • Page 272 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the IX14 command line as a user with shell access.

  • Page 273: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 274 Get help for reading and modifying the device runtime database by accessing help for digidevice.runt: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 275: Using Python To Upload The Device Name To Digi Remote Manager

    Using Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 276 Digidevice module Upload a custom name 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 277 Applications Digidevice module NAME digidevice.name - API for uploading name from the device 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). IX14 User Guide...
  • Page 278 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 279: Central Management With Digi Remote Manager

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your IX14 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
  • Page 280 Central management with Digi Remote Manager Configure Digi Remote Manager IX14 User Guide...
  • Page 281 4. (Optional) For Management server, type the URL for the central management server. The default is the Digi Remote Manager server, my.devicecloud.com. 5. (Optional) For Retry interval, type the amount of time that the IX14 device should wait before reattempting to connect to the Digi Remote Manager server after being disconnected. The default is 30 seconds.
  • Page 282 (config)> cloud drm drm_url url (config)> 5. (Optional) Set the amount of time that the IX14 device should wait before reattempting to connect to the Digi Remote Manager server after being disconnected. The minimum value is ten seconds. The default is 30 seconds.

  • Page 283: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 284 Central management with Digi Remote Manager Collect device health data and set the sample interval 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration.

  • Page 285: Log Into Digi Remote Manager

    Log into Digi Remote Manager    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 286: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 287: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your IX14 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...

  • Page 288: Use The Digi Remote Manager Mobile App

    The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.

  • Page 289: Configure Multiple Devices Using Profiles

    2. Follow the prompts to complete your IX14 registration. Digi Remote Manager registers your IX14 and adds it to your Digi Remote Manager device list. You can now manage the device remotely using Digi Remote Manager.

  • Page 290: Monitoring

    Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe IX14 User Guide...

  • Page 291: Intelliflow

    WebUI. To use intelliFlow, the IX14 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 292    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 293 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 294: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 295: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 296 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. IX14 User Guide...

  • Page 297: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 298: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX14 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 299 Configure NetFlow Probe    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 300    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 301 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. IX14 User Guide...
  • Page 302 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
  • Page 303 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) IX14 User Guide...

  • Page 304: Virtual Private Networks (Vpn)

    Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. IX14 User Guide...

  • Page 305: Authentication

    Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX14 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX14 device uses a private RSA key to authenticate with a...
  • Page 306 The lifetime of the IPsec tunnel before it is renegotiated. The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. IX14 User Guide...
  • Page 307 Virtual Private Networks (VPN) IPsec    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 308 Transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. 12. Select the Protocol, either: ESP (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. AH (Authentication Header): Provides authentication and integrity only. IX14 User Guide...
  • Page 309 Type the Username and Password that the device will use to authenticate as an XAUTH client with the peer. 16. (Optional) Click Enable MODECFG client to receive configuration information, such as the private IP address, from the remote peer. IX14 User Guide...
  • Page 310 IPv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ ADDR IKE identity. For IPv4 ID value, type an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. IX14 User Guide...
  • Page 311 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . IX14 User Guide...
  • Page 312 For Hash, select the type of hash to use to verify communication integrity. iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key exchange. v. You can add additional Phase 1 proposals by clicking  next to Add Phase 1 Proposal. IX14 User Guide...
  • Page 313 24. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...
  • Page 314 IPsec    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 315 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. IX14 User Guide...
  • Page 316 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
  • Page 317 MODECFG client functionality configures the device to receive configuration information, such as the private IP address, from the remote peer. a. Enable MODECFG client functionality: (config vpn ipsec tunnel ipsec_example)> modecfg_client enable true (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
  • Page 318 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> local id rfc822_id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. IX14 User Guide...
  • Page 319 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id ipv6_id id (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
  • Page 320 (config vpn ipsec tunnel ipsec_example)> e. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: (config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
  • Page 321 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. IX14 User Guide...
  • Page 322 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. IX14 User Guide...
  • Page 323 (config)> c. Set the number of seconds between transmissions of dead peer packets. Dead peer packets are only sent when the tunnel is idle. The default is 60. (config)> vpn ipsec tunnel ipsec_example dpd delay value (config)> IX14 User Guide...
  • Page 324 Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)>local address Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: defaultip defaultlinklocal loopback modem IX14 User Guide...
  • Page 325 IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. d. Set the IP address and optional netmask of the remote network. The keyword any can also be used. IX14 User Guide...
  • Page 326 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 327: Configure Ipsec Failover

    IPsec Configure IPsec failover You can configure the IX14 device to fail over from a primary IPsec tunnel to a backup tunnel. During configuration of the backup IPsec tunnel, identify the primary IPsec tunnel in the Preferred tunnel parameter. The Preferred tunnel parameter instructs the backup IPsec tunnel to start only when the preferred tunnel has been determined to have failed.

  • Page 328: Configure Surelink Active Recovery For Ipsec

    Type quit to disconnect from the device. Configure SureLink active recovery for IPsec You can configure the IX14 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 329 To configure the IX14 device to regularly probe the IPsec connection:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 330 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. IX14 User Guide...
  • Page 331 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. IX14 User Guide...
  • Page 332    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 333 (config vpn ipsec tunnel ipsec_example)> connection_monitor interval 600s (config vpn ipsec tunnel ipsec_example)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn ipsec tunnel ipsec_example)> add connection_monitor target (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> IX14 User Guide...
  • Page 334 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX14 User Guide...

  • Page 335: Show Ipsec Status And Statistics

    > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show IPsec status and statistics    WebUI IX14 User Guide...
  • Page 336    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 337: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX14 device supports two types of OpenVPN topology:...

  • Page 338: Configure An Openvpn Server

    Username and password authentication only. Certificate and username and password authentication. If username and password authentication is used, you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificates and keys: IX14 User Guide...
  • Page 339 OpenVPN    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 340 If not enabled, certificates must be created externally and added to the server. 12. If Server managed certificates is not enabled: a. Select the Authentication type: Certificate only: Uses only certificates for client authentication. Each client requires a public and private key. IX14 User Guide...
  • Page 341 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 342    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 343 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. IX14 User Guide...
  • Page 344 Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> IX14 User Guide...
  • Page 345 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 346 (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 12. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> IX14 User Guide...

  • Page 347: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 348 For Add Group, type a name for the group (for example, OpenVPN_Group) and click . The new authentication group configuration is displayed. c. Click OpenVPN access to enable OpenVPN access rights for users of this group. d. Click to expand the OpenVPN node. e. Click  to add a tunnel. IX14 User Guide...
  • Page 349 5. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...
  • Page 350 Virtual Private Networks (VPN) OpenVPN IX14 User Guide...
  • Page 351 OpenVPN    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 352: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 353    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 354 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > IX14 User Guide...

  • Page 355: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 356 5. The OpenVPN client is enabled by default. To disable, click Enable. 6. The default behavior is to use an OVPN file for client configuration. To disable this behavior and configure the client manually, click Use .ovpn file to disable. IX14 User Guide...
  • Page 357    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 358 0 and 65535. The default is 0. 8. (Optional) Set the login credentials as configured on the OpenVPN server: (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)> IX14 User Guide...
  • Page 359 (config vpn openvpn client name)> c. Set the additional OpenVPN parameters: (config vpn openvpn client name)> advanced_options extra parameters (config vpn openvpn client name)> 15. Save the configuration and apply the change: (config)> save Configuration saved. > IX14 User Guide...

  • Page 360: Configure Active Recovery For Openvpn

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure active recovery for OpenVPN You can configure the IX14 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 361 8. For Reboot device, enable to instruct the device to reboot when the WAN connection is considered to have failed. 9. Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. IX14 User Guide...
  • Page 362 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. Test the interface status or Test the interface status IPv6: The interface is considered to be down based on: IX14 User Guide...
  • Page 363 For example, to set Down time to ten minutes, enter 10m or 600s. The default is 60 seconds. Initial connection time: The amount of time to wait for an initial connection to the interface before IX14 User Guide tihe take n...
  • Page 364 10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config vpn openvpn client openvpn_client1)> connection_monitor timeout value (config vpn openvpn client openvpn_client1)> IX14 User Guide...
  • Page 365 (config vpn openvpn client openvpn_client1 connection_monitor target 0)> dns_server ip_address (config vpn openvpn client openvpn_client1 connection_monitor target 0)> dns_configured (IPv4) or dns_configured6 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. IX14 User Guide...
  • Page 366 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wwan ipv4 connection_monitor target 0)> interface_timeout 600s (config network interface my_wwan ipv4 connection_monitor target 0)> The default is 60 seconds. IX14 User Guide...

  • Page 367: Show Openvpn Server Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 368: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 369: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 370    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 371 Task Two: Configure the GRE tunnel    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 372    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 374 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 375: Show Gre Tunnels

       Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 376: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The IX14 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 377 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on IX14-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 378 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the IX14-2 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 379 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 380 The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.    Command line 1. At the command line, type config to enter configuration mode: IX14 User Guide...
  • Page 381 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). 4. For Remote endpoint, type the IP address of the GRE tunnel on IX14-2, 172.30.0.2. 5. Click Apply to save the configuration and apply the change. IX14 User Guide...
  • Page 382 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX14-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 383 7. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...
  • Page 384 Task one: Create an IPsec tunnel    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 385 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX14-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 386 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the IX14-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 387 Task two: Create an IPsec endpoint interface    WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. IX14 User Guide...
  • Page 388 4. Set the device to /network/device/loopback: (config network interface ipsec_endpoint2)> device /network/device/loopback (config network interface ipsec_endpoint2)> 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> IX14 User Guide...
  • Page 389 (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on IX14-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.
  • Page 390 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX14-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 391 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> 5. Set 172.31.0.1/30 as the virtual IP address on the GRE tunnel: (config network interface gre_interface2)> ipv4 address 172.31.1.1/30 (config network interface gre_interface2)> IX14 User Guide...
  • Page 392 (config network interface gre_interface2)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
  • Page 393 Generate a support report View system event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems IX14 User Guide...

  • Page 394: Generate A Support Report

    Attach the support report to any support requests.    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 395 Diagnostics Generate a support report 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 396: View System Event Logs

    View System Logs    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 397 Diagnostics View system event logs 5. Click  to download the system log. IX14 User Guide...
  • Page 398 View system event logs    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 399: View Event Logs

    6. Click  to download the event log.    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 400 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 401: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 402    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 403: Configure Options For The Event And System Logs

    All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. IX14 User Guide...
  • Page 404 Depending on the event category, you can enable or disable informational events, status events, and error events. Some categories also allow you to set the Status interval, which is the time interval between periodic status events. IX14 User Guide...
  • Page 405 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the IX14 device erases system logs each time the device is powered off or rebooted. Note You should only enable Preserve system logs temporarily to debug issues.
  • Page 406 For example, to configure DHCP server logging: i. Use the question mark (?) to determine what events are available for DHCP server logging configuration: (config)> system log event dhcpserver ? DHCP server: Settings for DHCP server events. Informational events are generated IX14 User Guide...
  • Page 407 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 408: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The IX14 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 409: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
  • Page 410 If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. b. Enable the capture filter schedule. IX14 User Guide...
  • Page 411    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 412 (config network analyzer name)> duration value (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set duration to ten minutes, enter either 10m or 600s: IX14 User Guide...

  • Page 413: Example Filters For Capturing Data Traffic

    Capture traffic for a particular IP protocol: ip proto protocol where protocol is a number in the range of 1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp. IX14 User Guide...

  • Page 414: Capture Packets From The Command Line

    Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer packet capture configuration information. To start packet capture from the command line:    Command line IX14 User Guide...

  • Page 415: Stop Capturing Packets

    Diagnostics Analyze network traffic 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...

  • Page 416: Show Captured Traffic Data

    To show captured data traffic:    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 417: Save Captured Data Traffic To A File

       Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...

  • Page 418: Download Captured Data To Your Pc

    WebUI or from the command line by using the (secure copy file) command.    WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. IX14 User Guide...

  • Page 419: Clear Captured Data

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 420 To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. IX14 User Guide...

  • Page 421: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 422 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the IX14 device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.

  • Page 423: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) IX14 User Guide...

  • Page 424: Ip Routing

    IP routing IP routing The IX14 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 425: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 426 7. For Interface, select the interface on the IX14 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 427 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the IX14 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>interface ?

  • Page 428: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 429    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 430: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX14 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 431: Configure A Routing Policy

    To configure a routing policy:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 432 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX14 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 433    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 434 Routing IP routing 5. Set the interface on the IX14 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>interface ? Interface: The network interface used to reach the destination. Packets that satisfy the matching criteria will be routed through this interface.
  • Page 435 Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup IX14 User Guide...
  • Page 436 Matches the source IPv6 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> src address6 value (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. IX14 User Guide...
  • Page 437 Matches the destination IP address to the selected interface's network address. Set the interface: a. Use the ? to determine available interfaces: (config network route policy 0)>dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback IX14 User Guide...

  • Page 438: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your IX14 includes support for dynamic routing services and protocols. The following routing services are supported: IX14 User Guide...

  • Page 439: Configure Routing Services

    The IPv4 and IPv6 Babel service. IS-IS The IPv4 and IPv6 Intermediate System to Intermediate System (IS-IS) service. Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. IX14 User Guide...
  • Page 440 IP routing    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Routing services.
  • Page 441 IP routing    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 442: Show The Routing Table

    To display the routing table:    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
  • Page 443 5. Click IPv6 Load Balance to view IPv6 load balancing.    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 444: Dynamic Dns

    WAN or public IP address changes. Your IX14 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 445 The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. IX14 User Guide...
  • Page 446 Dynamic DNS    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
  • Page 447    Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 448 Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br dnsdynamic.org Default value: custom Current value: custom (config network ddns new_ddns_instance)> service IX14 User Guide...
  • Page 449 For example, to set force_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> force_interval 600s (config network ddns new_ddns_instance)> The default is 3d. IX14 User Guide...

  • Page 450: Virtual Router Redundancy Protocol (Vrrp)

    Multiple IX14 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 451    WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
  • Page 452 The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it.    Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
  • Page 453 IP address of the VRRP pool, then the priority of this device should be set to 255 . Allowed values are from 1 and 255, and it is configured to 100 by default. IX14 User Guide...

  • Page 454: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX14 device. VRRP status is available from the Web UI only. ...
  • Page 455 Routing Virtual Router Redundancy Protocol (VRRP) 3. Click Status > VRRP. The Virtual Router Redundancy Protocol window is displayed. IX14 User Guide...
  • Page 456 File system This chapter contains the following topics: The IX14 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 457: The Ix14 Local File System

    The IX14 local file system The IX14 local file system The IX14 local file system has approximately 100 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 458: Create A Directory

    For example: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 459: Display File Contents

    For example:    Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 460: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 461: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 462: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 463: Upload And Download Files By Using The Secure Copy Command

    IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX14 device, issue the following command: >...

  • Page 464: Upload And Download Files Using Sftp

    IX14 device. For example: To copy a support report from the IX14 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 465 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit IX14 User Guide...

  • Page 466: Digi Ix14 Regulatory And Safety Statements

    WARNING! This device must be powered off where blasting in progress, where explosive atmospheres are present, or near medical or life support equipment. CAUTION! Do not use an antenna not supplied by Digi. If a different antenna is required, consult Digi for antenna recommendations for your environment.

  • Page 467: Rf Exposure Statement

    Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX14 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
  • Page 468 Digi IX14 regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) Directive (Radio Equipment Directive). Furthermore, the manufacturer must maintain a copy of the (product name) user manual documentation and ensure the final product does not exceed the specified power ratings, antenna specifications, and/or installation requirements as specified in the user manual.

  • Page 469: Maximum Transmit Power For Radio Frequencies

    Digi IX14 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...

  • Page 470: Rohs Compliance Statement

    RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments...

  • Page 471: Special Safety Notes For Wireless Routers

    Special safety notes for wireless routers Digi International products are designed to the highest standards of safety and international standards compliance for the markets in which they are sold. However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance.

  • Page 472: Product Disposal Instructions

    At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU IX14 User Guide...
  • Page 473 Certifications This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1 Electromagnetic Compatibility (EMC) compliance standards EN 301-489-17 V3.1.12017...

  • Page 474: Command Line Interface

    Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference IX14 User Guide...

  • Page 475: Access The Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the IX14 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 476: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. IX14 login: 3. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 477: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX14 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...

  • Page 478: Display Help For Individual Commands

    2. To display a syntax diagram and parameter information about a specific command: > show arp ? Syntax: arp [ipv4] [ipv6] [verbose] Parameters -------------------------------------------------------------------------- ----- ipv4 Display IPv4 routes. ipv6 Display IPv6 routes. verbose Display more information. > show arp IX14 User Guide...

  • Page 479: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. IX14 User Guide...

  • Page 480: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the IX14 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX14 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 481: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the IX14 device from a remote host, or to the remote host from the IX14 device.

  • Page 482: Display Status And Statistics Using The Show Command

    IX14 device. For example: To copy a support report from the IX14 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 483: Show System

    "445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi IX14 Serial Number : IX14-000068 Hostname : TIX14 : 00:40:D0:13:35:36 Hardware Version : 50001947-01 1P Firmware Version : 19.11.72.58...

  • Page 484: Device Configuration Using The Command Line Interface

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX14 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 485 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. Parameters Current Value -------------------------------------------------------------------------- enable true Enable [private] Private key port Port Additional Configuration -------------------------------------------------------------------------- Access control list mdns > config service ssh IX14 User Guide...

  • Page 486: Configuration Mode

    1. At the config prompt, enter service to move to the service node: (config)> service (config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> IX14 User Guide...

  • Page 487: Save Changes And Exit Configuration Mode

    Configuration actions Description cancel Discards unsaved configuration changes and exits configuration mode. save Saves configuration changes and exits configuration mode. validate Validates configuration changes. Reverts the configuration to default revert settings. See The revert command more information. IX14 User Guide...

  • Page 488: Display Command Line Help In Configuration Mode

    2. You can then display help for the additional configuration commands. For example, to display help for the config service command, use one of the following methods: At the config prompt, enter service ?: (config)> service ? IX14 User Guide...
  • Page 489 Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter ? to display help for the ssh node: (config service ssh)> ? IX14 User Guide...
  • Page 490 (config service ssh)> Either of these methods will display the following information: (config)> service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true (config)> service ssh enable IX14 User Guide...

  • Page 491: Move Within The Configuration Schema

    While in configuration mode, you can use the add, del, and move action commands to manage elements in a list. When working with lists, these actions require an index number to identify the list item that will be acted on. IX14 User Guide...
  • Page 492 (config)> add auth user new-user group end admin (config)> 3. Use the show command again to verify that the admin group has been added to the user's configuration: (config)> show auth user new-user group 0 admin (config)> IX14 User Guide...
  • Page 493 2. To configure the device to use TACACS+ authentication first to authenticate a user, use the move index_number_1 index_number_2 command: (config)> move auth method 1 0 (config)> 3. Use the show command again to verify the change: (config)> show auth method 0 tacacs+ 1 local 2 radius (config)> IX14 User Guide...

  • Page 494: The Revert Command

    Configuration mode The revert command The revert command is used to revert changes to the IX14 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.

  • Page 495: Enter Strings In Configuration Commands

    For string parameters, if the string value contains a space, the value must be enclosed in quotation marks. For example, to assign a descriptive name for the device using the system command, enter: (config)> system description "Digi IX14" IX14 User Guide...

  • Page 496: Example: Create A New User By Using The Command Line

    Configuration mode Example: Create a new user by using the command line In this example, you will use the IX14 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 497 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...

  • Page 498: Command Line Reference

    Command line interface Command line reference Command line reference analyzer help mkdir modem more ping reboot show system traceroute update IX14 User Guide...

  • Page 499: Analyzer

    Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Ref: /network/analyzer Type: string analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Ref: /network/analyzer IX14 User Guide...
  • Page 500 Command line interface Command line reference Type: string IX14 User Guide...
  • Page 501 Do not ask to overwrite the destination file if it exists. Syntax: {True|False} Type: boolean source The source file or directory to copy. Type: string destination The destination path to copy the source file or directory to. Type: string IX14 User Guide...

  • Page 502: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None IX14 User Guide...
  • Page 503 Command line interface Command line reference ls [show-hidden] PATH List a directory. Parameters show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: {True|False} Type: boolean References List files and directories under this path. Type: string IX14 User Guide...

  • Page 504: Mkdir

    Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters References The directory path to create. Type: string IX14 User Guide...

  • Page 505: Modem

    The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. IX14 User Guide...
  • Page 506 Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. IX14 User Guide...
  • Page 507 SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters imei The IMEI of the modem to execute this CLI command on. Optional: True Type: string IX14 User Guide...
  • Page 508 Unlock the SIM with a PUK code from the SIM provider. Parameters imei The IMEI of the modem to execute this CLI command on. Optional: True Type: string name The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string IX14 User Guide...
  • Page 509 The IMEI of the modem to execute this CLI command on. Optional: True Type: string name The configured name of the modem to execute this CLI command on. Optional: True Ref: /network/modem Type: string slot The SIM slot to change to. Syntax: (1|2|show) Type: string IX14 User Guide...

  • Page 510: More

    Command line interface Command line reference more more PATH View a file. Parameters References The file to view. Type: string IX14 User Guide...
  • Page 511 Do not ask to overwrite the destination file if it exists. Syntax: {True|False} Type: boolean source The source file or directory to move. Type: string destination The destination path to move the source file or directory to. Type: string IX14 User Guide...

  • Page 512: Ping

    The number of bytes sent in the ICMP ping request. Default: 56 Minimum: 0 Syntax: {Integer} Type: integer host The name or address of the remote host to send ICMP ping requests to. Syntax: {hostname|IPv4_address|IPv6_address} Type: string IX14 User Guide...

  • Page 513: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None IX14 User Guide...
  • Page 514 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters force Force the file to be removed without asking. Syntax: {True|False} Type: boolean References The path to remove. Type: string IX14 User Guide...

  • Page 515: Scp

    Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) Type: string user The username to use when connecting to the remote host. Type: string IX14 User Guide...

  • Page 516: Show

    Display IPv6 routes. If no IP version is specififed IPv4 IPV6 will be displayed Syntax: {True|False} Type: boolean verbose Display more information (less concise, more detail). Syntax: {True|False} Type: boolean show cloud Show drm status statistics. Parameters None show config Show changes made to default configuration. Parameters None IX14 User Guide...
  • Page 517 [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Optional: True Syntax: IPv4_address Type: string name The configured instance name of the hotspot. IX14 User Guide...
  • Page 518 (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Optional: True Syntax: (critical|warning|debug|info) Type: string number Number of lines to retrieve from log. Default: 20 Minimum: 1 Syntax: {Integer} Type: integer IX14 User Guide...
  • Page 519 [all|verbose] [interface STRING] Show network interface status and statistics. Parameters Display all interfaces including disabled interfaces. Syntax: {True|False} Type: boolean interface Display more details and config data for a specific network interface. Optional: True Ref: /network/interface Type: string IX14 User Guide...
  • Page 520 Show OpenVPN server status and statistics. Parameters Display all servers including disabled servers. Syntax: {True|False} Type: boolean name Display more details and config data for a specific OpenVPN server. Optional: True Ref: /vpn/openvpn/server Type: string show route [ipv4|ipv6|verbose] Show IP routing information. IX14 User Guide...
  • Page 521 Ref: /serial Type: string show system [verbose] Show system status and statistics. Parameters verbose Display more information (disk usage, etc) Syntax: {True|False} Type: boolean show usb Show USB information. Parameters None show version [verbose] Show firmware version. IX14 User Guide...
  • Page 522 Display details for Wi-Fi client mode connections. Parameters Display all Wi-Fi clients including disabled Wi-Fi client mode connections. Syntax: {True|False} Type: boolean name Display more details for a specific Wi-Fi client mode connection. Optional: True Ref: /network/wifi/client IX14 User Guide...
  • Page 523 Command line interface Command line reference Type: string IX14 User Guide...

  • Page 524: System

    Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Parameters system restore [passphrase STRING] PATH Restore the device's configuration from a backup archive or CLI commands file. IX14 User Guide...
  • Page 525 References The path to the backup file. Type: string system support-report PATH Save a support report to a file and include with support requests. Parameters References The file path to save the support report to. Type: string IX14 User Guide...

  • Page 526: Traceroute

    Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Optional: True Syntax: {IPv4_address|IPv6_address} Type: string icmp Use ICMP ECHO for probes. Syntax: {True|False} Type: boolean IX14 User Guide...
  • Page 527 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Default: -1 Minimum: -1 Syntax: {Integer} Type: integer pausemsecs Minimal time interval between probes Default: 0 Minimum: 0 Syntax: {Integer} Type: integer IX14 User Guide...
  • Page 528 Type: boolean waittime Determines how long to wait for a response to a probe. Default: 5 Minimum: 1 Syntax: {Integer} Type: integer host The host that we wish to trace the route packets for. Syntax: {hostname|IPv4_address|IPv6_address} Type: string IX14 User Guide...

  • Page 529: Update

    Command line interface Command line reference update Update firmware. update firmware file STRING Update device firmware Parameters file Firmware filename and path. Type: string IX14 User Guide...

Table of Contents