Digi TX64 User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Network Router
  5. TX64
  6. User manual

Digi TX64 User Manual

Hide thumbs Also See for TX64:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
Table of Contents

Advertisement

Quick Links

Download this manual
TX64
User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the TX64 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi TX64

Summary of Contents for Digi TX64

  • Page 1 TX64 User Guide...

  • Page 2: Revision History-90002348

    Release of DigiTX64 firmware version 20.2: February 2020 Digi SureLink support (formerly known as active recovery). Enabled by default on preconfigured WANs and WWANs. Role-based user access. Allow shell option added to authentication. Read-only access option added to user configuration. TX64 User Guide...
  • Page 3 Application mode for serial ports to allow for Python programmatic control. Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 4 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (TX64 User Guide, 90002348 C) in the subject line of your email. TX64 User Guide...

  • Page 5: Table Of Contents

    Contents Revision history—90002348 What's new in Digi TX64 version 20.5 Digi TX64 Quick start Quick start using the Digi Remote Manager mobile app Step 1: What's in the box Step 2: Gather accessories Step 3: Connect Step 4: Power up...
  • Page 6 TX64 power connector Configuration and management Review TX64 default settings Local WebUI Digi Remote Manager Default interface configuration Other default configuration settings Reset default password for the default admin user Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access points...
  • Page 7 Configure a static route Delete a static route Policy-based routing Configure a routing policy Example: Dual WAN policy-based routing Example: Route traffic to a specific WAN interface based on the client MAC address Routing services Configure routing services TX64 User Guide...
  • Page 8 Enable or disable the internal GNSS module Use a dead reckoning external USB GNSS receiver Configure the device to accept location messages from external sources Forward location information to a remote host Show location information System time TX64 User Guide...
  • Page 9 Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager The digidevice led submodule Hid module...
  • Page 10 Disable shell access Set the idle timeout for TX64 users Example user configuration Example 1: Administrator user with local authentication Example 2: RADIUS, TACACS+, and local authentication for one user Firewall Firewall configuration Create a custom firewall zone Configure the firewall zone for a network interface...
  • Page 11 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 12 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi TX64 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
  • Page 13 Example: Create a new user by using the command line Example: Configure multiple WANs and LANs by using the command line Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute update TX64 User Guide...

  • Page 14: What's New In Digi Tx64 Version 20.5

    Digi Remote Manager. Added a randomized two minute delay window for uploading health metrics to the Digi Remote Manager to avoid situations where multiple devices are uploading metrics at the same time.

  • Page 15: Digi Tx64 Quick Start

    When you open the TX64 package, look for the following: Digi TX64 device The Digi TX64 has a product label on the bottom of the device. The label includes product identification information and the default password assigned to the device.

  • Page 16: Step 2: Gather Accessories

    Step 2: Gather accessories Digi offers several TX64 accessory kits so you can purchase exactly what you need to support your TX64. See TX64 support for a list of accessory kits.

  • Page 17: Step 3: Connect

    Use a #1 Phillips-head screwdriver to remove and replace the SIM gasket cover when installing SIM cards. Power supply Use a power supply provided by a Digi accessory kit or use an alternate power supply that complies with the power supply requirements. Laptop or personal computer Use an Ethernet cable to connect your TX64 to a laptop or PC.

  • Page 18: Step 4: Power Up

    Wait for the power LED to stop blinking. The device is ready. Step 5: Configure a. On the PC connected to the TX64, open a browser and go to 192.168.2.1. b. Log into the TX64: User name: Use the default user name: admin.

  • Page 19: Digi Tx64 Hardware Reference

    Digi TX64 hardware reference TX64 key features The Digi TX64 is an LTE-Advanced (LTE-A) router. Key features include: Wired Gigabit Ethernet (4-port) for onboard systems. Segmented private versus public data communication across dual 600 Mbps CAT 11 cellular. Video offload over 1.7 Gbps 802.11ac Wi-Fi backhaul.

  • Page 20: Tx64 Leds

    Digi TX64 hardware reference TX64 LEDs TX64 LEDs The TX64 LEDs are located on the top front panel. The number of LEDs varies by model. During bootup, the front-panel LEDs light up in sequence to indicate boot progress. Power Off: No power.

  • Page 21: Ethernet 1-4 Link And Activity (On Rear Panel)

    Power sensor and button behavior The TX64 has an ignition sensor that can automatically power on the device when the ignition line is You can also power on the TX64 using the Power button. If the TX64 does not automatically restart when the power ignition sense is on, press the Power button to restore power.

  • Page 22: Digi Tx64 Serial Connector Pinout

    Digi TX64 hardware reference Digi TX64 serial connector pinout Serial Power Digi TX64 serial connector pinout The TX64 is a DTE device. The pinout for the DB9 serial connector is as follows: DTE signal Signal name RS232 signal direction DB9 pin number...
  • Page 23 Hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Connect antennas Mount the TX64 to a mounting surface Connect power TX64 User Guide...

  • Page 24: Hardware Setup

    2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the TX64 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 25: Mount The Tx64 To A Mounting Surface

    Connect the TX64 power cable to a power source. Vehicle installation The TX64 shall be powered from a 5 A fused circuit or shall be installed with an in-line Slow Blow fuse rated at 5 A. Maximum ambient operating temperature is limited to 74°C.

  • Page 26: Mount And Ground Chassis

    Installations up to +70° C: Digi part number 76002079 or 76002081 Installations up to +74° C: TRACO Power TPP-30-112J, TPP-30-115J, TPP-30-124J, and TEX120- Mount and ground chassis If you intend to install the TX64 in a vehicle, follow these directions for mounting and grounding the device. Note Always follow the vehicle manufacturer recommendations for electrical accessories connections.

  • Page 27: Tx64 Power Connector

    Power installation must be performed by a qualified electrician, following the National Electrical Code, ANSI/NFPA 70 and Canadian Electrical Code, Part I, CSA C22.1. There must be a disconnect device in front of TX64 devices to protect maintenance workers. Use a 20 A circuit-breaker as the disconnect device.

  • Page 28: Configuration And Management

    Configuration and management This chapter contains the following topics: Review TX64 default settings Reset default password for the default admin user Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access points Configuration methods Using Digi Remote Manager Access Digi Remote Manager...

  • Page 29: Review Tx64 Default Settings

    Configuration and management Review TX64 default settings Review TX64 default settings You can review the default settings for your TX64 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the TX64 WebUI as a user with Admin access. See Using the web interface for details.
  • Page 30 Configuration and management Review TX64 default settings Preconfigured Interface type interfaces Devices Default configuration Local Area Networks (LANs) LAN1 Bridge: LAN1 Firewall zone: Internal IP address: 192.168.2.1/24 DHCP server enabled LAN priority: Metric=5 LAN hotspot Bridge: DHCP server: disabled hotspot_...

  • Page 31: Other Default Configuration Settings

    Authentication mode: hotspot_ Click-through bridge IP address: 10.1.0.1/24 DHCP server: Automatically enabled (on all hotspots) DHCP server lease range: 100-250 Other default configuration settings Feature Configuration Digi Remote Manager enabled as the central management service. Central management TX64 User Guide...

  • Page 32: Reset Default Password For The Default Admin User

       WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users > admin.

  • Page 33: Reset Default Ssids And Pre-Shared Keys For The Preconfigured Wi-Fi Access Points

    5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 34 SSIDs and pre-shared keys for the preconfigured Wi-Fi access points.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 35: Configuration Methods

    Configuration methods    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 36: Using Digi Remote Manager

    Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your TX64 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager.

  • Page 37: Log Out Of The Web Interface

    Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Displays the device connection status for Digi Remote Manager, the amount of time Remote the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.

  • Page 38: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the TX64 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 39: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the TX64 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...

  • Page 40: Interfaces

    Interfaces TX64 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs)

  • Page 41: Wide Area Networks (Wans)

    Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The TX64 device is preconfigured with one Wide Area Network (WAN), named WAN1, and two Wireless Wide Area Network (WWAN)s, named WWAN1 and WWAN2. Preconfigured Default Interface type interfaces Devices configuration...

  • Page 42: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    Wide Area Network (WWAN)s, named WWAN1 and WWAN2. You can also create additional WANs and WWANs. When a WAN is initialized, the TX64 device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
  • Page 43 For Metric, type 1. c. Click IPv6. d. For Metric, type 1. 4. Set the metrics for WAN1: a. Click Network > Interfaces > WAN1 > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. TX64 User Guide...
  • Page 44 Wide Area Networks (WANs) 5. Click Apply to save the configuration and apply the change. The TX64 device is now configured to use the cellular modem WWAN, WWAN1, as its highest priority WAN, and its Ethernet WAN, WAN1, as its secondary WAN.

  • Page 45: Wan/Wwan Failover

    WAN, and its Ethernet WAN, WAN1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the TX64 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...

  • Page 46: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the TX64 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 47   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 48 The default is 60 seconds. 10. Optional active recovery configuration parameters: a. For Restart interface, enable to configure the device to restart the interface when its connection is considered to have failed. This is useful for interfaces that may regain TX64 User Guide...
  • Page 49 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 50 (config network interface my_wan ipv4 surelinktarget 0)> dns_configured: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. http: Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. Specify the url: TX64 User Guide...
  • Page 51 Move back two levels in the configuration by typing ..: (config network interface my_wan ipv4 surelink target 0)> ..(config network interface my_wan ipv4 surelink> b. To configure the device to restart the interface when its connection is considered to have failed: TX64 User Guide...
  • Page 52 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 8. (Optional) Repeat this procedure for IPv6. TX64 User Guide...

  • Page 53: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the TX64 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 54   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 55 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. TX64 User Guide...
  • Page 56 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 57 (config network interface my_wan ipv4 surelink target 0)> interface_down_time value (config network interface my_wan ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. TX64 User Guide...
  • Page 58 (config network interface my_wan ipv4 surelink)> success_condition value (config network interface my_wan ipv4 surelink> Where value is either one or all. TX64 User Guide...

  • Page 59: Disable Surelink

    You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 60 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 61    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 62 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 63: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    TX64 device brings the WAN1 interface down and starts using the WWAN1 interface. If the TX64 device cannot get a connection on the WWAN1 interface, it attempts to use the WWAN2 interface. It continues to regularly test the connection to WAN1 and WWAN1, and when tests on one of those WANs succeeds, the device falls back to the successful highest priority WAN.
  • Page 64 Delete the existing test targets: Click the menu icon (...) next to each target and select Delete. e. For Add Test Target, click . f. For Test type, select Ping test. g. For Ping host, type 43.66.93.111. TX64 User Guide...
  • Page 65 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 66 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 67: Using Ethernet Devices In A Wan

    Using Ethernet devices in a WAN The TX64 device has four Ethernet devices, named ETH1 , ETH2, ETH3, and ETH4. You can use these Ethernet interfaces as a WAN when connecting to the Internet, through a device such as a cable...
  • Page 68 Interfaces Wide Area Networks (WANs) 3. The TX64 device has two WWANs, WWAN1 and WWAN2, which correspond to each cellular modem. Select the appropriate WWAN. For example, to configure the Access Point Names (APNs) for WWAN1, click Network > Interfaces > WWAN1 > APN list > APN.
  • Page 69 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 70 You can view a summary status for all cellular modems, or view detailed status and statistics for a specific modem.    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, click Status. TX64 User Guide...
  • Page 71 The modem status window is displayed    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 72   Command line To unlock a SIM card: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 73 To run AT commands from the TX64 command line:    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 74 To accomplish this, we will create separate WWAN interfaces that use the same modem but use different APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 75 For Interface type, select Modem. d. For Zone, select External. e. For Device, select WWAN1 cellular modem . f. (Optional): Configure the public APN. If the public APN is not configured, the TX64 will attempt to determine the APN. TX64 User Guide...
  • Page 76 For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: TX64 User Guide...
  • Page 77 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. TX64 User Guide...
  • Page 78 Set the modem device: (config network interface WWANPublic)> modem device wwan1 (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the TX64 will attempt to determine the APN. TX64 User Guide...
  • Page 79 Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through public apn" (config network route policy 0)> c. Set the interface: (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> TX64 User Guide...
  • Page 80 (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> j. Configure the source address: i. Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> TX64 User Guide...
  • Page 81 (config network route policy 1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 82: Configure A Wide Area Network (Wan)

    Configure SureLink active recovery to detect WAN/WWAN failures for further information. MAC address blacklist and whitelist. To create a new WAN or edit an existing WAN:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 83 New WANs are enabled by default. To disable, click Enable. 5. For Interface type, leave at the default setting of Ethernet. 6. For Zone, select External. 7. For Device, select an Ethernet device, a Wi-Fi client, or a bridge. See Bridging for more information about bridging. TX64 User Guide...
  • Page 84 Never: Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the TX64 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 85 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the TX64 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 86 Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/device/eth3 /network/device/eth4 /network/device/loopback /network/bridge/hotspot_bridge /network/bridge/lan1 /network/wireless/ap/digi_ap1 /network/wireless/ap/digi_ap2 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Current value: (config network interface my_wan)> device b. Set the device for the LAN: (config network interface my_wan)> device device (config network interface my_wan)> TX64 User Guide...
  • Page 87 DNS server, the interface with the lowest metric will be used for DNS requests. primary: Only use the DNS servers provided for this interface when the interface is the primary route. never: Never use DNS servers for this interface. TX64 User Guide...
  • Page 88 Interfaces Wide Area Networks (WANs) vi. Enable DHCP Hostname to instruct the TX64 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.

  • Page 89: Configure A Wireless Wide Area Network (Wwan)

    The IPv4 management priority of the WAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. The IPv4 Maximum Transmission Unit (MTU) of the WAN. TX64 User Guide...
  • Page 90    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 91 DNS server, the interface with the lowest metric will be used for DNS requests. When primary default route: Only use the DNS servers provided for this WWAN when the WWAN is the primary route. Never: Never use DNS servers for this WWAN. TX64 User Guide...
  • Page 92 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the TX64 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 93 Active recovery.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 94 Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T (config network interface my_wwan)> ii. Set the carrier: (config network interface my_wwan)> modem carrier value (config network interface my_wwan)> TX64 User Guide...
  • Page 95 (config network interface my_wwan)> Where value is one of: always: DNS will always be used for this WWAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS TX64 User Guide...
  • Page 96 The device will reboot if automatic SIM switching is unavailable. 7. The TX64 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 97 (config network interface my_wwan)> ipv6 enable false (config network interface my_wwan)> c. Set the metric. (config network interface my_wwan)> ipv6 metric num (config network interface my_wwan)> Configure WAN/WWAN priority and default route metrics for further information about metrics. TX64 User Guide...

  • Page 98: Show Wan And Wwan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 99: Delete A Wan Or Wwan

    Delete a WAN or WWAN. Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, WAN1, or the preconfigured WWANs, WWAN1 and WWAN2.    WebUI TX64 User Guide...
  • Page 100 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 101 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 102: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The TX64 device is preconfigured with the following Local Area Networks (LANs): Preconfigured Interface type interfaces Devices Default configuration Local Area Networks (LANs) LAN1 Bridge: LAN1 Firewall zone: Internal IP address: 192.168.2.1/24...

  • Page 103: About Local Area Networks (Lans)

    The following diagram shows a LAN connected to the ETH2, ETH3, and ETH4 Ethernet devices and the Digi AP (Wi-Fi1) access point. Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
  • Page 104 To create a new LAN or edit an existing LAN:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 105 For Prefix ID, type the identifier used to extend the prefix to the assigned length. Leave blank to use a random identifier. f. Set the Metric. TX64 User Guide...
  • Page 106 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 107 (config network interface my_lan)> These instructions assume that the LAN will use a static IP address for its IPv4 configuration. a. Set the IPv4 address and subnet of the LAN interface. Use the format IPv4_ address/netmask, for example, 192.168.2.1/24. TX64 User Guide...
  • Page 108 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value ----------------------------------------------------------------------- TX64 User Guide...
  • Page 109 (config network interface my_lan)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 110: Example: Configure Two Lans

    Local Area Networks (LANs) Example: Configure two LANs The default configuration of the TX64 consists of one LAN (LAN1), which is configured to use the LAN1 bridge. Its default IP address is 192.168.2.1, and it has its DHCP server enabled. The default...
  • Page 111 Add the ETH3 and Digi AP (Wi-Fi2) devices to the bridge: i. Click to expand Devices. ii. For Add Device:, click . iii. For Device, select Ethernet: ETH3. iv. For Add device, click  again and select WiFi access point: Digi AP (Wi-Fi2). TX64 User Guide...
  • Page 112 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 113 Add the ETH3 device to the bridge: (config network bridge LAN2)> add device end /network/device/eth3 (config network bridge LAN2)> c. Add the Digi AP (Wi-Fi2) access point to the bridge: (config network bridge LAN2)> add device end /network/wireless/ap/digi_ (config network bridge LAN2)>...
  • Page 114 In this task, we will create a new LAN, named LAN2, to use the LAN2 bridge created in task one.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 115 Local Area Networks (LANs) 6. Enable the access points and set the SSIDs: a. Configure Digi AP (Wi-Fi1): i. Click Network > Wi-Fi > Access points > Digi AP (Wi-Fi1). ii. Click Enable. iii. For SSID, type Example1. iv. For Pre-shared key, enter a password that clients will use to connect to this access point.
  • Page 116 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 117 Set the SSID for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 ssid Example1 (config)> d. Set the password for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 encryption key_psk2 password1 (config)> e. Enable the Digi AP (Wi-Fi2) access point: (config)>...

  • Page 118: Show Lan Status And Statistics

    WAN/ETH1 Ethernet port. 2. Verify that LAN1 is operating correctly: a. Connect a device to LAN1 through the ETH2 Ethernet port, or by connecting to the Digi AP (Wi-Fi1) access point. b. Verify that the device has been provided an IP address from the LAN1 DHCP server in the 192.168.2.* subnet.
  • Page 119 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) IPv6 Status : up IPv6 Type : prefix IPv6 Address(es) : fd00:2704::1/48 IPv6 Gateway IPv6 MTU : 1500 IPv6 Metric IPv6 Weight : 10 IPv6 DNS Server(s) > TX64 User Guide...

  • Page 120: Delete A Lan

    4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...

  • Page 121: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your TX64 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 122    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 123 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 124 (config)> network interface my_lan ipv4 dhcp_server advanced gateway value (config)> where value is one of: none: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the TX64 device's gateway. TX64 User Guide...
  • Page 125 (config)> network interface my_lan ipv4 dhcp_server advanced primary_ wins value (config)> network interface my_lan ipv4 dhcp_server advanced secondary_ wins value (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the TX64 device's server. TX64 User Guide...
  • Page 126 MAC address of the device. Additional configuration items A label for this instance of the static lease. To map static IP addresses:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 127 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 128 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:    WebUI TX64 User Guide...
  • Page 129 3. Under Networking, click DHCP Leases.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 130 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 131 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your TX64 device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 132 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 133 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte TX64 User Guide...
  • Page 134 LAN. For the TX64 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 135 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 136 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the TX64 device and to diagnose DHCP issues. ...

  • Page 137: Create A Virtual Lan (Vlan) Route

    LAN. Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. TX64 User Guide...
  • Page 138 To create a VLAN:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 139 Local Area Networks (LANs)    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 140 Interfaces Local Area Networks (LANs) 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 141: Bridging

    Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. By default, the TX64 has the following preconfigured bridges: Preconfigured Default Interface type interfaces Devices configuration...

  • Page 142: Edit The Preconfigured Lan1 Bridge

    To edit the preconfigured LAN1 bridge:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges > LAN1.
  • Page 143 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 144 3 /network/wireless/ap/digi_ap1 4 /network/wireless/ap/digi_ap2 (config)> ii. Use the index number to delete the appropriate device. For example, to delete the Digi AP (Wi-Fi1) Wi-Fi access point from the bridge: (config)> del network bridge lan1 device 3 (config)> Note If you are deleting multiple devices from the bridge, the device index may be reordered after each deletion.

  • Page 145: Configure A Bridge

    Interfaces Bridging Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge my_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> 5. (Optional) Enable Spanning Tree Protocol (STP).
  • Page 146 To create a bridge:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges.
  • Page 147 Interfaces Bridging TX64 User Guide...
  • Page 148 Bridging    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 149 Interfaces Bridging b. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> 6. (Optional) Enable Spanning Tree Protocol (STP). STP is used when using multiple LANs on the same device, to prevent bridge loops and other routing conflicts.

  • Page 150: Configure The Serial Port

    TX64 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your TX64 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the TX64 device's serial port.

  • Page 151: Serial Port

    Python applications that access the serial port. The default is Login. 5. (Optional) For Label, enter a label that will be used when referring to this port. 6. Click to expand Serial Settings. TX64 User Guide...
  • Page 152    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 153 7. If mode is set to remote: a. Set the characters used to start an escape sequence: (config)> serial port1 escape string (config) If no characters are defined, the escape sequence is disabled. The default is ~b. TX64 User Guide...
  • Page 154 (config)> b. Set the TCP port: (config)> serial port1 service tcp port port (config)> c. (Optional) Configure the access control list to limit access to the TCP connection: To limit access to specified IPv4 addresses and networks: TX64 User Guide...
  • Page 155 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add serial port1 service tcp acl interface end value (config)>...
  • Page 156 (config)> b. Set the telnet port: (config)> serial port1 service telnet port port (config)> c. (Optional) Configure the access control list to limit access to the telnet connection: To limit access to specified IPv4 addresses and networks: TX64 User Guide...
  • Page 157 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add serial port1 service telnet acl interface end value (config)>...
  • Page 158 (Optional) Configure the access control list to limit access to the telnet connection: To limit access to specified IPv4 addresses and networks: (config)> add serial port1 service ssh acl address end value (config)> Where value can be: TX64 User Guide...
  • Page 159 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add serial port1 service ssh acl interface end value (config)>...

  • Page 160: Add A Usb Serial Port

    Type quit to disconnect from the device. Add a USB serial port Your TX64 can be configured to support USB-to-serial adapters for serial access to the device, remote serial out-of-band (OOB) access to other devices, or for use in python applications. The following USB-...
  • Page 161 Serial port Add a USB serial port 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Serial.
  • Page 162 For example, to set Idle timeout to ten minutes, enter 10m or 600s. The default is 15m. e. (Optional) Click to expand Monitor. i. Enable CTS to monitor CTS (Clear to Send) changes on this port. ii. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port. TX64 User Guide...
  • Page 163 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: i. Click Interfaces.
  • Page 164 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: i. Click Interfaces.
  • Page 165 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: i. Click Interfaces.
  • Page 166 Add a USB serial port    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 167 (config serial USB_port)> history bytes (config serial USB_port) The default is 4000 bytes. d. Set the amount of time to wait before disconnecting due to user inactivity: (config serial USB_port)> idle_timeout value (config serial USB_port) TX64 User Guide...
  • Page 168 No limit to IPv4 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config serial USB_port)> add service tcp acl address6 end value (config serial USB_port)> Where value can be: TX64 User Guide...
  • Page 169 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config serial USB_port)> add service tcp acl interface end value (config serial USB_port)>...
  • Page 170 A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: TX64 User Guide...
  • Page 171 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)>...
  • Page 172 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. TX64 User Guide...
  • Page 173 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)>...

  • Page 174: Show Serial Status And Statistics

    3. Under Connections, click Serial.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 175 -------- Serial 1 port1 true login 115000 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...
  • Page 176 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Show Wi-Fi access point status and statistics Configure a Wi-Fi client and add client networks Show Wi-Fi client status and statistics TX64 User Guide...

  • Page 177: Wi-Fi

    Wi-Fi configuration Wi-Fi configuration The TX64 device has two Wi-Fi radios. You can configure the Wi-Fi radios for Wi-Fi access point mode or Wi-Fi client mode. By default, the TX64 radios are configured to use access point mode. A typical configuration is to configure one Wi-Fi radio in access point mode with one or multiple access points, and configure the other radio, connected to a separate set of antennas, as a Wi-Fi client to be used as a WAN interface.
  • Page 178 Enabled Encyrption WPA2 Personal (PSK) WPA2 Personal (PSK) Pre-shared key Default password as found on Default password as found on the device's label the device's label Group rekey interval 10 minutes 10 minutes Client mode connections: none. TX64 User Guide...

  • Page 179: Configure The Wi-Fi Module Channel

    For the 5.0 GHz band, only non-Dynamic Frequency Selection (DFS) channels are supported.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 180 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 181: Configure The Wi-Fi Module Band And Protocol

    2.4 GHz b/g/n band, and Wi-Fi2 radio only supports 5 GHz ac/n.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 182 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 183: Configure A Wi-Fi Access Point With No Security

    By default, the TX64 device comes with two preconfigured access points, Digi AP (Wi-Fi1) and Digi AP (Wi-Fi2). You cannot delete default access points, but you can modify them or you can create your own access points.
  • Page 184 To configure a Wi-Fi access point with no security:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 185   Command line Configure a new Access point 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 186 (config network wifi ap new_AP)> encryption group_rekey value (config network wifi ap new_AP)> where value is any number of days, hours, minutes, or seconds, and takes the format number {d|h|m|s}. TX64 User Guide...
  • Page 187 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 188 Increasing the time between rekeys can improve connectivity issues in noisy environments. To disable group rekeys, set to 0. This will allow any client that has previously connected see all broadcast traffic on the wireless network until the Wi-Fi radio is restarted. The default is 10 minutes. TX64 User Guide...

  • Page 189: Configure A Wi-Fi Access Point With Personal Security

    By default, the TX64 device comes with two preconfigured access points, Digi AP (Wi-Fi1) and Digi AP (Wi-Fi2). You cannot delete default access points, but you can modify them or you can create your own access points.
  • Page 190 The Wi-Fi access point configuration window is displayed. 5. Enable the access point. New access points are enabled by default. The default preconfigured access points are disabled by default. 6. For Radio, select the appropriate Wi-Fi radio. TX64 User Guide...
  • Page 191   Command line Configure a new Access point 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 192 (config network wifi ap new_AP)> where value is any number of days, hours, minutes, or seconds, and takes the format number {d|h|m|s}. For example, to set group rekey interval to ten minutes, enter either 10m or 600s: TX64 User Guide...
  • Page 193 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 194 {d|h|m|s}. For example, to set group rekey interval to ten minutes, enter either 10m or 600s: (config)> network wireless ap digi_ap1 encryption group_rekey 600s (config)> TX64 User Guide...

  • Page 195: Configure A Wi-Fi Access Point With Enterprise Security

    RADIUS server, rather than using preshared key on the TX64 device. By default, the TX64 device comes with two preconfigured access points, Digi AP (Wi-Fi1) and Digi AP (Wi-Fi2). You cannot delete default access points, but you can modify them or you can create your own access points.
  • Page 196 To configure a Wi-Fi access point with WPA2 enterprise security:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 197 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 16. Click Apply to save the configuration and apply the change.    Command line Configure a new Access point TX64 User Guide...
  • Page 198 Wi-Fi Configure a Wi-Fi access point with enterprise security 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 199 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 200 8. Set the IP address or hostname of the RADIUS server: (config)> network wifi ap digi_ap1 encryption host_wpa2 hostname (config)> 9. Set the secret key as configured on the RADIUS server: (config)> network wifi ap digi_ap1 encryption key_wpa2 secret_key (config)> TX64 User Guide...
  • Page 201 Configure a bridge for more information. The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 6. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...
  • Page 202 Configure a Wi-Fi access point with enterprise security 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 203: Isolate Wi-Fi Clients

    Isolate clients connected to the same access point    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 204: Isolate Clients Connected To Different Access Points

    Isolate Wi-Fi clients    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 205 Click Firewall > Packet filtering. ii. For Add packet filter, click . iii. For Label, type Drop traffic from Internal to LAN2_isolation_zone. iv. For Action, select Drop. v. For Source zone, select Internal. vi. For Destination zone, select LAN2_isolation_zone. TX64 User Guide...
  • Page 206 We will use that LAN for the Digi AP (Wi-Fi1) access point, and create a new LAN for the Digi AP (Wi-Fi2) access point. In this step, we create a new LAN for the Digi AP (Wi- Fi2) access point; in the next step, we will remove the Digi AP (Wi-Fi2) access point from the default bridge (and thus from the default LAN).
  • Page 207 5. Remove the Digi AP (Wi-Fi2) access point from the LAN1 bridge: a. Click Network > Bridges > LAN1. b. Click the down arrow () next to the the Digi AP (Wi-Fi2) access point and select Delete. 6. Click Apply to save the configuration and apply the change.
  • Page 208 Return to the root config prompt by typing three periods (...): (config firewall zone LAN2_isolation_zone)> ... (config)> ii. Add the new packet filter: (config)> add firewall filter end (config firewall filter 2)> iii. Set the label for the filter: TX64 User Guide...
  • Page 209 We will use that LAN for the Digi AP (Wi-Fi1) access point, and create a new LAN for the Digi AP (Wi-Fi2) access point. In this step, we create a new LAN for the Digi AP (Wi- TX64 User Guide...
  • Page 210 Wi-Fi Isolate Wi-Fi clients Fi2) access point; in the next step, we will remove the Digi AP (Wi-Fi2) access point from the default bridge (and thus from the default LAN). a. Return to the root config prompt by typing three periods (...): (config firewall filter 0)>...

  • Page 211: Show Wi-Fi Access Point Status And Statistics

    To show the status and statistics for Wi-Fi access points, use the show wifi command. 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 212: Configure A Wi-Fi Client And Add Client Networks

    Wi-Fi Configure a Wi-Fi client and add client networks 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 213 Wi-Fi Configure a Wi-Fi client and add client networks 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > WiFi > Client mode connections.
  • Page 214 Scan threshold. f. Click to expand Scan frequencies list. The TX64 device has three preconfigured channels that will be scanned for available access points: Channel 1 (2412 MHz)
  • Page 215 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 216 Background scanning allows the device to scan for nearby access points and to move between access points that have the same SSID that is configured for the client connection, based on the signal strength of the access points. a. Enable background scanning: TX64 User Guide...
  • Page 217 (config network wifi client new_client)> where value is any integer greater than 0. The default is 1. e. Configure the frequencies that will be scanned for available access points. The TX64 device has three preconfigured frequencies: 2412 MHz 2437 MHz 2462 MHz You can delete the preconfigured frequencies and add additional frequencies.
  • Page 218 Add the appropriate frequency. For example, to add the 2457 frequency to the end of the list: (config network wifi client new_client)> add background_scanning scan_freq end 2457 (config network wifi client new_client)> 7. Save the configuration and apply the change: (config network wireless client new_client)> save Configuration saved. > TX64 User Guide...

  • Page 219: Show Wi-Fi Client Status And Statistics

    To show the status and statistics for Wi-Fi client, use the show wifi command. 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 220 > show wifi client name my_client Client : my_client Enabled : true SSID : my_SSID Status : up Signal : -43 : 91:fe:86:d1:0e:81 Channel : 48 Radio : wifi1 TX Power : 23 Link Quality : 67/70 BSSID : 6D:B9:DD:BD:EE:C4 > TX64 User Guide...

  • Page 221: Hotspot

    Hotspot Your TX64 device offers the ability to create a publicly available hotspot, which allows you to provide internet access to users while restricting their ability to access other functionality on the TX64 device, as well as applying bandwidth limits, authenticating users, and other features. The TX64 device's implementation of hotspot uses a "captive portal"...

  • Page 222: Hotspot Authentication Modes

    Local shared password: Requires each user to enter a password. This password is validated locally on the TX64 device, and the password is the same for all users. The sample HTML page included with your TX64 device for local shared password authentication is password.html.

  • Page 223: Hotspot Dhcp Server

    Hotspot DHCP server Hotspot DHCP server When the hotspot is enabled on the TX64 device, it automatically enables a DHCP server. During hotspot configuration, you assign an IPv4 address to the hotspot, and the DHCP server then uses the subnet of the hotspot's IP address, along with the hotspot's subnet mask, to assign IPv4 addresses to clients that connect to the hotspot.

  • Page 224: Hotspot Configuration

    Hotspot configuration This section provides information about enabling and configuring the default hotspot that is provided with your TX64 installation, as well as creating a new hotspot and configuring the type of authentication mode you select for your hotspot. This section contains the following topics:...

  • Page 225: Enable Hotspot Using The Default Configuration

    Hotspot Hotspot configuration Enable hotspot using the default configuration The default configuration of the TX64 device's hotspot is: Default configuration Hotspot Name: hotspot Disabled Authentication mode: Click-through IP address: 10.1.0.1/24 DHCP server: Automatically enabled DHCP server lease range: 100-250 Bandwidth limits:...
  • Page 226 Configure the hotspot to use HotspotSystem authentication. Change the default hotspot IP address and subnet. Modify the sample local HTML page that the TX64 device uses by default for click-through authentication. See Edit sample hotspot HTML pages for information. ...
  • Page 227 Hotspot Hotspot configuration 4. Enable the hotspot access points: a. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi1). b. Click Enable. c. Click Digi Hotspot AP (Wi-Fi2). d. Click Enable. 5. Enable the hotspot bridge: a. Click Network > Bridges > hotspot_bridge.
  • Page 228 Hotspot Hotspot configuration TX64 User Guide...
  • Page 229 Hotspot configuration    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 230: Change The Default Hotspot Ssid

    An SSID for the hotspot.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi1).
  • Page 231 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 232: Change The Default Hotspot Ip Address And Subnet

    To change the default hotspot IP address and subnet:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 233 IP address. The default is 250. 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...
  • Page 234 IP address, and is combined with the subnet of the hotspot's static IP address. (config)> network hotspot hotspot ipv4 address dhcp_server lease_end value (config)> where value is any integer between 1 and 254. The default is 250. TX64 User Guide...

  • Page 235: Change The Default Hotspot Bandwidth Limits

    To change the default hotspot IP address and subnet:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 236 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 237: Add An Ethernet Port To The Default Hotspot

    To add an Ethernet port to the default hotspot:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 238 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 239 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 240: Create A New Hotspot

    Subnets that clients connected to the hotspot can access prior to the client being authenticated. Maximum download speed, in Kbps. Maximum upload speed, in Kbps. Enable verbose logging. To create a new hotspot:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 241 Hotspot bridges must also be part of an interface with a configured IP address. a. Click Network > Bridges. b. For Add Bridge:, type a name for the bridge and click . c. Add devices to the bridge: i. Click to expand Devices. ii. For Add device, click . TX64 User Guide...
  • Page 242 Click-through: Requires each user to accept the terms and conditions. Local shared password: Requires each user to enter a password. This password is validated locally on the TX64 device, and the password is the same for all users. TX64 User Guide...
  • Page 243 HotspotSystem authentication. 11. For Login page source, select either: Local: Uses an HTML page for authentication that is stored locally on the TX64 device's filesystem, in the /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time.
  • Page 244 Repeat to add additional subnets. 17. (Optional) For Maximum download speed, type the maximum download speed in kilobytes per second (Kbps). 18. (Optional) For Maximum upload speed, type the maximum upload speed in kilobytes per second (Kbps). TX64 User Guide...
  • Page 245 20. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 246 (config)> add network bridge new_hotspot_bridge (config network bridge new_hotspot_bridge)> b. Add devices to the bridge: i. Determine available devices: (config network bridge new_hotspot_bridge)> ..interface lan1 device ? Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 TX64 User Guide...
  • Page 247 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> c. Type ... to return to the config prompt: (config network bridge new_hotspot_bridge)>...
  • Page 248 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> b. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> TX64 User Guide...
  • Page 249 Requires each user to accept the terms and conditions. local_shared_password: Requires each user to enter a password. This password is validated locally on the TX64 device, and the password is the same for all users. Configure the hotspot to use local shared password authentication for information about configuring hotspot for local shared password authentication.
  • Page 250 (config network hotspot new_hotspot)> where value is either: local: Uses an HTML page for authentication that is stored locally on the TX64 device's filesystem, in the /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time.
  • Page 251 If external servers are used for client authentication, such as a RADIUS server or HotspotSystem, they should be included in the walled garden settings. Add domains that can be accessed by the client prior to authentication: TX64 User Guide...

  • Page 252: Configure The Hotspot To Use Local Shared Password Authentication

    Local shared password authentication requires each user to enter a password. This password is validated locally on the TX64 device, and the password is the same for all users. By default, the router redirects unauthenticated users to the HTML authentication page located on the router at etc/config/hotspot/password.html.
  • Page 253    Configure hotspot for local shared password authentication from the WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 254: Configure The Hotspot To Use Radius Shared Password Authentication

       Configure hotspot for local shared password authentication from the Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 255    Configure hotspot for RADIUS shared password authentication from the WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 256 7. Click Apply to save the configuration and apply the change.    Configure hotspot for RADIUS shared password authentication from the Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...
  • Page 257 (config)> network hotspot hotspot_name radius nas_id id (config)> The default is hotspot. g. (Optional) Enable Swap Octets to swap the meaning of the input octets/packets and output octets/packets RADIUS attributes. This can fix issues if the data limits and/or TX64 User Guide...

  • Page 258: Configure The Hotspot To Use Radius Users Authentication

    By default, the router redirects unauthenticated users to the HTML authentication page located on the router at etc/config/hotspot/login.html. You can customize the authentication page as needed, or host an authentication page on a remote server. See Customize the hotspot login page for further information. TX64 User Guide...
  • Page 259    Configure hotspot for RADIUS users authentication from the WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 260 7. Click Apply to save the configuration and apply the change.    Configure hotspot for RADIUS users authentication from the Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...
  • Page 261 (config)> network hotspot hotspot_name radius nas_id id (config)> The default is hotspot. g. (Optional) Enable Swap Octets to swap the meaning of the input octets/packets and output octets/packets RADIUS attributes. This can fix issues if the data limits and/or TX64 User Guide...

  • Page 262: Configure The Hotspot To Use Hotspotsystem Authentication

    Type quit to disconnect from the device. Configure the hotspot to use HotspotSystem authentication You can configure TX64 hotspot to use HotspotSystem, a cloud hotspot service that supports various free and paid authentication methods, including social media account, SMS, voucher, and PayPal.
  • Page 263 Refer to the following page for an up-to-date list of social login domains that need to be whitelisted: Whitelist for hotspot free social login.    Configure hotspot for HotspotSystem authentication from the WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 264 For Subnet, type an IPv4 address and optional subnet mask, using the format IPv4_ address[/netmask], or the keyword any. d. Repeat to add additional subnets. 7. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 265    Configure hotspot for HotspotSystem authentication from the Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 266: Show Hotspot Status And Statistics

    The Hotspot status page is displayed.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 267: Customize The Hotspot Login Page

    Type quit to disconnect from the device. Customize the hotspot login page The TX64 device provides three sample HTML webpages for use with the hotspot feature. When hotspot is enabled for the first time, the sample webpages are installed to the /etc/config/hotspot folder on the device's filesystem.
  • Page 268 Hotspot Customize the hotspot login page the HTML pages on an external web server, rather than on the TX64 device. See Create a new hotspot for information about configuring the HTML page that the hotspot will use. This section contains the following topics:...

  • Page 269: Edit Sample Hotspot Html Pages

       WebUI 1. Download the sample HTML file: a. Log into the TX64 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the hotspot directory and click  to open the directory.

  • Page 270: Upload Custom Hotspot Html Pages

    Supported file extensions include: .html, .gif, .js, .jpg, .mp4, .ogv, .png, .swf, .json, and .dat. You can configure the TX64 device to use your custom HTML page using either the WebUI or the command line: ...
  • Page 271 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Use the command to upload the edited file from your local machine the the TX64 device. For example: > scp host 192.168.4.1 user admin remote /home/admin/temp/ local /etc/config/hotspot/custom.html to local...

  • Page 272: Restore Hotspot Default Sample Pages

    The hotspot directory and files are loaded when the hotspot is enabled, and you can restore the default pages by doing the following: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 273: Hotspot Radius Attributes

    Also, if the RADIUS server requests it, the hotspot will send accounting information back to the RADIUS server. For example, here are some of the RADIUS attributes that the hotspot sends: Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Input-Gigawords Acct-Output-Gigawords TX64 User Guide...

  • Page 274: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) TX64 User Guide...

  • Page 275: Ip Routing

    IP routing IP routing The TX64 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 276: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 277 7. For Interface, select the interface on the TX64 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 278 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the TX64 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...

  • Page 279: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 280 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 281: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the TX64 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 282 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the TX64 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 283 Click to expand Domains. ii. Click the  to add a domain. iii. For Domain, type the domain name. iv. Repeat to add additional domains. 12. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 284 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the TX64 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 285 Source and destination ports are matched: a. Set the source port: (config network route policy 0)> src_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the source port. TX64 User Guide...
  • Page 286 Set the zone. For example: (config network route policy 0)> src zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the source IP address to the selected interface's network address. Set the interface: TX64 User Guide...
  • Page 287 Matches the source MAC address to the specified MAC address. Set the MAC address to be matched: (config network route policy 0)> src mac MAC_address (config network route policy 0)> 10. Set the destination address type: (config network route policy 0)> dst type value (config network route policy 0)> TX64 User Guide...
  • Page 288 Use the ? to determine available interfaces: (config network route policy 0)> dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan1 /network/interface/wwan2 Current value: (config network route policy 0)> dst interface TX64 User Guide...
  • Page 289 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 290: Example: Dual Wan Policy-Based Routing

    Ethernet WAN interface.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 291 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 292 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 293: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 294 Click to expand Source address. ii. For Type, select MAC address. iii. For MAC address, type 26:88:0E:23:50:C2. f. Configure the destination zone: i. Click to expand Destination address. ii. For Type, select Zone. iii. For Zone, select CellularWAN. TX64 User Guide...
  • Page 295 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 296 (config)> network interface wwan1 zone CellularWAN (config)> b. Set the zone for the Ethernet WAN interface: (config)> network interface wan1 zone EthernetWAN (config)> 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: TX64 User Guide...
  • Page 297 Create a new packet filtering rule: i. Type ... to move to the root of the configuration: (config network route policy 0)> ... (config)> ii. Create the packet filtering rule: (config)> add firewall filter end (config firewall filter 2)> TX64 User Guide...

  • Page 298: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your TX64 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...

  • Page 299: Configure Routing Services

    Enable and configure the types of routing services that will be used.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 300 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 301: Show The Routing Table

    To display the routing table:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 302 5. Click IPv6 Load Balance to view IPv6 load balancing.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 303: Dynamic Dns

    WAN or public IP address changes. Your TX64 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 304 The number of times to retry a failed IP address update.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 305 The setting for Forced update interval must be larger than the setting for Check Interval. 12. (Optional) For Retry interval, type the amount of time to wait for an IP address update to succeed before retrying the update. TX64 User Guide...
  • Page 306 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 307 9. Set the password to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> password pwd (config network ddns new_ddns_instance)> 10. (Optional) Set the amount of time to wait to check if the interface's IP address needs to be TX64 User Guide...
  • Page 308 13. (Optional) Set the number of times to retry a failed IP address update: (config network ddns new_ddns_instance)> retry_count value (config network ddns new_ddns_instance)> where value is any interger. The default is 5. 14. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...

  • Page 309: Virtual Router Redundancy Protocol (Vrrp)

    Multiple TX64 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 310 IP address of the VRRP pool, then the priority of this device should be set to 255 . Allowed values are from 1 and 255, and it is configured to 100 by default. TX64 User Guide...
  • Page 311 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 312 (config network vrrp new_vrrp_instance)> Additional virtual IP addresses can be added by repeating this step with different values for ip_ address. 10. Save the configuration and apply the change: (config network vrrp new_vrrp_instance)> save Configuration saved. > TX64 User Guide...

  • Page 313: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a TX64 device. VRRP status is available from the Web UI only. ...
  • Page 314 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) TX64 User Guide...

  • Page 315: Ipsec

    Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. TX64 User Guide...

  • Page 316: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the TX64 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 317 The lifetime of the IPsec tunnel before it is renegotiated. The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. TX64 User Guide...
  • Page 318 Virtual Private Networks (VPN) IPsec    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 319 Transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. 12. Select the Protocol, either: ESP (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. AH (Authentication Header): Provides authentication and integrity only. TX64 User Guide...
  • Page 320 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the TX64 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 321 Auto: The ID will be automatically determined from the value of the tunnels endpoints. Raw: Enter an ID and have it passed unmodified to the underlying IPsec stack. For Raw ID value, type the ID that will be passed. Any: Any ID will be accepted. TX64 User Guide...
  • Page 322 For Address, select the appropriate interface. Custom network: A user-defined network. For Custom network, enter the IPv4 address and optional netmask. The keyword any can also be used. Request a network: Requests a network from the remote peer. TX64 User Guide...
  • Page 323 Click to expand Phase 1 Proposals. i. Click  to create a new phase 1 proposal. ii. For Cipher, select the type of encryption. iii. For Hash, select the type of hash to use to verify communication integrity. TX64 User Guide...
  • Page 324 NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. 23. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 24. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 325 IPsec    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 326 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. TX64 User Guide...
  • Page 327 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> TX64 User Guide...
  • Page 328 MODECFG client functionality configures the device to receive configuration information, such as the private IP address, from the remote peer. a. Enable MODECFG client functionality: (config vpn ipsec tunnel ipsec_example)> modecfg_client enable true (config vpn ipsec tunnel ipsec_example)> TX64 User Guide...
  • Page 329 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> local id rfc822_id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. TX64 User Guide...
  • Page 330 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id ipv6_id id (config vpn ipsec tunnel ipsec_example)> TX64 User Guide...
  • Page 331 (config vpn ipsec tunnel ipsec_example)> e. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: (config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value (config vpn ipsec tunnel ipsec_example)> TX64 User Guide...
  • Page 332 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. TX64 User Guide...
  • Page 333 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. TX64 User Guide...
  • Page 334 (config)> c. Set the number of seconds between transmissions of dead peer packets. Dead peer packets are only sent when the tunnel is idle. The default is 60. (config)> vpn ipsec tunnel ipsec_example dpd delay value (config)> TX64 User Guide...
  • Page 335 (config vpn ipsec tunnel ipsec_example policy 0)> local address ? Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: defaultip defaultlinklocal lan1 lan_hotspot loopback TX64 User Guide...
  • Page 336 Set the custom network: (config vpn ipsec tunnel ipsec_example policy 0)> local custom value (config vpn ipsec tunnel ipsec_example policy 0)> where value is the IPv4 address and optional netmask. The keyword any can also be used. TX64 User Guide...
  • Page 337 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 338: Configure Ipsec Failover

    IPsec Configure IPsec failover You can configure the TX64 device to fail over from a primary IPsec tunnel to a backup tunnel. During configuration of the backup IPsec tunnel, identify the primary IPsec tunnel in the Preferred tunnel parameter. The Preferred tunnel parameter instructs the backup IPsec tunnel to start only when the preferred tunnel has been determined to have failed.

  • Page 339: Configure Surelink Active Recovery For Ipsec

    Type quit to disconnect from the device. Configure SureLink active recovery for IPsec You can configure the TX64 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 340 Virtual Private Networks (VPN) IPsec    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 341 IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size. DNS test or DNS test (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. TX64 User Guide...
  • Page 342 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 343 10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config vpn ipsec tunnel ipsec_example)> connection_monitor timeout value (config vpn ipsec tunnel ipsec_example)> TX64 User Guide...
  • Page 344 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_server ip_address (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_configured (IPv4) or dns_configured6 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. TX64 User Guide...
  • Page 345 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 connection_monitor target 0)> interface_timeout 600s (config network interface my_wan ipv4 connection_monitor target 0)> The default is 60 seconds. TX64 User Guide...

  • Page 346: Show Ipsec Status And Statistics

       Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 347: Configure A Simple Certificate Enrollment Protocol Client

    Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509 certificate deployment. You can configure TX64 device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
  • Page 348 6. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the TX64 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 349 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 350 8. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the TX64 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.

  • Page 351: Example: Scep Client Configuration With Fortinet Scep Server

    Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the TX64 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 352 The Renewable Time setting on the TX64 device must match the setting of this parameter. g. The remaining fields can be left at their defaults or changed as appropriate.
  • Page 353 8. Click to expand SCEP server. 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. TX64 User Guide...
  • Page 354 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 355 IPsec    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 356 (config network scep_client Fortinet_SCEP_client)> 9. (Optional) Set the filename of the Certificate Revocation List (CRL) from the CA. The CRL is stored on the TX64 device in the /etc/config/scep_client/client_name directory. (config network scep_client Fortinet_SCEP_client)> crl_name name (config network scep_client Fortinet_SCEP_client)>...

  • Page 357: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The TX64 device supports two types of OpenVPN topology:...

  • Page 358: Configure An Openvpn Server

    LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The TX64 device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
  • Page 359 Additional OpenVPN parameters.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 360 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. TX64 User Guide...
  • Page 361 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 362 OpenVPN    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 363 80, the first client IP address will be 192.168.1.80. The default is from 80. ii. Set the last address in the range limit: (config vpn openvpn server name)> server_last_ip value (config vpn openvpn server name)> TX64 User Guide...
  • Page 364 (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> iii. Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> TX64 User Guide...
  • Page 365 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 366 (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> TX64 User Guide...

  • Page 367: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 368 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. TX64 User Guide...
  • Page 369 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 370 OpenVPN    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 371: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 372 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 373 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...

  • Page 374: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 375 6. The default behavior is to use an OVPN file for client configuration. To disable this behavior and configure the client manually, click Use .ovpn file to disable. 7. For Device type, select the mode used by the OpenVPN server, either TUN or TAP. TX64 User Guide...
  • Page 376 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 377 (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)> 9. Set the IP address of the OpenVPN server: (config vpn openvpn client name)> server ip_address (config vpn openvpn client name)> TX64 User Guide...

  • Page 378: Configure Active Recovery For Openvpn

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure active recovery for OpenVPN You can configure the TX64 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. TX64 User Guide...
  • Page 379 To configure the TX64 device to regularly probe the OpenVPN connection:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 380 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. TX64 User Guide...
  • Page 381 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. TX64 User Guide...
  • Page 382 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 383 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add connection_monitor target end (config vpn openvpn client openvpn_client1 connection_monitor target 0)> TX64 User Guide...
  • Page 384 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: TX64 User Guide...

  • Page 385: Show Openvpn Server Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show OpenVPN server status and statistics You can view status and statistics for OpenVPN servers from either the web interface or the command line:    WebUI TX64 User Guide...

  • Page 386: Show Openvpn Client Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 387 OpenVPN client's status pane.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 388: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 389 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 390 Task Two: Configure the GRE tunnel    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 391 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 392 7. (Optional) Enable the device to reply to Cisco GRE keepalive packets: (config vpn iptunnel gre_example)> keepalive true (config vpn iptunnel gre_example)> 8. Save the configuration and apply the change: (config vpn iptunnel gre_example)> save Configuration saved. > TX64 User Guide...
  • Page 393 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 394: Show Gre Tunnels

       Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 395: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The TX64 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 396 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on TX64-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 397 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 398 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the TX64-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 399 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 400 Task three: Create a GRE tunnel    WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). TX64 User Guide...
  • Page 401 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on TX64-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 402 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 403 Task one: Create an IPsec tunnel    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 404 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the TX64-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 405 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the TX64-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 406 Task two: Create an IPsec endpoint interface    WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. TX64 User Guide...
  • Page 407 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > Task three: Create a GRE tunnel TX64 User Guide...
  • Page 408 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on TX64-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> TX64 User Guide...
  • Page 409 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel2). 5. Click to expand IPv4. 6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 410 (config network interface gre_interface2)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...
  • Page 411 Configure DNS Simple Network Management Protocol (SNMP) Location information System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service TX64 User Guide...

  • Page 412: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the TX64's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The TX64 device must have a publicly reachable IP address.
  • Page 413 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 414 Allow remote access for web administration and SSH    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 415 Services Allow remote access for web administration and SSH 6. Click Apply to save the configuration and apply the change. TX64 User Guide...

  • Page 416: Configure The Web Administration Service

    By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the TX64's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
  • Page 417 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 418 Configure the service    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
  • Page 419 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces.
  • Page 420 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 421 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> Repeat this step to list additional firewall zones. TX64 User Guide...
  • Page 422 To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> 9. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...
  • Page 423 Services Configure the web administration service 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 424: Configure Ssh Access

    Services Configure SSH access Configure SSH access The TX64's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
  • Page 425 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 426 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces.
  • Page 427 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 428 Services Configure SSH access To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service ssh acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 429 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 430: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items If you want to access the TX64 device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
  • Page 431 These instructions assume an existing user named temp_user. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 432 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 433: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 434 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 435 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces.
  • Page 436 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 437 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> TX64 User Guide...

  • Page 438: Configure Dns

    Type quit to disconnect from the device. Configure DNS The TX64 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 439 To configure the DNS server:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
  • Page 440 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces.
  • Page 441 Services Configure DNS 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...
  • Page 442 5. (Optional) Query all servers By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: TX64 User Guide...
  • Page 443 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve a. Add a host: (config)> add service dns host end (config service dns host 0)> b. Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> TX64 User Guide...
  • Page 444 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 445: Simple Network Management Protocol (Snmp)

    By default, the TX64 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a TX64 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 446 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: a. Click Interfaces.
  • Page 447 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 448 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service snmp acl interface end value (config)>...
  • Page 449 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES TX64 User Guide...

  • Page 450: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the TX64 device.

  • Page 451: Location Information

    GNSS receivers are available to be purchased separately from Digi International Inc.. Accept location messages from other location-enabled devices. Forward location messages, either from the TX64 device or from external sources, to a remote host. This section contains the following topics:...

  • Page 452: Configure The Location Server

    You can also optionally configure the UDP listening port for location information.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 453 Use a dead reckoning external USB GNSS receiver for more information about Enable USB GNSS module. 9. (Optional) For Location update interval, set the amount of time that the TX64 device will wait between updating location information, and sending location information to a destination server.
  • Page 454 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service location acl interface end value (config)>...
  • Page 455 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> TX64 User Guide...

  • Page 456: Enable Or Disable The Internal Gnss Module

    Location information Repeat this step to list additional firewall zones. 6. (Optional) Set the amount of time that the TX64 device will wait between updating location information, and sending location information to a destination server: (config)> service location interval value (config)>...
  • Page 457 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 458: Use A Dead Reckoning External Usb Gnss Receiver

    The USB GNSS receiver is available for purchase from Digi International Inc.. The ability to use an external USB GNSS receiver is enabled by default. After purchasing the USB GNSS receiver, plug it into a USB port on the TX64, and it will begin providing location information. Note If both the internal GNSS module and the external dead reckoning USB receiver are used...

  • Page 459: Configure The Device To Accept Location Messages From External Sources

    You can configure the TX64 device to accept NMEA or TAIP messages from external sources. For example, location-enabled devices connected to the TX64 device can forward their location information to the device, and then the TX64 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the TX64 device to forward location messages.
  • Page 460 UDP port. Required configuration items The location server must be enabled. UDP port that the TX64 device will listen to for incoming location messages. Access control list configuration to provide access to the port through the firewall. Additional configuration items Location update interval, which determines how often the device will poll the specified UDP port for incoming location messages.
  • Page 461 To configure the device to accept location messages from external sources:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 462 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 463 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service location acl interface end value (config)>...
  • Page 464 For example, to set the location update interval to ten minutes, enter either 10m or 600s: (config)> service location interval 600s (config)> 3. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...

  • Page 465: Forward Location Information To A Remote Host

    You can configure location clients on the TX64 device that forward location messages in either NMEA or TAIP format to a remote host. Depending on how the TX64 device's location feature is enabled, you can forward the device's location information based on its GNSS module, or location information from an external source, or both: If the location server is enabled, location information from external sources is forwarded.
  • Page 466 4. Location features are enabled by default. If they have been disabled, enable the appropriate features: Click Enable the location server to forward information that the TX64 device receives from external location sources. See Configure the device to accept location messages from external sources for more information.
  • Page 467 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 468 Services Location information Enable the TX64 device to forward information that it receives from external location sources: (config)> service location enable true (config)> Configure the device to accept location messages from external sources for more information. Configure the TX64 device to forward the device's location information based on its GNSS module:...
  • Page 469 (index number 2) message type: (config service location forward 0)> del filter_nmea 2 (config service location forward 0)> To add a message type: a. Change to the filter_nmea node: (config service location forward 0)> filter_nmea (config service location forward 0 filter_nmea)> TX64 User Guide...
  • Page 470 Use the add command to add the message type. For example, to add the id message type: (config service location forward 0 filter_taip)> add id end (config service location forward 0 filter_taip)> 13. Save the configuration and apply the change: (config)> save Configuration saved. > TX64 User Guide...
  • Page 471 Services Location information 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 472: Show Location Information

    2. At the Status page, click Location.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 473: System Time

    The TX64 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 474 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 475 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your TX64 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...

  • Page 476: Network Time Protocol

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The TX64 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
  • Page 477 3. Click Services > NTP. 4. Enable the TX64 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the TX64 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 478 Select the Timezone for the location of your TX64 device. 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...
  • Page 479 See Configure the system time more information about NTP client configuration. 5. (Optional) Configure the access control list to limit downstream access to the TX64 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 480 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service ntp acl interface end value (config)>...
  • Page 481 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the TX64 device can use the NTP service. 6. (Optional) Set the timezone for the location of your TX64 device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 482: Configure A Multicast Route

    7. Type the Source port. Ensure the port is not used by another protocol. 8. Select a Source interface where multicast packets will arrive. 9. Select a Destination interface that the TX64 device will use to send mutlicast packets. 10. Click Apply to save the configuration and apply the change.
  • Page 483 Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan1 /network/interface/wwan2 Current value: (config service multicast test)> src_interface b. Set the interface. For example: (config service multicast test)> src_interface /network/interface/wan1 (config service multicast test)> TX64 User Guide...
  • Page 484 Services Configure a multicast route 8. Set the destination interface that the TX64 device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)> a. Use the ? to determine available interfaces: (config service multicast test)> interface ? Destination interface: Which interface to send the multicast packets.

  • Page 485: Enable Service Discovery (Mdns)

    You can enable the TX64 device to use mDNS.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 486 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 487 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service mdns acl interface end value (config)>...

  • Page 488: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your TX64 device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 489 Use the iPerf service Additional configuration Items The port that the TX64 device's iPerf server will use to listen for incoming connections. The access control list for the iPerf server. When the iPerf server is enabled, the TX64 device will automatically configure its firewall rules to allow incoming connections on the configured listening port.
  • Page 490 To enable the Iperf3 server:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > IPerf.
  • Page 491 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 492 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add service iperf acl interface end value (config)>...

  • Page 493: Example Performance Test Using Iperf3

    Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the TX64 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 494 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. TX64 User Guide...
  • Page 495 Applications The TX64 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 496: Configure Applications To Run Automatically

    Whether the script should run one time only. Task one: Upload the application    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. TX64 User Guide...
  • Page 497 TX64 device. local-path is the location on the TX64 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the TX64 device, issue the following command: >...

  • Page 498: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Applications.
  • Page 499 If neither option is selected, only the script's exit code is written to the system log. 9. For Maximum memory, enter the maximum amount of memory available to be used by the script and its subprocesses, using the format number{b|bytes|KB|k|MB|MB|M|GB|G|TB|T}. TX64 User Guide...
  • Page 500 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 501 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). TX64 User Guide...

  • Page 502: Run A Python Application At The Shell Prompt

    Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt. The Python application will run until it completes, displaying output and prompting for additional user input if needed. To interrupt the application, enter CTRL-C. TX64 User Guide...
  • Page 503 The uploaded file is uploaded to the /etc/config/scripts directory.    Command line a. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 504: Start An Interactive Python Session

    TX64 device. local-path is the location on the TX64 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the TX64 device, issue the following command: >...
  • Page 505 >>> help("digidevice") Help on package digidevice: NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().

  • Page 506: Digidevice Module

    Use digidevice.config for device configuration Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Using Python to upload the device name to Digi Remote Manager The digidevice led submodule TX64 User Guide...

  • Page 507: Use Digidevice.cli To Execute Cli Commands

    1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 508: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Help for using Python to execute TX64 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 509 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: 1. Log into the TX64 command line as a user with shell access.

  • Page 510: Use Digidevice.config For Device Configuration

    Read the device configuration Use the get() method to read the device configuration: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 511 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 512: Use Python To Respond To Digi Remote Manager Sci Requests

    Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your TX64 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 513 Applications Digidevice module Task one: Use the device_request module on your TX64 device to create a response 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 514 Remote Manager. 1. Create a Python application, called showsystem.py, that uses the digidevice.cli module to create a response containing information about device and the device_request module to respond with this information to a request from Remote Manager: TX64 User Guide...
  • Page 515 This can be done from either the WebUI or the command line:    WebUI i. Log into the TX64 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 516 Click Apply to save the configuration and apply the change.    Command line i. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 517 > reboot To run the application from the shell prompt: i. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 518 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi TX64 Serial Number : TX64-000068 Hostname : TX64 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 20.5.38.39...
  • Page 519 : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi TX64 Serial Number : TX64-000023 Hostname : TX64 : 00:40:D0:26:79:1C Hardware Version : 50001959-01 A Firmware Version : 20.5.38.39...
  • Page 520 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the TX64 command line as a user with shell access.

  • Page 521: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 522 Get help for reading and modifying the device runtime database by accessing help for digidevice.runt: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 523: Using Python To Upload The Device Name To Digi Remote Manager

    Using Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 524 Digidevice module Upload a custom name 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 525: The Digidevice Led Submodule

    5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the TX64 device. With this submodule, you can: Gain control of the LED with the led.acquire() function.
  • Page 526 Releasing the LEDs to system control During a Python interactive session, or from within a Python script, you can release control of the LED from Python to system control using the led.release() method. TX64 User Guide...

  • Page 527: Hid Module

    Python script. For example, to determine information about a USB-connected keyboard: 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 528: Help For The Hid Module

    Use Python to access serial ports You can use the Python serial module to access serial ports on your TX64 device that are configured to be in Application mode. For example, you can configure USB ports to function serial ports and interact programmatically with those ports.
  • Page 529 Applications Use Python to access serial ports 1. Log into the TX64 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 530: User Authentication

    TX64 user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for TX64 users Example user configuration TX64 User Guide...

  • Page 531: Tx64 User Authentication

    User authentication TX64 user authentication TX64 user authentication User authentication on the TX64 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 532 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. TX64 User Guide...

  • Page 533: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 534 This procedure describes how to add methods to various places in the list. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 535: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 536 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 537: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second: 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 538 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 539: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the TX64 device by using the serial console. Preconfigured authentication groups The TX64 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.

  • Page 540: Change The Access Rights For A Predefined Group

    For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. Full access provides users of this group with the ability to manage the TX64 device by using the WebUI or the Admin CLI.
  • Page 541 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 542: Add An Authentication Group

    Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. TX64 User Guide...
  • Page 543 For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the TX64 device by using the WebUI or the Admin CLI. TX64 User Guide...
  • Page 544 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 545 (config)> where value is either: full: provides users of this group with the ability to manage the TX64 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 546: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the TX64 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
  • Page 547 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 548: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each TX64 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 549: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 550 User authentication Local users The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. TX64 User Guide...

  • Page 551: Configure A Local User

    Local users    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 552 To configure a local user:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 553 To display the QR code for the secret key, click ... next to the field label and select Show secret key QR code. iii. Copy the secret key, or scan or copy the QR code, for use with an application or mobile device to generate passcodes. TX64 User Guide...
  • Page 554 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 555 (config auth user new_user)> del group 1 (config auth user new_user)> 6. (Optional) Add SSH keys for the user to use passwordless SSH login: a. Change to the user's ssh_key node: TX64 User Guide...
  • Page 556 (config auth user new_user 2fa)> refresh_interval value (config auth user new_user 2fa)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set refresh_interval to ten minutes, enter either 10m or 600s: TX64 User Guide...
  • Page 557 (config auth user new_user 2fa scratch_code)> Where code is an digit number, with a minimum of 10000000. iii. To add additional scratch codes, use the add end code command again. 8. Save the configuration and apply the change: TX64 User Guide...

  • Page 558: Delete A Local User

    To delete a user from your TX64:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 559 Local users    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 560: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the TX64 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 561: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your TX64. Alternatively, if the user is also configured as a local user on the TX64 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.

  • Page 562: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your TX64 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 563 The TACACS+ server configuration window is displayed. 5. For Hostname, type the hostname or IP address of the TACACS+ server. 6. (Optional) Change the default Port setting to the appropriate port. Normally this should be left at the default setting of port 49. TX64 User Guide...
  • Page 564 = testing123 8. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the TX64 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 565 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 8. (Optional) Set the name of the user attribute that contains the list of TX64 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 566 (config auth tacacs+ server 0)> ... (config)> 15. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the TX64 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_...
  • Page 567 19. Save the configuration and apply the change: (config)> save Configuration saved. > 20. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 568: Remote Authentication Dial-In User Service (Radius)

    With RADIUS support, the TX64 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.

  • Page 569: Radius User Configuration

    $ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your TX64 device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.

  • Page 570: Configure Your Tx64 Device To Use A Radius Server

    If the RADIUS servers are unavailable and the TX64 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
  • Page 571 RADIUS server's client.conf file, for example: secret=testing123 8. For Timeout, type or select the amount of time in seconds to wait for the RADIUS server to respond. Allowed value is any integer from 3 to 60. The default value is 3. TX64 User Guide...
  • Page 572 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the TX64 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the TX64 device by using ssh, the default value is sshd.
  • Page 573 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 8. (Optional) Set the name of the user attribute that contains the list of TX64 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 574 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the TX64 device by using the WebUI, the default value is for NAS ID is httpd.

  • Page 575: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the TX64 device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 576: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your TX64 device.

  • Page 577: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your TX64 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 578 LDAP 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers. 4. For Add server, click . The LDAP server configuration window is displayed. TX64 User Guide...
  • Page 579 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). 13. (Optional) For Group attribute, type the name of the user attribute that contains the list of TX64 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 580 16. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 581 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 8. (Optional) Set the name of the user attribute that contains the list of TX64 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.

  • Page 582: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication.

  • Page 583: Set The Idle Timeout For Tx64 Users

    5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 584 By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 585 User authentication Set the idle timeout for TX64 users 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 586: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 587 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 588: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the TX64 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 589 User authentication Example user configuration This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. TX64 User Guide...
  • Page 590 The authentication group on the TX64 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the TX64 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. TX64 User Guide...
  • Page 591 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. TX64 User Guide...
  • Page 592 Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the TX64 device, admin, is identified in the Unix-FTP- Group-Names parameter. c. Save and close the users file. TX64 User Guide...
  • Page 593 Save and close the tac_plus.conf file. 3. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 594 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...
  • Page 595 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Web filtering TX64 User Guide...

  • Page 596: Firewall Configuration

    The default zone for hotspots. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the TX64 to be forwarded to other servers by translating the destination address. Packet filtering: A list of packet filtering rules that determine whether to accept or reject network connections that are forwarded through the TX64.
  • Page 597 Configure the firewall zone for a network interface for information about how to configure network interfaces to use a zone.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...

  • Page 598: Configure The Firewall Zone For A Network Interface

    Internal, to External.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 599 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 600: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 601: Port Forwarding Rules

    Port forwarding rules    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 602 To configure a port forwarding rule:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
  • Page 603 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 604 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. (config firewall dnat 0)> port port (config firewall dnat 0)> 7. Set the type of internet protocol . (config firewall dnat 0)> protocol value (config firewall dnat 0)> TX64 User Guide...
  • Page 605 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration TX64 User Guide...

  • Page 606: Delete A Port Forwarding Rule

    To delete a port forwarding rule:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 607 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 608 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 609: Packet Filtering

    Packet filtering By default, there are two preconfigured packet filtering rules: Allow all outgoing traffic: Monitors traffic going to and from the TX64 device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data.
  • Page 610 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. TX64 User Guide...
  • Page 611 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 612 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> TX64 User Guide...

  • Page 613: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 614 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 615: Delete A Packet Filtering Rule

    To delete a packet filtering rule:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
  • Page 616 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 617: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
  • Page 618 Configure custom firewall rules    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 619: Configure Captive Portals

    To configure captive portals:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Captive portals.
  • Page 620 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 621 (config firewall portal portal1)> timeout value (config firewall portal portal1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set Session timeout to ten minutes, enter either 10m or 600s: TX64 User Guide...
  • Page 622 11. (Optional) Set the URL to which the user will be directed when granted access to the portal. If left blank, the user will be directed to the domain of the URL in the original access request. (config firewall portal portal1)> url https://myportal.com (config firewall portal portal1)> TX64 User Guide...

  • Page 623: Delete Captive Portals

    To delete captive portals:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Captive portals.

  • Page 624: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the TX64 device on the binding's interface. By default, the TX64 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 625 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 626 Type quit to disconnect from the device. Create a new binding    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 627 Typically, this should be 95% of the available bandwidth. Allowed value is any integer between 1 and 1000. 9. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. TX64 User Guide...
  • Page 628 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. TX64 User Guide...
  • Page 629 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. TX64 User Guide...
  • Page 630 Configure Quality of Service options    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 631 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> TX64 User Guide...
  • Page 632 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. TX64 User Guide...
  • Page 633 Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> TX64 User Guide...
  • Page 634 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address value (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. TX64 User Guide...

  • Page 635: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the TX64 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 636 Task two: Configure web filtering    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Web filtering service.
  • Page 637 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your TX64 is invalid, you can clear the device ID.    Command line 1.

  • Page 638: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 639 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 640 Add the second DNS server: i. Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> TX64 User Guide...

  • Page 641: Verify Your Web Filtering Configuration

    Cisco open DNS servers. 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 642 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the TX64 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.

  • Page 643: Show Web Filter Service Information

    Cisco open DNS servers. 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 644 Firewall Web filtering 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, use the...

  • Page 645: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your TX64 device Reset the device to factory defaults Configure power delays for power ignition sensor Configure power button behavior Configure automatic reboot behavior for temporary power drop...

  • Page 646: Review Device Status

    Show basic system information: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 647: Configure System Information

    Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your TX64 device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
  • Page 648 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 649: Update System Firmware

    For example, TX64-20.5.38.39.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.

  • Page 650: Certificate Management For Firmware Images

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The TX64 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 651 6. Click Update Firmware.    Command line 1. Download the TX64 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 652: Update Cellular Module Firmware

    > reboot Rebooting system > 7. Once the device has rebooted, log into the TX64's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 653: Reboot Your Tx64 Device

    Select the firmware. 7. Click Update. Reboot your TX64 device You can reboot the TX64 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 654: Schedule Reboots Of Your Device

    5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 655: Reset The Device To Factory Defaults

    You can reset the device in the WebUI, at the command line, or by using the Reset button on the device. You can also reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command.    WebUI TX64 User Guide...
  • Page 656 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the TX64 by using the serial port or by using an Ethernet cable to connect the TX64 LAN1 port to your PC. b. Log into the TX64: User name: Use the default user name: admin.
  • Page 657 Reset the device to factory defaults 3. After resetting the device: a. Connect to the TX64 by using the serial port or by using an Ethernet cable to connect the TX64 LAN1 port to your PC. b. Log into the TX64: User name: Use the default user name: admin.

  • Page 658: Configure Power Delays For Power Ignition Sensor

    Configure power delays for power ignition sensor By default, the TX64 device automatically powers on when it detects power on the ignition sensor, and powers off when it detects that there is no power on the ignition sensor, and there is no delay for either power on or power off based on the power ignition sensor.
  • Page 659 The default is 0s, meaning that there is no power off delay. 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...

  • Page 660: Configure Power Button Behavior

    Type quit to disconnect from the device. Configure power button behavior The TX64 device's front panel includes a Power button. If the device is off, pressing the Power button will turn on the device. If the device is on, the Power button includes two options to power down the device: short- press and long-press options.
  • Page 661 System administration Configure power button behavior TX64 User Guide...
  • Page 662 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 663: Configure Automatic Reboot Behavior For Temporary Power Drop

    Type quit to disconnect from the device. Configure automatic reboot behavior for temporary power drop By default, the TX64 device will automatically reboot if the ignition sense line is high and the device experiences a temporary power drop. To disable the automatic reboot behavior: ...
  • Page 664 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 665: Configuration Files

    Save configuration changes When you make changes to the TX64 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 666: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your TX64 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 667: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your TX64 device by using a backup from the device, or a backup from a similar device. ...
  • Page 668 TX64 device. local-path is the location on the TX64 device where the copied file will be placed. TX64 User Guide...
  • Page 669 3. Enter the following: > system restore path [passphrase passphrase] where path is the location of configuration backup file on the TX64's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.

  • Page 670: Schedule System Maintenance Tasks

    Custom scripts that should be run as part of the configuration check.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 671 Use with care. Scripts created here are also automatically entered in Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. Scheduled scripts are enabled by default. To disable, click Enable to toggle off. TX64 User Guide...
  • Page 672 Remove the script from the device and add it again. Make a change to the script. Uncheck Once. i. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. TX64 User Guide...
  • Page 673 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 674 The script will run once each time the device boots. If boot is selected, set the action that will be taken when the script completes: (config system schedule script 0)> exit_action action (config system schedule script 0)> where action is one of the following: TX64 User Guide...
  • Page 675 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). TX64 User Guide...
  • Page 676 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...
  • Page 677 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Enable the Bluetooth scanner Enable the Wi-Fi scanner TX64 User Guide...

  • Page 678: Intelliflow

    WebUI. To use intelliFlow, the TX64 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 679 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 680 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 681: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 682: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 683 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. TX64 User Guide...

  • Page 684: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 685: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the TX64 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 686 Configure NetFlow Probe    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 687 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 688 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. TX64 User Guide...
  • Page 689 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 690: Enable The Bluetooth Scanner

    Enable the Bluetooth scanner Enable the Bluetooth scanner The Bluetooth scanner allows you to configure your TX64 device to detect BLE-enabled devices that are nearby, and can be configured to open an SSH port that remote hosts can access to read basic information about those devices.
  • Page 691 (Optional) For Port, type the port that the Bluetooth scanner will use. The default is 3102. d. Click Access control list to configure access control: To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . TX64 User Guide...
  • Page 692 Add an authentication group for authentication group configuration information. 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. TX64 User Guide...
  • Page 693 No limit to IPv4 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add monitoring bluetooth_scanner ssh acl address6 end value (config)> TX64 User Guide...
  • Page 694 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add monitoring bluetooth_scanner ssh acl interface end value (config)>...

  • Page 695: Display The Output Of The Bluetooth Scanner

    From the command line when logged into the TX64 device. From a remote host, by connecting to the TX64 device by using the scanner's SSH port. To view the output of the Bluetooth scanner, you must first enable the service. See...
  • Page 696 Enable the Bluetooth scanner To view the output of the Bluetooth scanner from the Status page: 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, select Status > Bluetooth. The Bluetooth scanner page displays.

  • Page 697: Enable The Wi-Fi Scanner

    Monitoring Enable the Wi-Fi scanner TX64|Hopkins, MN|2019-06-28 17:08:59|EF-C8-3E-D3-65-04|Digi International Inc (R)|VOID|VOID|-55 TX64|Hopkins, MN|2019-06-28 17:08:59|B6-21-0B-23-AE-FC|Apple, Inc.|VOID|VOID|-75 Bluetooth scanner output The output from the Bluetooth scanner includes the following information: Field Description Field 1 The name of the device, as configured for the system.
  • Page 698 The access control list for the SSH port used by the Wi-Fi scanner to stream output to a remote host. When the Wi-Fi scanner is enabled, the TX64 device will automatically configure its firewall rules to allow incoming connections on the configured listening port. You can restrict access by configuring the access control list for the Wi-Fi scanner's listening port.
  • Page 699 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's SSH service. Allowed values are: TX64 User Guide...
  • Page 700 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 701 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. TX64 User Guide...
  • Page 702 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX64 device: (config)> add wifi scanner ssh acl interface end value (config)>...

  • Page 703: Display The Output Of The Wi-Fi Scanner

    From the command line when logged into the TX64 device. From a remote host, by connecting to the TX64 device by using the scanning service's SSH port. To view the output of the Wi-Fi scanning service, you must first enable the service. See...
  • Page 704 Monitoring Enable the Wi-Fi scanner 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, select Status > Wi-Fi. The Wi-Fi scanner page displays. To view the output of the Wi-Fi scanning service from the System Logs page: 1.
  • Page 705 The channel being used by the access point or the client. If the device is a Wi-Fi access point that uses a hidden SSID, the channel will be listed as -1 . Field If the device is a Wi-Fi access point, the SSID of the access point. Field The Received Signal Strength Indicator (RSSI). TX64 User Guide...
  • Page 706 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 707: Digi Remote Manager Support

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your TX64 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
  • Page 708 Central management with Digi Remote Manager Configure Digi Remote Manager TX64 User Guide...
  • Page 709 5. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 6. (Optional) For Retry interval, type the amount of time that the TX64 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 710 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 711 (config)> cloud drm drm_url url (config)> 5. (Optional) Set the amount of time that the TX64 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
  • Page 712 Central management with Digi Remote Manager Configure Digi Remote Manager (config)> cloud drm cellular_keep_alive 600s (config)> 8. Set the number of allowed keep-alive misses. Allowed values are any integer between 2 and 64. The default is 3. (config)> cloud drm keep_alive_misses integer (config)>...

  • Page 713: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 714 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 715: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.

  • Page 716: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 717: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your TX64 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...

  • Page 718: Use The Digi Remote Manager Mobile App

    The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.

  • Page 719: Configure Multiple Devices Using Profiles

    2. Follow the prompts to complete your TX64 registration. Digi Remote Manager registers your TX64 and adds it to your Digi Remote Manager device list. You can now manage the device remotely using Digi Remote Manager.
  • Page 720 File system This chapter contains the following topics: The TX64 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 721: File System

    The TX64 local file system The TX64 local file system The TX64 local file system has approximately 4.5 GB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 722: Create A Directory

    For example: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 723: Display File Contents

    For example:    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 724: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 725: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 726: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 727: Upload And Download Files By Using The Secure Copy Command

    TX64 device. local-path is the location on the TX64 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the TX64 device, issue the following command: >...

  • Page 728: Upload And Download Files Using Sftp

    TX64 device. For example: To copy a support report from the TX64 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 729 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit TX64 User Guide...
  • Page 730 Generate a support report View system event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems TX64 User Guide...

  • Page 731: Generate A Support Report

    Attach the support report to any support requests.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 732: View System Event Logs

    View System Logs    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 733 Diagnostics View system event logs 5. Click  to download the system log. TX64 User Guide...
  • Page 734 View system event logs    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 735: View Event Logs

    6. Click  to download the event log.    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 736 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 737: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 738 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 739: Configure Options For The Event And System Logs

    To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX64 User Guide...
  • Page 740 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the TX64 device erases system logs each time the device is powered off or rebooted.
  • Page 741 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the TX64 device erases system logs each time the device is powered off or rebooted.
  • Page 742 (config)> system log event dhcpserver ? DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ TX64 User Guide...
  • Page 743 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX64 User Guide...

  • Page 744: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The TX64 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 745: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the TX64 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
  • Page 746 If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. b. Enable the capture filter schedule. TX64 User Guide...
  • Page 747 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 748 Runs the script at a specified time of the day. If set_time is set, set the time that the script should run, using the format HH:MM: (config network analyzer name)> run_time HH:MM (config network analyzer name)> maintenance_time: The script will run during the system maintenance time window. TX64 User Guide...

  • Page 749: Example Filters For Capturing Data Traffic

    BPF syntax. Example IPv4 capture filters Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 Capture traffic from IP host 192.168.1.1: ip src host 192.168.1.1 Capture traffic to IP host 192.168.1.1: ip dst host 192.168.1.1 TX64 User Guide...

  • Page 750: Capture Packets From The Command Line

    Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer packet capture configuration information. To start packet capture from the command line: TX64 User Guide...

  • Page 751: Stop Capturing Packets

    Analyze network traffic    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 752: Show Captured Traffic Data

    To show captured data traffic:    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 753: Save Captured Data Traffic To A File

       Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. TX64 User Guide...

  • Page 754: Download Captured Data To Your Pc

    WebUI or from the command line by using the (secure copy file) command.    WebUI 1. Log into the TX64 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. TX64 User Guide...

  • Page 755: Clear Captured Data

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 756 To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. TX64 User Guide...

  • Page 757: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 758 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the TX64 device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.

  • Page 759: Digi Tx64 Regulatory And Safety Statements

    Radio Frequency Interference (RFI) (FCC 15.105) The Digi TX64 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.

  • Page 760: Ce Mark (Europe)

    The TX64 is certified for use in several European countries. For information, visit www.digi.com/resources/certifications. If the TX64 is incorporated into a product, the manufacturer must ensure compliance of the final product with articles 3.1a and 3.1b of the RE Directive (Radio Equipment Directive). A Declaration of Conformity must be issued for each of these standards and kept on file as described in the RE Directive (Radio Equipment Directive).

  • Page 761: Maximum Transmit Power For Radio Frequencies

    Digi TX64 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...

  • Page 762: Rohs Compliance Statement

    RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments...

  • Page 763: Special Safety Notes For Wireless Routers

    Special safety notes for wireless routers Digi International products are designed to the highest standards of safety and international standards compliance for the markets in which they are sold. However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance.

  • Page 764: Product Disposal Instructions

    At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU TX64 User Guide...

  • Page 765: Digitx64 Certifications

    International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1...
  • Page 766 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference TX64 User Guide...

  • Page 767: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the TX64 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 768: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. TX64 login: 3. Log into the TX64 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 769: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the TX64 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...

  • Page 770: Display Help For Individual Commands

    Show Wi-Fi access points. client Show Wi-Fi client mode connections. > show wifi 3. To display a syntax diagram and parameter information: > show wifi ap ? Display details for Wi-Fi access points. Syntax: ap [all] [name {digi_ap1|digi_ap2}] TX64 User Guide...

  • Page 771: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. TX64 User Guide...
  • Page 772 Command line interface Auto-complete commands and parameters File names. Select parameters passed to commands that perform an action. TX64 User Guide...

  • Page 773: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the TX64 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the TX64 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 774: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the TX64 device from a remote host, or to the remote host from the TX64 device.

  • Page 775: Display Status And Statistics Using The Show Command

    TX64 device. For example: To copy a support report from the TX64 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 776: Show System

    "445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi TX64 Serial Number : TX64-000065 : TX64 Hostname : TX64 : DF:DD:E2:AE:21:18 Hardware Version...

  • Page 777: Device Configuration Using The Command Line Interface

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The TX64 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 778 Private key port Port Additional Configuration -------------------------------------------------------------------------- Access control list mdns > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. TX64 User Guide...

  • Page 779: Configuration Mode

    1. At the config prompt, enter service to move to the service node: (config)> service (config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> TX64 User Guide...

  • Page 780: Save Changes And Exit Configuration Mode

    Discards unsaved configuration changes and exits configuration mode. save Saves configuration changes and exits configuration mode. validate Validates configuration changes. Reverts the configuration to default revert settings. See The revert command more information. show Displays configuration settings. TX64 User Guide...

  • Page 781: Display Command Line Help In Configuration Mode

    2. You can then display help for the additional configuration commands. For example, to display help for the config service command, use one of the following methods: At the config prompt, enter service ?: (config)> service ? TX64 User Guide...
  • Page 782 Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter ? to display help for the ssh node: (config service ssh)> ? TX64 User Guide...
  • Page 783 (config service ssh)> Either of these methods will display the following information: (config)> service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true (config)> service ssh enable TX64 User Guide...

  • Page 784: Move Within The Configuration Schema

    While in configuration mode, you can use the add, del, and move action commands to manage elements in a list. When working with lists, these actions require an index number to identify the list item that will be acted on. TX64 User Guide...
  • Page 785 (config)> add auth user new-user group end admin (config)> 3. Use the show command again to verify that the admin group has been added to the user's configuration: (config)> show auth user new-user group 0 admin (config)> TX64 User Guide...
  • Page 786 2. To configure the device to use TACACS+ authentication first to authenticate a user, use the move index_number_1 index_number_2 command: (config)> move auth method 1 0 (config)> 3. Use the show command again to verify the change: (config)> show auth method 0 tacacs+ 1 local 2 radius (config)> TX64 User Guide...

  • Page 787: The Revert Command

    Configuration mode The revert command The revert command is used to revert changes to the TX64 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.

  • Page 788: Enter Strings In Configuration Commands

    For string parameters, if the string value contains a space, the value must be enclosed in quotation marks. For example, to assign a descriptive name for the device using the system command, enter: (config)> system description "Digi TX64" TX64 User Guide...

  • Page 789: Example: Create A New User By Using The Command Line

    Configuration mode Example: Create a new user by using the command line In this example, you will use the TX64 command line to create a new user, provide a password for the user, and assign the user to authentication groups.

  • Page 790: Example: Configure Multiple Wans And Lans By Using The Command Line

    Example: Configure multiple WANs and LANs by using the command line The default configuration of the TX64 consists of one WAN (WAN1), two Wireless WANs (WWAN1 and WWAN2 ), and one LAN (LAN1). The WANs are configured to use the following devices:...
  • Page 791 Task one: Configure bridges In this task, we will create a new bridge and configure the LAN1 and LAN2 bridges to use the following devices: LAN1 bridge: ETH2 WWAN2 cellular modem. LAN2 bridge: ETH3 Digi AP (Wi-Fi2) TX64 User Guide...
  • Page 792 In task two, we will assign the new LAN2 bridge to a LAN. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 793 4. Remove devices from the LAN1 bridge that will be used by other interfaces in this configuration. a. Remove the Digi AP (Wi-Fi2) access point (/network/wireless/ap/digi_ap2) from the bridge, using its index number, 4, as determined above with the show command: (config)>...
  • Page 794 In this task, we will create a new LAN, named LAN2, to use the LAN2 bridge created in task one. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 795 (config network interface LAN2)> ipv4 dhcp_server enable true (config network interface LAN2)> 8. Enable the access points and set the SSIDs: a. Move to the root of the configuration schema by typing three periods (...): (config network interface LAN2)> ... (config)> TX64 User Guide...
  • Page 796 In this task, we will create a second WAN interface, named WAN2, using the ETH4 device. 1. Log into the TX64 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 797 Enter ipv4 ? to determine the available settings for ipv4 (the appropriate setting is highlighted in the example output): (config network interface WAN2)> ipv4 ? IPv4 Parameters Current Value ----------------------------------------------------------------------- -------- address Address enable true Enable gateway Default gateway metric Metric mgmt Management priority 1500 type static Type TX64 User Guide...
  • Page 798 (config network interface WAN2)> 8. Configure the IPv4 WAN priority. Because the TX64 device now has two WANs, we need to determine which WAN will be the default route when both WANs are active. In this example configuration, WAN1 should be the primary WAN, and WAN2 only used when WAN1 is down.
  • Page 799 WAN/ETH1 Ethernet port. 2. Verify that WAN1 and LAN1 are operating correctly: a. Connect a device to LAN1 through the ETH2 Ethernet port, or by connecting to the Digi AP (Wi-Fi1) access point. b. Verify that the device has been provided an IP address from the LAN1 DHCP server in the 192.168.2.* subnet.
  • Page 800 When the WWAN's Service LED indicates that the device is connected to the cellular network, unplug both the WAN1 Etherent cable from the WAN/ETH1 Ethernet port, and the WAN2 Ethernet cable from the ETH4 Ethernet port. iii. Verify that devices connected to the TX64 have internet access through the WWAN. TX64 User Guide...

  • Page 801: Command Line Reference

    Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute update TX64 User Guide...

  • Page 802: Analyzer

    Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING TX64 User Guide...
  • Page 803 The source file or directory to copy. Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True TX64 User Guide...

  • Page 804: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None TX64 User Guide...
  • Page 805 Directory listing command. ls [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True TX64 User Guide...

  • Page 806: Mkdir

    Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING TX64 User Guide...

  • Page 807: Modem

    The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. TX64 User Guide...
  • Page 808 Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. TX64 User Guide...
  • Page 809 SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True TX64 User Guide...

  • Page 810: Modem Puk Status [Imei String] [Name String]

    The PIN code to change to. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. TX64 User Guide...
  • Page 811 The SIM slot to change to. Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True TX64 User Guide...

  • Page 812: More

    Command line interface Command line reference more path The file to view. Syntax: STRING TX64 User Guide...
  • Page 813 The source file or directory to move. Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True TX64 User Guide...

  • Page 814: Ping

    If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 TX64 User Guide...

  • Page 815: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None TX64 User Guide...
  • Page 816 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True TX64 User Guide...

  • Page 817: Scp

    Syntax: STRING Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING TX64 User Guide...

  • Page 818: Show

    Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status statistics. Parameters None show config Show changes made to default configuration. TX64 User Guide...
  • Page 819 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True TX64 User Guide...
  • Page 820 Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True TX64 User Guide...
  • Page 821 Syntax: STRING Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show network [all|verbose] [interface STRING] Show network interface status and statistics. Parameters Display 4all interfaces including disabled interfaces. Syntax: BOOLEAN TX64 User Guide...
  • Page 822 [all] [name STRING] Show OpenVPN server status and statistics. Parameters Display all servers including disabled servers. Syntax: BOOLEAN Default: False Optional: True name Display more details and config data for a specific OpenVPN server. Syntax: STRING TX64 User Guide...
  • Page 823 Display more details and config data for a specific serial port. Syntax: STRING Optional: True show system [verbose] Show system status and statistics. Parameters verbose Display more information (disk usage, etc) Syntax: BOOLEAN Default: False Optional: True TX64 User Guide...
  • Page 824 Display all Wi-Fi access points including disabled Wi-Fi access points. Syntax: BOOLEAN Default: False Optional: True name Display more details for a specific Wi-Fi access point. Syntax: STRING Optional: True wifi client [all] [name STRING] Display details for Wi-Fi client mode connections. TX64 User Guide...
  • Page 825 Command line interface Command line reference Parameters Display all Wi-Fi clients including disabled Wi-Fi client mode connections. Syntax: BOOLEAN Default: False Optional: True name Display more details for a specific Wi-Fi client mode connection. Syntax: STRING Optional: True TX64 User Guide...

  • Page 826: System

    Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Parameters None system restore [passphrase STRING] PATH Restore the device's configuration from a backup archive or CLI commands file. TX64 User Guide...
  • Page 827 Decrypt the archive with a passphrase. Syntax: STRING Optional: True system support-report PATH Save a support report to a file and include with support requests. Parameters path The file path to save the support report to. Syntax: STRING TX64 User Guide...

  • Page 828: Traceroute

    Specifies with what TTL to start. Syntax: INT Minimum: 1 Default: 1 gateway Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True TX64 User Guide...
  • Page 829 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes TX64 User Guide...
  • Page 830 For IPv6, set the Traffic Control value. A value of -1 specifies that no value will be used. Syntax: INT Minimum: -1 Default: -1 waittime Determines how long to wait for a response to a probe. Syntax: INT Minimum: 1 Default: 5 TX64 User Guide...

  • Page 831: Update

    Command line interface Command line reference update Update firmware. update firmware file STRING Update device firmware Parameters file Firmware filename and path. Syntax: STRING TX64 User Guide...

Table of Contents