Page 1 IX14 User Guide...
Page 2: Revision History-90002291
Revision history—90002291 Revision Date Description Initial release of Digi IX14 firmware version 19.1.x. January 2019 Digi IX14 firmware version 19.8.x release. September 2019 IX14 User Guide...
Page 3 ID. DHCP hostname option to allow the device to advertise its hostname to the DHCP server upon connection. Receive encrypted SMS commands from Digi Remote Manager. Ability in OpenVPN to push routes in subnet mode.
Page 4 Support for sending RFC2136-compatible DNS updates to external DNS servers. Release of DigiIX14 firmware version 20.2. February 2020 Release of Digi IX14 firmware version 20.5: June 2020 Support for LDAP user authentication. Firmware installation from the Digi firmware server. Enhanced Digi Remote Manager support: Support for remote proxy server for Digi Remote Manager.
Page 5 Digi Remote Manager. Added the ability to select Digi aView as the cloud service. Added the ability to duplicate firmware to copy the active firmware to the secondary firmware partition.
Page 6 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
Page 7 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (IX14 User Guide, 90002291 F) in the subject line of your email. IX14 User Guide...
Page 8: Table Of Contents
Step 4: Sign up for Digi Remote Manager Step 5: Access the IX14 local web interface Step 6: Configure cellular connection using the web interface Step 7: Add your IX14 to your Digi Remote Manager account Next steps IX14 User Guide...
Page 9 Hardware setup Install SIM cards Attach and position antennas Connect the WAN/ETH1 port Connect the serial port Power on the IX14 Configuration and management Review IX14 default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager...
Page 10 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your IX14 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
Page 11 Task two: Configure the application to run automatically Run a Python application at the shell prompt Start an interactive Python session Digidevice module Use digidevice.cli to execute CLI commands Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use digidevice.config for device configuration IX14 User Guide...
Page 12 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages Use Python to access serial ports Use the Paho MQTT python library...
Page 13 Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Configure device two (backup device) Show VRRP status and statistics File system The IX14 local file system Display directory contents Create a directory IX14 User Guide...
Page 14 Upload and download files by using the WebUI Upload and download files by using the Secure Copy command Upload and download files using SFTP Digi IX14 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
Page 15 Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute IX14 User Guide...
Page 16: What's New In Digi Ix14 Version 20.8
Reduced data usage for reporting health metrics to Digi Remote Manager. Added Monitoring > Device Health > Only report changed values to Digi Remote Manager option to control sending metrics to Digi Remote Manager on the basis of whether the values have changed since they were last reported.
Page 17 What's new in Digi IX14 version 20.8 Added a random unprivileged port for performing ntp time syncs if standard port 123 fails. Scripting enhancements: Added a Status > Scripts page in the web UI and show scripts command to the Admin CLI to view custom scripts and applications configured in the device, along with their status.
Page 18: Digi Ix14 Hardware Reference
Digi IX14 hardware reference IX14 features and specifications IX14 is a compact LTE CAT1 machine-to-machine (M2M) router suitable for a broad range of applications in rugged industrial environments. Key features include: Industrial grade components (operating temperatures from -29° F to +165° F/-34° C to +74° C)
Page 19: Ix14 Power Supply Requirements
IX14 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum. If the IX14 is operated in an ambient temperature range from +0 C to +40 C, use the Digi power supply accessory kits 76002078 or 76002080 to meet the temperature criteria.
Page 20: Digi Ix14 Serial Connector Pinout
100 Mbps connection; Off for no connection Solid green Valid link detected; Flashing for Ethernet activity Digi IX14 serial connector pinout The IX14 is a DTE device. The pinout for the DB9 serial connector is as follows: DTE signal Signal name RS232 signal...
Page 21: Ix14 Accessory Kits
Part numbers and accessories for details. IX14 antennas IX14 obtained complete certification by using the antenna described here. Use an antenna that matches these specifications to maintain the product certification. You can use antennas of the same type but operating with a lower gain.
Page 22: Digi Ix14 Quick Start
Quick start with Digi Remote Manager mobile app. Quick start with IX14 local WebUI If you do not have a smart phone or tablet, access the IX14 local WebUI to manually set up your IX14. Go to Quick start with IX14 local WebUI.
Page 23: Quick Start With Digi Remote Manager Mobile App
The following steps guide you through IX14 setup using the Digi Remote Manager mobile app. Note If you do not have a smart phone or tablet, access the IX14 local WebUI to manually set up your IX14. Go to Quick start with IX14 local WebUI.
Page 24: Step 3: Connect Hardware
Name), and SIM pin (if any) for each card. Laptop or personal computer Use an Ethernet cable to connect the IX14 WAN/ETH1 port to a laptop or PC to access the local web interface via a browser. Step 3: Connect hardware a.
Page 25: Step 4: Quick Setup Using The Digi Remote Manager Mobile App
Quick start with Digi Remote Manager mobile app Step 4: Quick setup using the Digi Remote Manager mobile app Power LED is solid blue when the IX14 is ready. Step 4: Quick setup using the Digi Remote Manager mobile app Use the Digi Remote Manager mobile app to: Register your device in your Digi Remote Manager account using the QR code on the IX14 label.
Page 26: Quick Start With Ix14 Local Webui
The following steps guide you through the IX14 setup using the IX14 local WebUI. Note If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to quickly set up your IX14. Go to Quick start with Digi Remote Manager mobile app.
Page 27: Step 3: Connect Hardware
Quick start with IX14 local WebUI Step 3: Connect hardware Ethernet cable Use an Ethernet cable to connect the IX14 WAN/ETH1 port to a laptop or PC to access the local web interface via a browser or connect to a WAN. Phillips-head screwdriver Use a #1 Phillips-head screwdriver to remove and replace the SIM door when installing SIM cards.
Page 28: Step 4: Sign Up For Digi Remote Manager
Click on the link in the email to log into Digi Remote Manager. Step 5: Access the IX14 local web interface a. If you have not already done so, use an Ethernet cable to connect your IX14 WAN/ETH1 port to your PC.
Page 29: Step 6: Configure Cellular Connection Using The Web Interface
The same default password is also shown on the label affixed to the bottom of the device. a. Click Add. b. Click OK. Digi Remote Manager adds your IX14 to your account and it appears in the Device Management view. IX14 User Guide...
Page 30: Next Steps
To manage and configure your IX14 remotely using Digi Remote Manager, see Configure Digi Remote Manager.  To manage and configure your IX14 locally using the local web interface, see Using the web interface. Reset the device to factory defaults Resetting the device to factory defaults performs the following actions: Clears all configuration settings.
Page 31: Hardware Setup
Hardware setup This chapter contains the following topics: Install SIM cards Attach and position antennas Connect the WAN/ETH1 port Connect the serial port Power on the IX14 IX14 User Guide...
Page 32: Install Sim Cards
1. On the IX14 front panel, use a #1 Phillips-head screwdriver to remove the SIM door. 2. If the IX14 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 33: Connect The Wan/Eth1 Port
Connect the WAN/ETH1 port Connect the WAN/ETH1 port Use an Ethernet cable to connect the IX14 to your local laptop or PC or to your local network (LAN). If you connect directly to your PC, the factory default IP address is 192.168.2.1 If you connect to a LAN that has a DHCP server, reboot the device after you connect and wait for the DHCP server to assign an IP address to the device.
Page 34: Review Ix14 Default Settings
Security policies SSH, web admin, and local admin access enabled. Bluetooth service enabled to allow the Digi Remote Manager mobile app to Services automatically register using the QR code on the device label. You can disable Bluetooth service after the device is provisioned.
Page 35 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 36: Configuration Methods
With the Remote Manager, you can configure your IX14 device and use the configuration as a basis for a profile which can be applied to other similar devices. See...
Page 37: Using Digi Remote Manager
Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX14 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager.
Page 38: Log Out Of The Web Interface
Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Displays the device connection status for Digi Remote Manager, the amount of time Remote the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.
Page 39: Using The Command Line
Log in to the command line interface  Command line 1. Connect to the IX14 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 40: Exit The Command Line Interface
Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX14 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...
Page 41: Initial Configuration
Initial configuration This chapter contains the following topics: Configure cellular modem APNs Change the default LAN subnet Change the LAN address type Configure SIM PIN Configure system settings Enable or disable Bluetooth service IX14 User Guide...
Page 42: Configure Cellular Modem Apns
Configure cellular modem APNs Configure cellular modem APNs The IX14 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 43 9. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 44 The default is none. 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: (config)> network interface modem modem apn_lock true (config)> 8. Save the configuration and apply the change: IX14 User Guide...
Page 45 Configure cellular modem APNs (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 46: Change The Default Lan Subnet
Change the default LAN subnet Change the default LAN subnet You can change the IX14 default LAN subnet—192.168.2.1/24—to any range of private IPs. The local DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet: ...
Page 47: Change The Lan Address Type
By default, the LAN interface uses a static IP address. To configure it to use a DHCP address instead:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 48 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 49: Configure Sim Pin
3. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 50 Schedule system maintenance tasks for more information. 7. Configure Time: Time > Timezone: Select the timezone for the IX14. NTP servers: If you want to add an NTP server, click  and specify the URL for the server. IX14 User Guide...
Page 51 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 52 5. If you want to add custom scripts, see Schedule system maintenance tasks for more information. 6. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value IX14 User Guide...
Page 53 The status interval determines how often the status event is reported. The value of the status interval uses the format number{w|d|h|m|s}. Disable informational logging of arping events: (config)> system log event arping info false (config)> IX14 User Guide...
Page 54 (config)> system log event network status false (config)> system log event network status_interval value (config)> Disable status events related to OpenVPN events, or change the status interval for OpenVPN status event logging from the default of 5 minutes: IX14 User Guide...
Page 55 (config)> system log event wol info false (config)> 9. To keep the current system logs when the device is rebooted: (config)> system log persistent true (config)> 10. (Optional) Configure additional syslog servers: a. Add the additional syslog server: IX14 User Guide...
Page 56: Enable Or Disable Bluetooth Service
By default, Bluetooth service is enabled. To disable or enable Bluetooth service:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. IX14 User Guide...
Page 57 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 58 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Note You will not see the IX14 Bluetooth service listed on your smart phone or tablet. IX14 User Guide...
Page 59: Interfaces
Interfaces IX14 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs) Local Area Networks (LANs)
Page 60: Wireless Wide Area Networks (Wwans)
Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX14 device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 61 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 62 For Attempts, type the number of probe attempts before the WAN is considered to have failed. IX14 User Guide...
Page 63 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 64 (config network interface my_wwan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: IX14 User Guide...
Page 65 (config network interface my_wwan ipv4 surelink)> attempts num (config network interface my_wwan ipv4 surelink> The default is 3. g. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: IX14 User Guide...
Page 66: Configure The Device To Reboot When A Failure Is Detected
Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the IX14 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
Page 67 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 68 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. IX14 User Guide...
Page 69 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 70 (config network interface my_wwan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: IX14 User Guide...
Page 71 (config network interface my_wwan ipv4 surelink)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 72: Disable Surelink
SureLink interface test.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 73 Wireless Wide Area Networks (WWANs)  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 74 7. Click to expand the second test target. This test target has its Test type set to Test DNS servers configured for this interface. 8. Click the menu icon (...) next to the target and select Delete. 9. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 75: Using Cellular Modems In A Wireless Wan (Wwan)
Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX14 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX14 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 76 Wireless Wide Area Networks (WWANs) Configure cellular modem APNs The IX14 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 77 9. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 78 The default is none. 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: (config)> network interface modem modem apn_lock true (config)> 8. Save the configuration and apply the change: IX14 User Guide...
Page 79 The modem status window is displayed  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 80 Command line To unlock a SIM card: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 81 To run AT commands from the IX14 command line:  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 82 Site-to-site networking, without the overhead of tunneling for each device. To accomplish this, we will create separate WWAN interfaces that use the same modem but use different APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.  WebUI IX14 User Guide...
Page 83 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Increase the maximum number of interfaces allowed for the modem: a.
Page 84 Interfaces Wireless Wide Area Networks (WWANs) f. (Optional): Configure the public APN. If the public APN is not configured, the IX14 will attempt to determine the APN. i. Click to expand APN list > APN. ii. For APN, type the public APN for your cellular carrier.
Page 85 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 86 Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the IX14 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
Page 87 Set the type to interface: (config network route policy 1)> dst type interface (config network route policy 1)> ii. Set the interface to WWANPrivate : (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> IX14 User Guide...
Page 88: Configure A Wireless Wide Area Network (Wwan)
The IPv6 management priority of the WAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. The IPv6 Maximum Transmission Unit (MTU) of the WAN. IX14 User Guide...
Page 89  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 90 The default setting is When primary default route. f. SIM failover is enabled by default, which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect. If IX14 User Guide...
Page 91 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the IX14 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 92 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 93 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)> plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> IX14 User Guide...
Page 94 (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> If enabled: i. Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: IX14 User Guide...
Page 95 The device will reboot if automatic SIM switching is unavailable. 7. The IX14 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 96: Show Wwan Status And Statistics
3. Under Networking, click Interfaces.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 97: Delete A Wwan
Type quit to disconnect from the device. Delete a WWAN. Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, LAN, or the preconfigured WWAN, Modem.  WebUI IX14 User Guide...
Page 98 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 99 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 100: Local Area Networks (Lans)
Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX14 device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for LAN, and you can create new LANs. This section contains the following topics:...
Page 101: About Local Area Networks (Lans)
The IPv6 Maximum Transmission Unit (MTU) of the LAN. The IPv6 prefix length and ID. IPv6 DHCP server configuration. See DHCP servers for more information. MAC address blacklist and whitelist. To create a new LAN or edit an existing LAN: IX14 User Guide...
Page 102 Local Area Networks (LANs)  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 103 If there whitelist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Click to expand MAC address whitelist. b. For Add MAC address, click . c. Type the MAC address. 13. Click Apply to save the configuration and apply the change.  Command line IX14 User Guide...
Page 104 Interfaces Local Area Networks (LANs) 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 105 (?): (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value ----------------------------------------------------------------------- -------- enable true Enable metric Metric mgmt Management priority 1500 prefix_id Prefix ID prefix_length Prefix length type prefix_delegation Type weight Weight IX14 User Guide...
Page 106: Show Lan Status And Statistics
3. Under Networking, click Interfaces.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 107 IPv6 Weight : 10 IPv6 DNS Server(s) > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 108: Delete A Lan
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 109: Dhcp Servers
Type quit to disconnect from the device. DHCP servers You can enable DHCP on your IX14 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
Page 110  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 111 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 112 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the IX14 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
Page 113 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the IX14 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
Page 114 To map static IP addresses:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 115 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 116 1. Log into the IX14 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click DHCP Leases.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
Page 117 To delete a static IP entry:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 118 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 119 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your IX14 device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
Page 120 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 121 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte IX14 User Guide...
Page 122 LAN. For the IX14 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
Page 123 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 124 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the IX14 device and to diagnose DHCP issues. ...
Page 125: Create A Virtual Lan (Vlan) Route
The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 126 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 127 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 128: User Authentication
IX14 user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for IX14 users Example user configuration IX14 User Guide...
Page 129: Ix14 User Authentication
User authentication IX14 user authentication IX14 user authentication User authentication on the IX14 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
Page 130 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. IX14 User Guide...
Page 131: Add A New Authentication Method
To add an authentication method:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
Page 132 This procedure describes how to add methods to various places in the list. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 133: Delete An Authentication Method
Type quit to disconnect from the device. Delete an authentication method  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 134 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 135: Rearrange The Position Of Authentication Methods
To reorder these so that RADIUS is first and Local users is second: 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 136 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 137: Authentication Groups
Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the IX14 device by using the serial console. Preconfigured authentication groups The IX14 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.
Page 138 User authentication Authentication groups Change the access rights for a predefined group Add an authentication group Delete an authentication group IX14 User Guide...
Page 139: Change The Access Rights For A Predefined Group
For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. Full access provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI.
Page 140 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 141: Add An Authentication Group
Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. IX14 User Guide...
Page 142 5. Click the following options, as appropriate, to enable or disable access rights for each: Admin access For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: IX14 User Guide...
Page 143 User authentication Authentication groups Full access full: provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 144 (config)> where value is either: full: provides users of this group with the ability to manage the IX14 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 145: Delete An Authentication Group
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the IX14 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
Page 146 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 147 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 148: Local Users
TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX14 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 149: Change A Local User's Password
To change a user's password:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 150 User authentication Local users The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 151: Configure A Local User
Local users  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 152 To configure a local user:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 153 Click SSH keys. b. In Add SSH key, paste or type a public encryption key that this user can use for passwordless SSH login and click . 9. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: IX14 User Guide...
Page 154 For example, to set Login limit period to ten minutes, enter 10m or 600s. j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch code: i. Click Scratch codes. ii. For Add Code, click . IX14 User Guide...
Page 155 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 156 Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> IX14 User Guide...
Page 157 Configure the valid code window size. This represents the allowed number of concurrently valid codes. In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. IX14 User Guide...
Page 158: Delete A Local User
10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your IX14:  WebUI IX14 User Guide...
Page 159 User authentication Local users 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete.
Page 160 Local users  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 161: Terminal Access Controller Access-Control System Plus (Tacacs+)
With TACACS+ support, the IX14 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
Page 162: Tacacs+ User Configuration
The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX14. Alternatively, if the user is also configured as a local user on the IX14 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 163: Tacacs+ Server Failover And Fallback To Local Authentication
$ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX14 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 164 TACACS+ authentication fails. Other authentication methods will only be used if the TACACS+ server is unavailable. 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX14 authentication group or groups that the user is a member of. IX14 User Guide...
Page 165 For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the IX14 configuration. 8. Add TACACS+ to the authentication methods: a. Click Authentication > Methods.
Page 166 TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_ attribute in the IX14 configuration. (config)> auth tacacs+ group_attribute attribute-name (config)> 5. (Optional) Configure the type of service. This is the value of the service attribute in the the TACACS+ server's configuration.
Page 167 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of IX14 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 168 15. Save the configuration and apply the change: (config)> save Configuration saved. > 16. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 169: Remote Authentication Dial-In User Service (Radius)
With RADIUS support, the IX14 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.
Page 170: Radius User Configuration
(password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication. This section outlines how to configure a RADIUS server to be used for user authentication on your IX14 device.
Page 171: Configure Your Ix14 Device To Use A Radius Server
If the RADIUS servers are unavailable and the IX14 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
Page 172 7. (Optional) For NAS ID, type the unique identifier for this network access server (NAS). You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: IX14 User Guide...
Page 173 User authentication Remote Authentication Dial-In User Service (RADIUS) If you are accessing the IX14 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the IX14 device by using ssh, the default value is sshd.
Page 174 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX14 device by using the WebUI, the default value is for NAS ID is httpd.
Page 175 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of IX14 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 176: Ldap
When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX14 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
Page 177: Ldap User Configuration
(password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX14 device.
Page 178: Ldap Server Failover And Fallback To Local Configuration
LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX14 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 179 User authentication LDAP 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
Page 180 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). 11. (Optional) For Group attribute, type the name of the user attribute that contains the list of IX14 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 181 LDAP  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 182 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 9. (Optional) Set the name of the user attribute that contains the list of IX14 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 183: Disable Shell Access
If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 184 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 185: Set The Idle Timeout For Ix14 Users
By default, the Idle timeout is set to 10 minutes.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 186 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 187: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 188 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 189: Example 2: Radius, Tacacs+, And Local Authentication For One User
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example 2: RADIUS, TACACS+, and local authentication for one user Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. IX14 User Guide...
Page 190 User authentication Example user configuration In this example, when the user attempts to log in to the IX14 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
Page 191 The authentication group on the IX14 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the IX14 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. IX14 User Guide...
Page 192 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. IX14 User Guide...
Page 193 Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the IX14 device, admin, is identified in the Unix-FTP- Group-Names parameter. c. Save and close the users file. IX14 User Guide...
Page 194 Save and close the tac_plus.conf file. 3. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 195 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 196: Firewall
Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options IX14 User Guide...
Page 197: Firewall Configuration
IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the IX14 to be forwarded to other servers by translating the destination address.
Page 198  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 199: Configure The Firewall Zone For A Network Interface
Internal, to External.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 200 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 201: Delete A Custom Firewall Zone
Type quit to disconnect from the device.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 202 Firewall Firewall configuration 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 203: Port Forwarding Rules
Port forwarding rules  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 204 To configure a port forwarding rule:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
Page 205 13. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 206 7. Set the type of internet protocol . (config firewall dnat 0)> protocol value (config firewall dnat 0)> Network connections will only be forwarded if they match the selected protocol. Allowed values are custom, tcp, tcpudp, or upd. The default is tcp. IX14 User Guide...
Page 207 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------------------- --------- IX14 User Guide...
Page 208: Delete A Port Forwarding Rule
To delete a port forwarding rule:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
Page 209 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 210 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 211: Packet Filtering
By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the IX14 device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
Page 212 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. IX14 User Guide...
Page 213 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 214 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> IX14 User Guide...
Page 215: Enable Or Disable A Packet Filtering Rule
To enable or disable a packet filtering rule:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 216 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 217: Delete A Packet Filtering Rule
To delete a packet filtering rule:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
Page 218 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 219: Configure Custom Firewall Rules
To configure custom firewall rules:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
Page 220: Configure Quality Of Service Options
(packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the IX14 device on the binding's interface. By default, the IX14 device has two preconfigured QoS bindings, Outbound and Inbound.
Page 221 7. Examine the remaining default settings and modify as appropriate for your network. 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
Page 222 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Create a new binding IX14 User Guide...
Page 223 Configure Quality of Service options  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
Page 224 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. IX14 User Guide...
Page 225 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change.  Command line IX14 User Guide...
Page 226 Firewall Configure Quality of Service options 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 227 The fall-back policy will be used for traffic that is not matched by any other policy. If there is no default policy associated with this binding, packets that do not match any policy rules will be dropped. If the policy is not a fall-back policy, you must configure at least one rule: IX14 User Guide...
Page 228 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. IX14 User Guide...
Page 229 (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Only traffic from the MAC address typed in MAC address will be matched. Set the MAC address to be matched: IX14 User Guide...
Page 230 Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> IX14 User Guide...
Page 231 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 232: System Administration
This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your IX14 device Reset the device to factory defaults Configuration files Schedule system maintenance tasks Create a Virtual LAN (VLAN) route...
Page 233: Review Device Status
Show basic system information: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 234: Configure System Information
Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your IX14 device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
Page 235 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 236: Update System Firmware
For example, IX14-20.8.22.32.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 237: Certificate Management For Firmware Images
The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The IX14 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
Page 238 6. Click Update Firmware.  Command line 1. Download the IX14 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 239: Dual Boot Behavior
> reboot Rebooting system > 7. Once the device has rebooted, log into the IX14's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 240: Update Cellular Module Firmware
2. Duplicate the firmware: > system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device.  WebUI This operation is available from the WebUI only. There is no equivalent functionality at the CLI.
Page 241: Reboot Your Ix14 Device
Select the firmware. 7. Click Update. Reboot your IX14 device You can reboot the IX14 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...
Page 242: Reboot Your Device Immediately
Schedule reboots of your device  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 243 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 244: Reset The Device To Factory Defaults
 WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. IX14 User Guide...
Page 245 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX14 by using the serial port or by using an Ethernet cable to connect the IX14 LAN port to your PC. b. Log into the IX14: User name: Use the default user name: admin.
Page 246 3. After resetting the device: a. Connect to the IX14 by using the serial port or by using an Ethernet cable to connect the IX14 LAN port to your PC.
Page 247 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 248: Configuration Files
Save configuration changes When you make changes to the IX14 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.
Page 249: Save Configuration To A File
Type quit to disconnect from the device. Save configuration to a file You can save your IX14 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
Page 250: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX14 device by using a backup from the device, or a backup from a similar device. ...
Page 251 IX14 device. local-path is the location on the IX14 device where the copied file will be placed. IX14 User Guide...
Page 252 3. Enter the following: > system restore path [passphrase passphrase] where path is the location of configuration backup file on the IX14's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.
Page 253: Schedule System Maintenance Tasks
Custom scripts that should be run as part of the configuration check.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 254 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care. Scripts created here are also automatically entered in Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. IX14 User Guide...
Page 255 Click to enable Log script output to log the script's output to the system log. ii. Click to enable Log script errors to log script errors to the system log. If neither option is selected, only the script's exit code is written to the system log. IX14 User Guide...
Page 256 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 257 (config system schedule script 0)> b. (Optional) Provide a label for the script. (config system schedule script 0)> label value (config system schedule script 0)> where value is any string. if spaces are used, enclose value within double quotes. IX14 User Guide...
Page 258 If set_time is set, set the time that the script should run, using the format HH:MM: (config system schedule script 0)> run_time HH:MM (config system schedule script 0)> maintenance_time: The script will run during the system maintenance time window. IX14 User Guide...
Page 259 Make a change to the script. Disable once. h. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. (config system schedule script 0)> sandbox true (config system schedule script 0)> IX14 User Guide...
Page 260: Create A Virtual Lan (Vlan) Route
To create a VLAN:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
Page 261 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 262 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 263: Serial Port
IX14 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your IX14 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the IX14 device's serial port.
Page 264 For Data bits, select the number of data bits used by the device to which you want to connect. d. For Parity, select the type of parity used by the device to which you want to connect. IX14 User Guide...
Page 265 8. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. IX14 User Guide...
Page 266 Serial port  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 267 Set the number of bytes of output from the serial port that are written to buffer. These bytes are redisplayed when a user connects to the serial port. (config)> serial port1 history bytes (config) The default is 4000 bytes. IX14 User Guide...
Page 268 (Optional) Configure the access control list to limit access to the TCP connection: To limit access to specified IPv4 addresses and networks: (config serial USB_port)> add service tcp acl address end value (config serial USB_port)> Where value can be: IX14 User Guide...
Page 269 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config serial USB_port)> add service tcp acl interface end value (config serial USB_port)>...
Page 270 Set the telnet port: (config serial USB_port)> service telnet port port (config serial USB_port)> iii. (Optional) Configure the access control list to limit access to the telnet connection: To limit access to specified IPv4 addresses and networks: IX14 User Guide...
Page 271 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)>...
Page 272 Set the ssh port: (config serial USB_port)> service ssh port port (config serial USB_port)> iii. (Optional) Configure the access control list to limit access to the telnet connection: To limit access to specified IPv4 addresses and networks: IX14 User Guide...
Page 273 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)>...
Page 274 Enable TCP access: (config)> serial port1 service tcp enable false (config)> b. Set the TCP port: (config)> serial port1 service tcp port port (config)> c. (Optional) Configure the access control list to limit access to the TCP connection: IX14 User Guide...
Page 275 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add serial port1 service tcp acl interface end value (config)>...
Page 276 (config)> b. Set the telnet port: (config)> serial port1 service telnet port port (config)> c. (Optional) Configure the access control list to limit access to the telnet connection: To limit access to specified IPv4 addresses and networks: IX14 User Guide...
Page 277 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add serial port1 service telnet acl interface end value (config)>...
Page 278 (config)> add serial port1 service ssh acl address end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the ssh port. IX14 User Guide...
Page 279 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add serial port1 service ssh acl interface end value (config)>...
Page 280: Show Serial Status And Statistics
3. Under Connections, click Serial.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 281 -------- Serial 1 port1 true login 115000 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 282 Simple Network Management Protocol (SNMP) Configure the Modbus gateway System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service IX14 User Guide...
Page 283: Allow Remote Access For Web Administration And Ssh
Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the IX14's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The IX14 device must have a publicly reachable IP address.
Page 284 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 285 Allow remote access for web administration and SSH  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 286 Services Allow remote access for web administration and SSH 6. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 287: Configure The Web Administration Service
By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the IX14's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
Page 288 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 289 Configure the service  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
Page 290 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 291 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 292 Repeat this step to list additional firewall zones. 4. (Optional) If you have your own signed SSL certificate, set the certificate and private key in PEM format. If not set, the device will use an automatically-generated key. (config)> service web_admin cert cert.pem IX14 User Guide...
Page 293 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 294: Configure Ssh Access
Services Configure SSH access Configure SSH access The IX14's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
Page 295 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 296 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 297 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 298 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service ssh acl interface end value (config)>...
Page 299 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 300: Use Ssh With Key Authentication
SSH public key for the user Additional configuration items If you want to access the IX14 device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
Page 301 These instructions assume an existing user named temp_user. 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 302 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 303: Configure Telnet Access
The telnet service is disabled by default. To enable the service:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 304 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 305 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 306 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 307 Services Configure telnet access To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 308: Configure Dns
Type quit to disconnect from the device. Configure DNS The IX14 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
Page 309 Services Configure DNS 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS. 4. Click Access control list to configure access control: To limit access to specified IPv4 addresses and networks: a.
Page 310 Type the IP address of the host. d. For Name, type the hostname. 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
Page 311 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service dns acl interface end value (config)>...
Page 312 By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: (config)> service dns query_all_servers false (config> IX14 User Guide...
Page 313 Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> IX14 User Guide...
Page 314 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 315: Simple Network Management Protocol (Snmp)
By default, the IX14 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a IX14 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
Page 316 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 317 13. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 318 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service snmp acl interface end value (config)>...
Page 319 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES (config)> IX14 User Guide...
Page 320: Download Mibs
4. Click Download. Configure the Modbus gateway Your IX14 supports the ability to function as a Modbus gateway, to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the IX14 gateway allows for communication between buses and and networks that use the Modbus protocol.
Page 321 If connection type is set to serial: Whether to use half duplex (two wire) mode. Whether packets should be delivered to a fixed Modbus address. Whether packets should have their Modbus address adjusted downward before to delivery. IX14 User Guide...
Page 322: Configure Gateway Servers
Configure the Modbus gateway  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Modbus Gateway.
Page 323 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX14 device. 5. For Packet mode, select RTU or RAW (if Connection typeis set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 324: Configure Clients
No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 325 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX14 device. 5. For Packet mode, select RTU or RAW (if Connection typeis set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 326 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 327 17. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 328 (config servic server)> where value is any number of minutes or seconds up to a maximum of 15 minutes, and takes the format number{m|s}. For example, to set inactivity_timeout to ten minutes, enter either 10m or 600s: IX14 User Guide...
Page 329 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway server test_modbus_server)> serial half_duplex true (config service modbus_gateway server test_modbus_server)> c. Repeat the above instructions for additional servers. IX14 User Guide...
Page 330 1 and 65535. The default is 502. iii. Set the packet mode: (config service modbus_gateway client test_modbus_client)> socket packet_mode value (config service modbus_gateway client test_modbus_client)> where value is either rtu or ascii. The default is rtu. IX14 User Guide...
Page 331 If connection_type is set to serial: i. Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_client)> ... serial port ? Serial Additional Configuration --------------------------------------------------------- ---------------------- port1 Port 1 (config service modbus_gateway client test_modbus_client)> IX14 User Guide...
Page 332 (config service modbus_gateway client test_modbus_client)> response_ timeout 100ms (config service modbus_gateway client test_modbus_client)> The default is 700ms. f. Configure the address filter: This filter is used by the gateway to determine if a message should be forwarded to a IX14 User Guide...
Page 333 Modbus address on different buses. For example, if there are two devices on two different buses that have the same Modbus address of 10, you can create two clients on the gateway: IX14 User Guide...
Page 334 6. Save the configuration and apply the change: (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 335: System Time
The IX14 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
Page 336 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 337 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
Page 338: Network Time Protocol
Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The IX14 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
Page 339 3. Click Services > NTP. 4. Enable the IX14 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the IX14 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
Page 340 Select the Timezone for the location of your IX14 device. 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. IX14 User Guide...
Page 341 See Configure the system time more information about NTP client configuration. 5. (Optional) Configure the access control list to limit downstream access to the IX14 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
Page 342 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service ntp acl interface end value (config)>...
Page 343 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX14 device can use the NTP service. 6. (Optional) Set the timezone for the location of your IX14 device. The default is UTC. (config)> system time timezone value (config)>...
Page 344: Configure A Multicast Route
7. Type the Source port. Ensure the port is not used by another protocol. 8. Select a Source interface where multicast packets will arrive. 9. Select a Destination interface that the IX14 device will use to send mutlicast packets. 10. Click Apply to save the configuration and apply the change.
Page 345 Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback /network/interface/modem Current value: (config service multicast test)> src_interface b. Set the interface. For example: (config service multicast test)> src_interface /network/interface/LAN (config service multicast test)> IX14 User Guide...
Page 346: Enable Service Discovery (Mdns)
Services Enable service discovery (mDNS) 8. Set the destination interface that the IX14 device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)> a. Use the ? to determine available interfaces: (config service multicast test)>interface ? Destination interface: Which interface to send the multicast packets.
Page 347 No limit to IPv6 addresses that can access the mDNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces.
Page 348 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 349 Services Enable service discovery (mDNS) To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service mdns acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 350: Use The Iperf Service
Type quit to disconnect from the device. Use the iPerf service Your IX14 device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 351 Services Use the iPerf service 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > IPerf.
Page 352 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 353 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config)> add service iperf acl interface end value (config)>...
Page 354: Example Performance Test Using Iperf3
Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX14 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 355 Services Use the iPerf service [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. IX14 User Guide...
Page 356 Applications The IX14 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
Page 357: Configure Applications To Run Automatically
Whether the script should run one time only. Task one: Upload the application  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. IX14 User Guide...
Page 358 IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX14 device, issue the following command: >...
Page 359: Task Two: Configure The Application To Run Automatically
Use with care.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
Page 360 If neither option is selected, only the script's exit code is written to the system log. 9. For Maximum memory, enter the maximum amount of memory available to be used by the script and its subprocesses, using the format number{b|bytes|KB|k|MB|MB|M|GB|G|TB|T}. IX14 User Guide...
Page 361 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 362 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). IX14 User Guide...
Page 363: Run A Python Application At The Shell Prompt
Run a Python application at the shell prompt Python applications can be run from a file at the shell prompt. The Python application will run until it completes, displaying output and prompting for additional user input if needed. To interrupt the application, enter CTRL-C. IX14 User Guide...
Page 364 The uploaded file is uploaded to the /etc/config/scripts directory.  Command line a. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 365: Start An Interactive Python Session
IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX14 device, issue the following command: >...
Page 366 >>> help("digidevice") Help on package digidevice: NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().
Page 367: Digidevice Module
Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages IX14 User Guide...
Page 368: Use Digidevice.cli To Execute Cli Commands
1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 369: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager
Help for using Python to execute IX14 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 370 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: 1. Log into the IX14 command line as a user with shell access.
Page 371: Use Digidevice.config For Device Configuration
Read the device configuration Use the get() method to read the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 372 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 373: Use Python To Respond To Digi Remote Manager Sci Requests
Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX14 device, and use the device_request module to send responses to those requests to Remote Manager.
Page 374 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
Page 375 Remote Manager: from digidevice import device_request from digidevice import cli import time def handler(target, request): return cli.execute("show system verbose") IX14 User Guide...
Page 376  WebUI i. Log into the IX14 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
Page 377 Click Apply to save the configuration and apply the change.  Command line i. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 378 > reboot To run the application from the shell prompt: i. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 379 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX14 Serial Number : IX14-000068 Hostname : IX14 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 20.8.22.32...
Page 380 : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX14 Serial Number : IX14-000023 Hostname : IX14 : 00:40:D0:26:79:1C Hardware Version : 50001959-01 A Firmware Version : 20.8.22.32...
Page 381 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the IX14 command line as a user with shell access.
Page 382: Use Digidevice Runtime To Access The Runtime Database
Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 383 Get help for reading and modifying the device runtime database by accessing help for digidevice.runt: 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 384: Use Python To Upload The Device Name To Digi Remote Manager
Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
Page 385 Digidevice module Upload a custom name 1. Log into the IX14 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 386: Use Python To Send And Receive Sms Messages
You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
Page 387 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 388: Use Python To Access Serial Ports
Use Python to access serial ports You can use the Python serial module to access serial ports on your IX14 device that are configured to be in Application mode. See Configure the serial port for information about configuring a serial port in Application mode.
Page 389: Use The Paho Mqtt Python Library
6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your IX14 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
Page 390 = cmd_path[len(PREFIX_CMD):] else: print("Invalid command path ({}), cannot send reply".format(cmd_path)) return reply = { "cmd": cmd, "status": status client.publish(PREFIX_RSP + path + "/" + cid, json.dumps(reply, separators= (',',':'))) def on_connect(client, userdata, flags, rc): print("Connected to MQTT server") IX14 User Guide...
Page 391 'r') as f: for line in f: elems = line.split() if len(elems) != 5: continue leases.append({"mac": elems[1], "ip": elems[2], "host": elems [3]}) if leases: client.publish(PREFIX_EVENT + "/leases", json.dumps(leases, separators=(',',':'))) except: print("Failed to open DHCP leases file") IX14 User Guide...
Page 392: Stop A Script That Is Currently Running
 Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. IX14 User Guide...
Page 393: Show Script Information
The Scripts page displays:  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 394 > show scripts Index Label Script Enabled Status Run time ----- --------------- -------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- IX14 User Guide...
Page 395 "$default_intf" log=$(runt log network.mgmt.log) accns_log network_mgmt "${log:+type=mgmt~}$log" > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 396 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 397: Digi Remote Manager Support
Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your IX14 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
Page 398 Central management Configure Digi Remote Manager IX14 User Guide...
Page 399 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the IX14 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
Page 400 16. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 401 (config)> cloud drm drm_url url (config)> 6. (Optional) Set the amount of time that the IX14 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
Page 402 Central management Configure Digi Remote Manager 30 seconds to two hours. The default is 290 seconds. (config)> cloud drm cellular_keep_alive value (config)> where value is any number of hours, minutes, or seconds, and takes the format number{h|m|s}. For example, to set the cellular keep-alive interval to ten minutes, enter either 10m or 600s: (config)>...
Page 403: Collect Device Health Data And Set The Sample Interval
Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is...
Page 404 To avoid a situation where several devices are uploading health metrics information to Remote Manager at the same time, the IX14 device includes a preconfigured randomization of two minutes for uploading metrics. For example, if Health sample interval is set to five minutes, the metrics will be uploaded to Remote Manager at a random time between five and seven minutes.
Page 405 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 406 Central management Collect device health data and set the sample interval 6. (Optional) Tuning parameters allow to you configure what data are uploaded to the Digi Remote Manager. By default, all tuning parameters are enabled. To view a list of all available tuning parameters, use the show command: (config)>...
Page 407: Log Into Digi Remote Manager
1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 408: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.
Page 409: Add A Device To Digi Remote Manager
The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your IX14 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...
Page 410: Use The Digi Remote Manager Mobile App
The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.
Page 411: Configure Multiple Devices Using Profiles
2. Follow the prompts to complete your IX14 registration. Digi Remote Manager registers your IX14 and adds it to your Digi Remote Manager device list. You can now manage the device remotely using Digi Remote Manager.
Page 412 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe IX14 User Guide...
Page 413: Intelliflow
WebUI. To use intelliFlow, the IX14 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
Page 414 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 415 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 416: Use Intelliflow To Display Average Cpu And Ram Usage
This procedure is only available from the WebUI. To display display average CPU and RAM usage:  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 417: Use Intelliflow To Display Top Data Usage Information
Top data usage by service To generate a top data usage chart:  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
Page 418 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. IX14 User Guide...
Page 419: Use Intelliflow To Display Data Usage By Host Over Time
Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 420: Configure Netflow Probe
To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX14 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 421 Configure NetFlow Probe  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
Page 422 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 423 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. IX14 User Guide...
Page 424 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 425: Virtual Private Networks (Vpn)
Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO IX14 User Guide...
Page 426: Ipsec
Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. IX14 User Guide...
Page 427: Authentication
Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX14 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX14 device uses a private RSA key to authenticate with a...
Page 428 The lifetime of the IPsec tunnel before it is renegotiated. The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. IX14 User Guide...
Page 429 Virtual Private Networks (VPN) IPsec  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 430 Transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. 12. Select the Protocol, either: ESP (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. AH (Authentication Header): Provides authentication and integrity only. IX14 User Guide...
Page 431 Type the Username and Password that the device will use to authenticate as an XAUTH client with the peer. 16. (Optional) Click Enable MODECFG client to receive configuration information, such as the private IP address, from the remote peer. IX14 User Guide...
Page 432 IPv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ ADDR IKE identity. For IPv4 ID value, type an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. IX14 User Guide...
Page 433 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . IX14 User Guide...
Page 434 For Hash, select the type of hash to use to verify communication integrity. iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key exchange. v. You can add additional Phase 1 proposals by clicking  next to Add Phase 1 Proposal. IX14 User Guide...
Page 435 NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. 23. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 24. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 436 IPsec  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 437 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. IX14 User Guide...
Page 438 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
Page 439 MODECFG client functionality configures the device to receive configuration information, such as the private IP address, from the remote peer. a. Enable MODECFG client functionality: (config vpn ipsec tunnel ipsec_example)> modecfg_client enable true (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
Page 440 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> local id rfc822_id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. IX14 User Guide...
Page 441 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id ipv6_id id (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
Page 442 (config vpn ipsec tunnel ipsec_example)> e. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: (config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
Page 443 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. IX14 User Guide...
Page 444 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. IX14 User Guide...
Page 445 (config)> c. Set the number of seconds between transmissions of dead peer packets. Dead peer packets are only sent when the tunnel is idle. The default is 60. (config)> vpn ipsec tunnel ipsec_example dpd delay value (config)> IX14 User Guide...
Page 446 Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)>local address Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: defaultip defaultlinklocal loopback modem IX14 User Guide...
Page 447 IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. d. Set the IP address and optional netmask of the remote network. The keyword any can also be used. IX14 User Guide...
Page 448 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 449: Configure Ipsec Failover
IPsec Configure IPsec failover You can configure the IX14 device to fail over from a primary IPsec tunnel to a backup tunnel. During configuration of the backup IPsec tunnel, identify the primary IPsec tunnel in the Preferred tunnel parameter. The Preferred tunnel parameter instructs the backup IPsec tunnel to start only when the preferred tunnel has been determined to have failed.
Page 450: Configure Surelink Active Recovery For Ipsec
Type quit to disconnect from the device. Configure SureLink active recovery for IPsec You can configure the IX14 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
Page 451 Virtual Private Networks (VPN) IPsec  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 452 IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size. DNS test or DNS test (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. IX14 User Guide...
Page 453 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 454 10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config vpn ipsec tunnel ipsec_example)> connection_monitor timeout value (config vpn ipsec tunnel ipsec_example)> IX14 User Guide...
Page 455 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_server ip_address (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_configured (IPv4) or dns_configured6 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. IX14 User Guide...
Page 456 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 connection_monitor target 0)> interface_timeout 600s (config network interface my_wan ipv4 connection_monitor target 0)> The default is 60 seconds. IX14 User Guide...
Page 457: Show Ipsec Status And Statistics
 Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 458 Virtual Private Networks (VPN) IPsec 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 459: Openvpn
OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX14 device supports two types of OpenVPN topology:...
Page 460: Configure An Openvpn Server
LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The IX14 device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
Page 461 Additional OpenVPN parameters.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
Page 462 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. IX14 User Guide...
Page 463 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: a. Click Interfaces. b. For Add Interface, click .
Page 464 OpenVPN  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 465 80, the first client IP address will be 192.168.1.80. The default is from 80. ii. Set the last address in the range limit: (config vpn openvpn server name)> server_last_ip value (config vpn openvpn server name)> IX14 User Guide...
Page 466 (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> iii. Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> IX14 User Guide...
Page 467 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX14 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
Page 468 (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> b. Configure whether the additional OpenVPN parameters should override default options: (config vpn openvpn server name)> advanced_options override true (config vpn openvpn server name)> IX14 User Guide...
Page 469: Configure An Openvpn Authentication Group And User
 WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 470 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. IX14 User Guide...
Page 471 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 472 OpenVPN  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 473: Configure An Openvpn Client By Using An .Ovpn File
OpenVPN active recovery.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 474 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 475 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > IX14 User Guide...
Page 476: Configure An Openvpn Client Without Using An .Ovpn File
OpenVPN active recovery.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 477 5. The OpenVPN client is enabled by default. To disable, click Enable. 6. The default behavior is to use an OVPN file for client configuration. To disable this behavior and configure the client manually, click Use .ovpn file to disable. IX14 User Guide...
Page 478 15. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 479 (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)> 9. Set the IP address of the OpenVPN server: (config vpn openvpn client name)> server ip_address (config vpn openvpn client name)> IX14 User Guide...
Page 480: Configure Active Recovery For Openvpn
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure active recovery for OpenVPN You can configure the IX14 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. IX14 User Guide...
Page 481 To configure the IX14 device to regularly probe the OpenVPN connection:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 482 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. IX14 User Guide...
Page 483 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. IX14 User Guide...
Page 484 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 485 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add connection_monitor target end (config vpn openvpn client openvpn_client1 connection_monitor target 0)> IX14 User Guide...
Page 486 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX14 User Guide...
Page 487: Show Openvpn Server Status And Statistics
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show OpenVPN server status and statistics You can view status and statistics for OpenVPN servers from either the web interface or the command line:  WebUI IX14 User Guide...
Page 488: Show Openvpn Client Status And Statistics
OpenVPN server's status pane.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 489 OpenVPN client's status pane.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 490: Generic Routing Encapsulation (Gre)
Task One: Create a GRE loopback endpoint interface  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 491 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 492 Task Two: Configure the GRE tunnel  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 493 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 494 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 495: Show Gre Tunnels
To view information about currently configured GRE tunnels:  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 496: Example: Gre Tunnel Over An Ipsec Tunnel
Example: GRE tunnel over an IPSec tunnel The IX14 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 497 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on IX14-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
Page 498 15. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 499 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the IX14-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
Page 500 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> IX14 User Guide...
Page 501 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). 4. For Remote endpoint, type the IP address of the GRE tunnel on IX14-2, 172.30.0.2. 5. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 502 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX14-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
Page 503 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 504 Task one: Create an IPsec tunnel  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 505 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX14-1 (testkey). 7. Click to expand Remote endpoint.
Page 506 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the IX14-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
Page 507 Task two: Create an IPsec endpoint interface  WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. IX14 User Guide...
Page 508 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > Task three: Create a GRE tunnel IX14 User Guide...
Page 509 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX14-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> IX14 User Guide...
Page 510 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel2). 5. Click to expand IPv4. 6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 511: Nemo
Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX14 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 512: Configure A Nemo Tunnel
The local network of the GRE endpoint negotiated by NEMO. If the local network is set to Interface, identify the local interface to be used.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. IX14 User Guide...
Page 513 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX14 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 514 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 515 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX14 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 516 Set the interface. For example: (config vpn nemo nemo_example)> coaddress interface LAN (config vpn nemo nemo_example)> If ip is used, set the IP address: (config vpn nemo nemo_example)> coaddress address IP_address (config vpn nemo nemo_example)> The default is defaultroute. IX14 User Guide...
Page 517 14. Save the configuration and apply the change: (config)> save Configuration saved. > 15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 518: Show Nemo Status
 Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 519 Virtual Private Networks (VPN) NEMO 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 520 Generate a support report View system event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems IX14 User Guide...
Page 521: Generate A Support Report
Attach the support report to any support requests.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 522: View System Event Logs
View System Logs  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
Page 523 Diagnostics View system event logs 5. Click  to download the system log. IX14 User Guide...
Page 524 View system event logs  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 525: View Event Logs
6. Click  to download the event log.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 526 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 527: Configure Syslog Servers
You can configure remote syslog servers for storing event and system logs.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 528 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 529 5. Set the IP protocol to use for communication with the syslog server: (config system log remote 0)> protocol value (config system log remote 0)> where value is either tcp or udp. The default is udp. 6. Save the configuration and apply the change: (config)> save Configuration saved. > IX14 User Guide...
Page 530: Configure Options For The Event And System Logs
To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 531 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the IX14 device erases system logs each time the device is powered off or rebooted. Note You should only enable Preserve system logs temporarily to debug issues.
Page 532 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the IX14 device erases system logs each time the device is powered off or rebooted.
Page 533 (config)> system log event dhcpserver status_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set the status interval to ten minutes, enter either 10m or 600s: IX14 User Guide...
Page 534 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 535: Analyze Network Traffic
Analyze network traffic Analyze network traffic The IX14 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
Page 536: Configure Packet Capture For The Network Analyzer
To configure a packet capture configuration:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
Page 537 If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. b. Enable the capture filter schedule. IX14 User Guide...
Page 538 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 539 (config network analyzer name)> duration value (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set duration to ten minutes, enter either 10m or 600s: IX14 User Guide...
Page 540: Example Filters For Capturing Data Traffic
Capture traffic for a particular IP protocol: ip proto protocol where protocol is a number in the range of 1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp. IX14 User Guide...
Page 541: Capture Packets From The Command Line
Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer packet capture configuration information. To start packet capture from the command line:  Command line IX14 User Guide...
Page 542: Stop Capturing Packets
Diagnostics Analyze network traffic 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...
Page 543: Show Captured Traffic Data
To show captured data traffic:  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 544: Save Captured Data Traffic To A File
 Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...
Page 545: Download Captured Data To Your Pc
WebUI or from the command line by using the (secure copy file) command.  WebUI 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. IX14 User Guide...
Page 546: Clear Captured Data
4. Select the saved analyzer report you want to download and click  (download).  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 547 To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. IX14 User Guide...
Page 548: Use The Ping Command To Troubleshoot Network Connections
Ping to check internet connection To check your internet connection: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 549 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the IX14 device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.
Page 550 Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) IX14 User Guide...
Page 551: Ip Routing
IP routing IP routing The IX14 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 552: Configure A Static Route
To configure a static route:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
Page 553 7. For Interface, select the interface on the IX14 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
Page 554 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the IX14 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>interface ?
Page 555: Delete A Static Route
Type quit to disconnect from the device. Delete a static route  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 556 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 557: Policy-Based Routing
However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX14 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 558: Configure A Routing Policy
To configure a routing policy:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
Page 559 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX14 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 560 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the IX14 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>interface ?
Page 561 (config network route policy 0)> where value is the port number, or the keyword any to match any port as the source port. b. Set the destination port: (config network route policy 0)> dst_port value (config network route policy 0)> IX14 User Guide...
Page 562 (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Current value: any (config network route policy 0)> src zone IX14 User Guide...
Page 563 IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the source MAC address to the specified MAC address. Set the MAC address to be matched: (config network route policy 0)> src mac MAC_address (config network route policy 0)> IX14 User Guide...
Page 564 Set the interface: a. Use the ? to determine available interfaces: (config network route policy 0)>dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback /network/interface/modem Current value: (config network route policy 0)> dst interface IX14 User Guide...
Page 565: Routing Services
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your IX14 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...
Page 566: Configure Routing Services
The IPv4 and IPv6 Babel service. IS-IS The IPv4 and IPv6 Intermediate System to Intermediate System (IS-IS) service. Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. IX14 User Guide...
Page 567 IP routing  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Routing services.
Page 568 IP routing  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 569: Show The Routing Table
To display the routing table:  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. IX14 User Guide...
Page 570 5. Click IPv6 Load Balance to view IPv6 load balancing.  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 571: Dynamic Dns
WAN or public IP address changes. Your IX14 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
Page 572 The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. IX14 User Guide...
Page 573 Dynamic DNS  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
Page 574 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 575 Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br dnsdynamic.org Default value: custom Current value: custom (config network ddns new_ddns_instance)> service IX14 User Guide...
Page 576 For example, to set force_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> force_interval 600s (config network ddns new_ddns_instance)> The default is 3d. IX14 User Guide...
Page 577: Virtual Router Redundancy Protocol (Vrrp)
For example, if a host becomes unreachable on the far end of a network link, then the physical default gateway can be changed by adjusting the VRRP priority of the IX14 device connected to the failing link. IX14 User Guide...
Page 578: Configure Vrrp
VRRP priorty of devices based on the status of their network connectivity.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 579 For Virtual IP, type the IPv4 or IPv6 address for a virtual IP of this VRRP instance. d. (Optional) Repeat to add additional virtual IPs. 11. See Configure VRRP+ for information about configuring VRRP+. 12. Click Apply to save the configuration and apply the change. IX14 User Guide...
Page 580 Virtual Router Redundancy Protocol (VRRP)  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 581: Configure Vrrp
VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX14 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
Page 582 SureLink tests.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 583 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: IX14 User Guide...
Page 584 SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. iii. For Interval, type a the amount of time to wait between connectivity tests. To guarantee seamless internet access for VRRP+ purposes, SureLink tests should occur IX14 User Guide...
Page 585 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 586 Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Set the DHCP server gateway type to custom: (config)> network interface LAN ipv4 dhcp_server advanced gateway custom (config)> IX14 User Guide...
Page 587 For example, to set interval to ten minutes, enter 5s: (config)> network interface LAN ipv4 surelink interval 5s (config)> iv. Create a SureLink test target: (config)> add network interface LAN ipv4 surelink target end (config network interface LAN ipv4 surelink target 0)> IX14 User Guide...
Page 588 (config network interface LAN ipv4 surelink target 0)> interface_down_time value (config network interface LAN ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. IX14 User Guide...
Page 589: Example: Vrrp/Vrrp+ Configuration
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two IX14 devices: Configure device one (master device) ...
Page 590 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 591 1. Click to expand Network > Interfaces > LAN > IPv4 > DHCP Server 2. For Lease range start, leave at the default of 100. 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. IX14 User Guide...
Page 592 Command line Task 1: Configure VRRP on device one 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 593 (config)> network interface LAN ipv4 dhcp_server lease_start 100 (config)> b. Set the end address to 199: (config)> network interface LAN ipv4 dhcp_server lease_end 199 (config)> 2. Set the DHCP server gateway type to custom: (config)> network interface LAN ipv4 dhcp_server advanced gateway custom (config)> IX14 User Guide...
Page 594: Configure Device Two (Backup Device)
 WebUI Task 1: Configure VRRP on device two 1. Log into the IX14 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
Page 595 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. 4. Click  to add an interface for monitoring. 5. Select Interface: Modem. 6. Click to enable Monitor VRRP+ master. 7. For Priority modifier, type 30. IX14 User Guide...
Page 596 1. Click to expand Network > Interfaces > LAN > IPv4 > DHCP Server 2. For Lease range start, type 200. 3. For Lease range end, type 250. 4. Click Advanced settings. 5. For Gateway, select Custom. IX14 User Guide...
Page 597 Command line Task 1: Configure VRRP on device two 1. Log into the IX14 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 598 Task 3, step 2 (192.168.3.1). (config)> network interface LAN ipv4 gateway 192.168.3.1 (config)> Task 4: Configure SureLink for LAN on device two 1. Enable SureLink on the LAN interface: (config)> network interface LAN ipv4 surelink enable true (config)> IX14 User Guide...
Page 599 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 600: Show Vrrp Status And Statistics
Routing Virtual Router Redundancy Protocol (VRRP) Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX14 device. VRRP status is available from the Web UI only.  WebUI 1. Log into the IX14 WebUI as a user with full Admin access rights.
Page 601 Virtual IP address(es) : 10.10.10.1, 100.100.100.1 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > IX14 User Guide...
Page 602 File system This chapter contains the following topics: The IX14 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...
Page 603: File System
The IX14 local file system The IX14 local file system The IX14 local file system has approximately 100 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.
Page 604: Create A Directory
For example: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 605: Display File Contents
For example:  Command line 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...
Page 606: Move Or Rename A File Or Directory
Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 607: Delete A File Or Directory
Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 608: Upload And Download Files
FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the IX14 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 609: Upload And Download Files By Using The Secure Copy Command
IX14 device. local-path is the location on the IX14 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX14 device, issue the following command: >...
Page 610: Upload And Download Files Using Sftp
IX14 device. For example: To copy a support report from the IX14 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 611 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit IX14 User Guide...
Page 612: Digi Ix14 Regulatory And Safety Statements
WARNING! This device must be powered off where blasting in progress, where explosive atmospheres are present, or near medical or life support equipment. CAUTION! Do not use an antenna not supplied by Digi. If a different antenna is required, consult Digi for antenna recommendations for your environment.
Page 613: Rf Exposure Statement
Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX14 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 614 Digi IX14 regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) Directive (Radio Equipment Directive). Furthermore, the manufacturer must maintain a copy of the (product name) user manual documentation and ensure the final product does not exceed the specified power ratings, antenna specifications, and/or installation requirements as specified in the user manual.
Page 615: Maximum Transmit Power For Radio Frequencies
Digi IX14 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...
Page 616: Rohs Compliance Statement
RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments...
Page 617: Special Safety Notes For Wireless Routers
Special safety notes for wireless routers Digi International products are designed to the highest standards of safety and international standards compliance for the markets in which they are sold. However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance.
Page 618: Product Disposal Instructions
At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU IX14 User Guide...
Page 619 Certifications This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1 Electromagnetic Compatibility (EMC) compliance standards EN 301-489-17 V3.1.12017...
Page 620 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference IX14 User Guide...
Page 621: Command Line Interface
Log in to the command line interface  Command line 1. Connect to the IX14 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 622: Exit The Command Line Interface
2. At the main menu, click Terminal. The device console appears. IX14 login: 3. Log into the IX14 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 623: Display Help For Commands And Parameters
Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX14 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...
Page 624: Display Help For Individual Commands
2. To display a syntax diagram and parameter information about a specific command: > show arp ? Syntax: arp [ipv4] [ipv6] [verbose] Parameters -------------------------------------------------------------------------- ----- ipv4 Display IPv4 routes. ipv6 Display IPv6 routes. verbose Display more information. > show arp IX14 User Guide...
Page 625: Use The Tab Key Or The Space Bar To Display Abbreviated Help
Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. IX14 User Guide...
Page 626: Available Commands
Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the IX14 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX14 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.
Page 627: Use The Scp Command
The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the IX14 device from a remote host, or to the remote host from the IX14 device.
Page 628: Display Status And Statistics Using The Show Command
IX14 device. For example: To copy a support report from the IX14 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 629: Show System
"445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi IX14 Serial Number : IX14-000065 : IX14 Hostname : IX14 : DF:DD:E2:AE:21:18 Hardware Version...
Page 630: Device Configuration Using The Command Line Interface
For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX14 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
Page 631 Enable [private] Private key port Port Additional Configuration -------------------------------------------------------------------------- Access control list mdns > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? IX14 User Guide...
Page 632: Configuration Mode
1. At the config prompt, enter service to move to the service node: (config)> service (config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> IX14 User Guide...
Page 633: Save Changes And Exit Configuration Mode
Discards unsaved configuration changes and exits configuration mode. save Saves configuration changes and exits configuration mode. validate Validates configuration changes. Reverts the configuration to default revert settings. See The revert command more information. show Displays configuration settings. IX14 User Guide...
Page 634: Display Command Line Help In Configuration Mode
2. You can then display help for the additional configuration commands. For example, to display help for the config service command, use one of the following methods: At the config prompt, enter service ?: (config)> service ? IX14 User Guide...
Page 635 Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter ? to display help for the ssh node: (config service ssh)> ? IX14 User Guide...
Page 636 (config service ssh)> Either of these methods will display the following information: (config)> service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true (config)> service ssh enable IX14 User Guide...
Page 637: Move Within The Configuration Schema
While in configuration mode, you can use the add, del, and move action commands to manage elements in a list. When working with lists, these actions require an index number to identify the list item that will be acted on. IX14 User Guide...
Page 638 (config)> add auth user new-user group end admin (config)> 3. Use the show command again to verify that the admin group has been added to the user's configuration: (config)> show auth user new-user group 0 admin (config)> IX14 User Guide...
Page 639 2. To configure the device to use TACACS+ authentication first to authenticate a user, use the move index_number_1 index_number_2 command: (config)> move auth method 1 0 (config)> 3. Use the show command again to verify the change: (config)> show auth method 0 tacacs+ 1 local 2 radius (config)> IX14 User Guide...
Page 640: The Revert Command
Configuration mode The revert command The revert command is used to revert changes to the IX14 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
Page 641: Enter Strings In Configuration Commands
For string parameters, if the string value contains a space, the value must be enclosed in quotation marks. For example, to assign a descriptive name for the device using the system command, enter: (config)> system description "Digi IX14" IX14 User Guide...
Page 642: Example: Create A New User By Using The Command Line
Configuration mode Example: Create a new user by using the command line In this example, you will use the IX14 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
Page 643 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX14 User Guide...
Page 644: Command Line Reference
Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute IX14 User Guide...
Page 645: Analyzer
Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING IX14 User Guide...
Page 646 The source file or directory to copy. Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True IX14 User Guide...
Page 647: Help
Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None IX14 User Guide...
Page 648 Directory listing command. ls [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True IX14 User Guide...
Page 649: Mkdir
Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING IX14 User Guide...
Page 650: Modem
The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. IX14 User Guide...
Page 651 Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. IX14 User Guide...
Page 652 SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True IX14 User Guide...
Page 653: Modem Puk Status [Imei String] [Name String]
The PIN code to change to. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. IX14 User Guide...
Page 654 The SIM slot to change to. Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True IX14 User Guide...
Page 655: More
Command line interface Command line reference more path The file to view. Syntax: STRING IX14 User Guide...
Page 656 The source file or directory to move. Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True IX14 User Guide...
Page 657: Ping
If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 IX14 User Guide...
Page 658: Reboot
Command line interface Command line reference reboot Reboot the system. Parameters None IX14 User Guide...
Page 659 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True IX14 User Guide...
Page 660: Scp
Syntax: STRING Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING IX14 User Guide...
Page 661: Show
Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. IX14 User Guide...
Page 662 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True IX14 User Guide...
Page 663 Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True IX14 User Guide...
Page 664 The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show nemo [name STRING] Show NEMO status and statistics. Parameters name The name of a specific NEMO instance. IX14 User Guide...
Page 665 Display all clients including disabled clients. Syntax: BOOLEAN Default: False Optional: True name Display more details and config data for a specific OpenVPN client. Syntax: STRING Optional: True openvpn server [all] [name STRING] Show OpenVPN server status and statistics. IX14 User Guide...
Page 666 Display IPv6 routes. Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show scripts Show scheduled system scripts Parameters None show serial PORT Show serial status and statistics. IX14 User Guide...
Page 667 Show firmware version. Parameters verbose Display more information (build date) Syntax: BOOLEAN Default: False Optional: True show vrrp [all|verbose] [name STRING] Show VRRP status and statistics. Parameters Display all VRRP instances including disabled instances. Syntax: {True|False} Type: boolean IX14 User Guide...
Page 668 Display more details for a specific Wi-Fi access point. Syntax: STRING Optional: True wifi client [all] [name STRING] Display details for Wi-Fi client mode connections. Parameters Display all Wi-Fi clients including disabled Wi-Fi client mode connections. Syntax: BOOLEAN Default: False Optional: True IX14 User Guide...
Page 669 Command line interface Command line reference name Display more details for a specific Wi-Fi client mode connection. Syntax: STRING Optional: True show wifi-scanner Show Wi-Fi scanner information. wifi-scanner log Show output log for the last update interval. Parameters None IX14 User Guide...
Page 670: System
Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. IX14 User Guide...
Page 671 Parameters script Script to stop. Syntax: STRING system support-report PATH Save a support report to a file and include with support requests. Parameters path The file path to save the support report to. Syntax: STRING IX14 User Guide...
Page 672: Traceroute
Specifies with what TTL to start. Syntax: INT Minimum: 1 Default: 1 gateway Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True IX14 User Guide...
Page 673 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes IX14 User Guide...
Page 674 For IPv6, set the Traffic Control value. A value of -1 specifies that no value will be used. Syntax: INT Minimum: -1 Default: -1 waittime Determines how long to wait for a response to a probe. Syntax: INT Minimum: 1 Default: 5 IX14 User Guide...

Digi IX14 User Manual

What's New in Digi IX14 Version 20.8

Digi IX14 Hardware Reference

Digi IX14 Quick Start

Quick Start with Digi Remote Manager Mobile App

Quick Start with IX14 Local Webui

Reset the Device to Factory Defaults

Hardware Setup

Configuration and Management

Initial Configuration

Interfaces

User Authentication

Firewall

System Administration

Services

Applications

Centralmanagement

Monitoring

Virtual Private Networks (VPN)

Diagnostics

Routing

File System

Digi IX14 Regulatory and Safety Statements

Command Line Interface

Quick Links

Related Manuals for Digi IX14

Summary of Contents for Digi IX14