Page 1 IX10 User Guide User Guide...
Page 2: Revision History-90002399
Revision history—90002399 Revision Date Description Initial release of the IX10 User Guide . October 2020 IX10 User Guide...
Page 3 Revision Date Description Release of Digi IX10 firmware version 20.11: December 2020 Modem firmware update commands added to the Admin CLI. Network bridging enhanced to use the MAC address of the first active device listed in Network > Bridges >...
Page 4 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
Page 5 Include the document title and part number (IX10 User Guide, 90002399 B) in the subject line of your email. IX10 User Guide...
Page 6: Table Of Contents
Contents Revision history—90002399 What's new in Digi IX10 version 20.11 Digi IX10 Quick start Quick start using the Digi Remote Manager mobile app Step 1: What's in the box Step 2: Gather accessories Step 3: Connect Step 4: Configure Digi IX10 hardware reference...
Page 7 Configuration and management Review IX10 default settings Local WebUI Digi Remote Manager Default interface configuration Other default configuration settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the web interface...
Page 8 Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) SNMP Security Configure Simple Network Management Protocol (SNMP) Download MIBs Modbus gateway Configure the Modbus gateway Show Modbus gateway status and statistics IX10 User Guide...
Page 9 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages Use Python to access serial ports Use the Paho MQTT python library...
Page 10 LDAP LDAP user configuration LDAP server failover and fallback to local configuration Configure your IX10 device to use an LDAP server Disable shell access Set the idle timeout for IX10 users Example user configuration Example 1: Administrator user with local authentication...
Page 11 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 12 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi IX10 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
Page 13 The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute IX10 User Guide...
Page 14: What's New In Digi Ix10 Version 20.11
What's new in Digi IX10 version 20.11 Release of Digi IX10 firmware version 20.11: Modem firmware update commands added to the Admin CLI. Network bridging enhanced to use the MAC address of the first active device listed in Network > Bridges > Bridge name > Devices as the MAC address for the bridged interface.
Page 15: Digi Ix10 Quick Start
The following steps guide you through the setup of your DigiIX10 device. Quick start using the Digi Remote Manager mobile app After connecting your hardware and powering up, you can use the Digi Remote Manager mobile app to quickly install your IX10 into your Digi Remote Manager account.
Page 16: Step 2: Gather Accessories
Step 2: Gather accessories Digi IX10 device The Digi IX10 has a product label on the bottom of the device. The label includes product identification information and the default password assigned to the device. The IX10 also includes a terminal connector for the power supply installed in the power input.
Page 17: Step 3: Connect
For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX10 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 18 Verify that the signal strength indicator on the front of the IX10 shows 2 or more bars. Note If your SIM card has an APN that is not recognized by the IX10 device, skip this step and configure the APN following the procedure at Configure cellular modem APNs.
Page 19: Step 4: Configure
Step 4: Configure Step 4: Configure This section describes how to configure the device by using the local Web UI. You can also use Digi Remote Manager to configure the device, including using a Digi RM device configuration to automatically update the device. See the Digi Remote Manager User Guide.
Page 20: Digi Ix10 Hardware Reference
10/100 BaseT Ethernet port for high-speed connectivity. For a detailed list of IX10 hardware specifications, see https://www.digi.com/products/networking/cellular-routers/industrial/digi-ix10#specifications. IX10 accessories When accessories are purchased with the IX10 device, the following are provided: Cellular antennas. Power supply. Ethernet cable. DIN rail mounting bracket, DIN rail mounting clip,...
Page 21: Ix10 Leds
The SELECT button is used to manually toggle between the two SIM slots. 8. SIM slots See Install SIM cards for more details. IX10 LEDs The IX10 LEDs are located on the top front panel. . During bootup, the front-panel LEDs light up in sequence to indicate boot progress. IX10 User Guide...
Page 22: Power (Pwr)
Digi IX10 hardware reference IX10 LEDs Power (PWR) No power. Solid green DC power is connected to the device. Solid Blue Device is ON and connected to the internet. Indicates that a SIM is in use: No SIM is present Solid green SIM1 is active.
Page 23: Signal Quality Indicators
Digi IX10 hardware reference IX10 LEDs Flashing white Solid blue ETH port connection established and in Connected to the 4G LTE and also has a the process of connecting to the ETH connection. cellular network. Flashing green Alternating Red/yellow (or orange) Connected to 2G or 3G and is in the Upgrading firmware.
Page 24: Signal Quality Bars Explained
Solid amber: 1000 Mbps link detected. Signal quality bars explained The signal status bars for the Digi IX10 measure more than simply signal strength. The value reported by the 4G LTE signal bars is calculated using an algorithm that takes into consideration the Reference...
Page 25: Ix10 Power Supply Requirements
IX10 power supply requirements IX10 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum. Use the included power supply (part number 24000154).
Page 26 Hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Mount the IX10 device IX10 User Guide...
Page 27: Hardware Setup
4. After SIM cards are installed, replace the SIM slot cover. SIM removal The IX10 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch.
Page 28: Connect Data Cables
The IX10 provides two types of data ports: Ethernet (RJ-45): Use a Cat 5e or Cat 6 Ethernet cable. Serial (RJ-50): Use a serial cable with an RJ-50 connector to connect to the IX10 device. See 10-pin serial cabling options for information about Digi's 10-pin RJ-50 cables.
Page 29 Attach the DIN rail clip to the back of the device with the screws provided. b. Set the IX10 device onto a DIN rail and gently press until the clip snaps into the rail. 2. Attach the DIN rail clip to the bottom of the device: a.
Page 30 Hardware setup Mount the IX10 device b. Set the IX10 device onto a DIN rail and gently press until the clip snaps into the rail. WARNING! If being installed above head height on a wall or ceiling, ensure the device is fitted securely to avoid the risk of personal injury.
Page 31 Configuration and management This chapter contains the following topics: Review IX10 default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the web interface Using the command line Access the command line interface...
Page 32: Configuration And Management
Configuration and management Review IX10 default settings Review IX10 default settings You can review the default settings for your IX10 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the IX10 WebUI as a user with Admin access. See Using the web interface for details.
Page 33: Other Default Configuration Settings
Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Remote...
Page 34 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 35: Configuration Methods
Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX10 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager.
Page 36: Access Digi Remote Manager
Using the web interface To connect to the IX10 local WebUI: 1. Use an Ethernet cable to connect the IX10's ETH port to a laptop or PC. 2. Open a browser and go to 192.168.2.1. The device is also accessible at the default IP address of 192.168.210.1. However, because this IP address does not use a DHCP server, to connect to this address you must configure your local PC with an appropriate static IP address (for example, 192.168.210.2).
Page 37: Log Out Of The Web Interface
Configuration and management Using the web interface Log out of the web interface On the main menu, click your user name. Click Log out. IX10 User Guide...
Page 38: Using The Command Line
Log in to the command line interface  Command line 1. Connect to the IX10 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 39: Exit The Command Line Interface
Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX10 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...
Page 40: Interfaces
Interfaces IX10 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs) Local Area Networks (LANs)
Page 41: Wireless Wide Area Networks (Wwans)
Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX10 device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 42 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 43 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 11. (Optional) Repeat this procedure for IPv6. 12. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 44 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 45 (config network interface my_wwan ipv4 surelink target 0)> interface_timeout value (config network interface my_wwan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Repeat to add additional test targets. 7. Optional active recovery configuration parameters: IX10 User Guide...
Page 46 Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config network interface my_wwan ipv4 surelink)> timeout value (config network interface my_wwan ipv4 surelink> The default is 15 seconds. 8. (Optional) Repeat this procedure for IPv6. IX10 User Guide...
Page 47: Configure The Device To Reboot When A Failure Is Detected
Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the IX10 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
Page 48 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 49 13. Click Apply to save the configuration and apply the change.  Command line Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. IX10 User Guide...
Page 50 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 51 (Optional) Repeat to add additional test targets. 8. Optional active recovery configuration parameters: a. Move back two levels in the configuration by typing ..: (config network interface my_wwan ipv4 surelink target 0)> ..(config network interface my_wwan ipv4 surelink> IX10 User Guide...
Page 52: Disable Surelink
If your device uses a private APN with no Internet access, or your device has a restricted wired WAN connection that doesn't allow DNS resolution, follow this procedure to disable the default SureLink connectivity tests. You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.  WebUI IX10 User Guide...
Page 53 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 54  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 55 9. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 56: Using Cellular Modems In A Wireless Wan (Wwan)
Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX10 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX10 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 57 Wireless Wide Area Networks (WWANs)  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Modems > Modem.
Page 58 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 59 7. Set the maximum number of interfaces. This is used when using dual-APN SIMs. The default is (config)> network modem modem max_intfs int (config)> 8. Carrier switching allows the modem to automatically match the carrier for the active SIM. Carrier switching is enabled by default. To disable: IX10 User Guide...
Page 60 Type quit to disconnect from the device. Configure cellular modem APNs The IX10 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 61 To configure the APN:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces > Modem > APN list > APN.
Page 62 9. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 63 You can view a summary status for all cellular modems, or view detailed status and statistics for a specific modem.  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click Status. 3. Under Connections, click Modems. The modem status window is displayed...
Page 64 Wireless Wide Area Networks (WWANs)  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 65 Command line To unlock a SIM card: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 66 To run AT commands from the IX10 command line:  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 67 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 68 For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the IX10 will attempt to determine the APN. i. Click to expand APN list > APN.
Page 69 Configure the source address: i. Click to expand Source address. ii. For Type, select IPv4 address. iii. For Address, type 192.168.2.101. f. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. IX10 User Guide...
Page 70 Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the IX10 will attempt to determine the APN. IX10 User Guide...
Page 71 Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through private apn" (config network route policy 0)> c. Set the interface: (config network route policy 0)> interface /network/interface/WWANPrivate (config network route policy 0)> IX10 User Guide...
Page 72: Configure A Wireless Wide Area Network (Wwan)
The firewall zone: External. The cellular modem that is used by the WWAN. Additional configuration items SIM selection for this WWAN. The SIM PIN. The SIM phone number for SMS connections. Enable or disable roaming. DNS options. SIM failover configuration. IX10 User Guide...
Page 73  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 74 The default setting is When primary default route. f. SIM failover is enabled by default, which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect. If IX10 User Guide...
Page 75 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the IX10 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 76 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 77 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)> plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> IX10 User Guide...
Page 78 (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> If enabled: i. Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: IX10 User Guide...
Page 79 The device will reboot if automatic SIM switching is unavailable. 7. The IX10 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 80: Show Wwan Status And Statistics
3. Under Networking, click Interfaces.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 81: Delete A Wwan
Type quit to disconnect from the device. Delete a WWAN. Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1, or the preconfigured WWAN, Modem.  WebUI IX10 User Guide...
Page 82 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 83: Local Area Networks (Lans)
Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX10 device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for ETH, and you can create new LANs. This section contains the following topics:...
Page 84: About Local Area Networks (Lans)
The IPv6 Maximum Transmission Unit (MTU) of the LAN. The IPv6 prefix length and ID. IPv6 DHCP server configuration. See DHCP servers for more information. MAC address blacklist and whitelist. To create a new LAN or edit an existing LAN: IX10 User Guide...
Page 85 Local Area Networks (LANs)  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 86 13. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 87 These instructions assume that the LAN will use a static IP address for its IPv4 configuration. a. Set the IPv4 address and subnet of the LAN interface. Use the format IPv4_ address/netmask, for example, 192.168.2.1/24. (config network interface my_lan)> ipv4 address ip_address/netmask (config network interface my_lan)> IX10 User Guide...
Page 88 Management priority 1500 prefix_id Prefix ID prefix_length Prefix length type prefix_delegation Type weight Weight Additional Configuration ----------------------------------------------------------------------- -------- connection_monitor Active recovery dhcpv6_server DHCPv6 server (config network interface my_lan)> View default settings for the IPv6 DHCP server: IX10 User Guide...
Page 89: Show Lan Status And Statistics
3. Under Networking, click Interfaces.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 90: Delete A Lan
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a LAN Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.  WebUI IX10 User Guide...
Page 91: Dhcp Servers
Type quit to disconnect from the device. DHCP servers You can enable DHCP on your IX10 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
Page 92  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 93 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the IX10 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
Page 94 Interfaces Local Area Networks (LANs) 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 95 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the IX10 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
Page 96 Interfaces Local Area Networks (LANs) none: No server is broadcast. auto: Broadcasts the IX10 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)> The default is auto.
Page 97 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 98 3. Under Networking, click DHCP Leases.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 99 To delete a static IP entry:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 100 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 101 Local Area Networks (LANs) Configure DHCP options You can configure DHCP servers running on your IX10 device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
Page 102 Local Area Networks (LANs)  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 103 LAN. For the IX10 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
Page 104 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 105 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the IX10 device and to diagnose DHCP issues. ...
Page 106: Create A Virtual Lan (Vlan) Route
To create a VLAN:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
Page 107 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 108 Interfaces Local Area Networks (LANs) 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 109: Serial Port
IX10 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your IX10 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the IX10 device's serial port.
Page 110 Serial port Configure the serial port 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
Page 111 Enable CTS to monitor CTS (Clear to Send) changes on this port. b. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port.  8. (Optional) Copy the serial port's configuration by clicking the (copy) icon. The Copy Configuration window displays. IX10 User Guide...
Page 112  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 113 Set the stop bits used by the device to which you want to connect: (config)> serial port1 stopbits bits (config)> e. Set the type of flow control used by the device to which you want to connect: (config)> serial port1 flow type (config) IX10 User Guide...
Page 114 (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config)> serial port1 monitor cts true (config) f. (Optional) Enable monitoring of DCD (Data Carrier Detect) changes on this port: (config)> serial port1 monitor dcd true (config) IX10 User Guide...
Page 115 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: IX10 User Guide...
Page 116 (Optional) Enable mDNS. mDNS is a protocol that resolves host names in small networks that do not have a DNS server. (config serial USB_port)> service tcp mdns enable true (config serial USB_port)> h. Configure telnet access to this port: CAUTION! This connection is not authenticated or encrypted. IX10 User Guide...
Page 117 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)>...
Page 118 (config serial USB_port)> service ssh enable false (config serial USB_port)> ii. Set the ssh port: (config serial USB_port)> service ssh port port (config serial USB_port)> iii. (Optional) Configure the access control list to limit access to the ssh connection: IX10 User Guide...
Page 119 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)>...
Page 120: Show Serial Status And Statistics
3. Under Connections, click Serial.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 121: Log Serial Port Messages
Log serial port messages To display and configure the serial port log:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Connections, click Serial. 4. Click Log.
Page 122: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) IX10 User Guide...
Page 123: Ip Routing
IP routing IP routing The IX10 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 124: Configure A Static Route
To configure a static route:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
Page 125 7. For Interface, select the interface on the IX10 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
Page 126: Delete A Static Route
The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the IX10 device that will be used with this static route: a. Use the ? to determine available interfaces: b.
Page 127 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 128: Policy-Based Routing
However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX10 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 129 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX10 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 130 For Domain, type the domain name. iv. Repeat to add additional domains. Default route: Matches packets destined for the default route, excluding routes for local networks. 13. Click Apply to save the configuration and apply the change.  Command line IX10 User Guide...
Page 131 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the IX10 device that will be used with this route policy: a. Use the ? to determine available interfaces: b. Set the interface. For example: (config network route policy 0)>...
Page 132 (config network route policy 0)> where value is one of: zone: Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? IX10 User Guide...
Page 133 (config network route policy 0)> src address6 value (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the source MAC address to the specified MAC address. Set the MAC address to be matched: IX10 User Guide...
Page 134 (config network route policy 0)> address: Matches the destination IPv4 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> dst address value (config network route policy 0)> IX10 User Guide...
Page 135: Routing Services
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your IX10 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...
Page 136: Configure Routing Services
6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 137 Complete the configuration of the routing service. For example, use the ? to view the available parameters for the RIP service: (config)> network route service rip ? Parameters Current Value ----------------------------------------------------------------------- -------- ecmp false Allow ECMP enable true Enable IX10 User Guide...
Page 138: Show The Routing Table
To display the routing table:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > Routes.
Page 139: Dynamic Dns
WAN or public IP address changes. Your IX10 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
Page 140 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Forced update interval to ten minutes, enter 10m or 600s. The setting for Forced update interval must be larger than the setting for Check Interval. IX10 User Guide...
Page 141 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 142 For example, to set check_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> check_interval 600s (config network ddns new_ddns_instance)> The default is 10m. 11. (Optional) Set the amount of time to wait to force an update of the interface's IP address: IX10 User Guide...
Page 143: Virtual Router Redundancy Protocol (Vrrp)
Multiple IX10 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the...
Page 144: Vrrp
For example, if a host becomes unreachable on the far end of a network link, then the physical default gateway can be changed by adjusting the VRRP priority of the IX10 device connected to the failing link. This provides failover capabilities based on the status of connections behind the router, in addition to the basic VRRP device failover.
Page 145 For Virtual IP, type the IPv4 or IPv6 address for a virtual IP of this VRRP instance. d. (Optional) Repeat to add additional virtual IPs. 11. See Configure VRRP+ for information about configuring VRRP+. 12. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 146 Virtual Router Redundancy Protocol (VRRP)  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 147: Configure Vrrp
VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX10 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
Page 148 SureLink tests.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 149 VRRP virtual IP addresses: i. Click to expand DHCP Server > Advanced settings. ii. For Gateway, select Custom. iii. For Custom gateway, enter the IP address of one of the virtual IPs used by this VRRP IX10 User Guide...
Page 150 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 151 (config)> 8. Configure the VRRP interface: a. Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Set the DHCP server gateway type to custom: IX10 User Guide...
Page 152 (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter 5s: (config)> network interface eth ipv4 surelink interval 5s (config)> IX10 User Guide...
Page 153 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX10 User Guide...
Page 154: Example: Vrrp/Vrrp+ Configuration
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two IX10 devices: Configure device one (master device) ...
Page 155 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 156 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. 7. Click Apply to save the configuration and apply the change.  Command line IX10 User Guide...
Page 157 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 158: Configure Device Two (Backup Device)
> 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure device two (backup device)  WebUI IX10 User Guide...
Page 159 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 160 6. For Ping host, type my.devicecloud.com. Task 5: Configure the DHCP server for ETH on device two 1. Click to expand Network > Interfaces > ETH > IPv4 > DHCP Server 2. For Lease range start, type 200. IX10 User Guide...
Page 161 Command line Task 1: Configure VRRP on device two 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 162 Task 3, step 2 (192.168.3.1). (config)> network interface eth ipv4 gateway 192.168.3.1 (config)> Task 4: Configure SureLink for ETH on device two 1. Enable SureLink on the ETH interface: (config)> network interface eth ipv4 surelink enable true (config)> IX10 User Guide...
Page 163 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 164: Show Vrrp Status And Statistics
Routing Virtual Router Redundancy Protocol (VRRP) Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX10 device. VRRP status is available from the Web UI only.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights.
Page 165 Virtual IP address(es) : 10.10.10.1, 100.100.100.1 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > IX10 User Guide...
Page 166 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO IX10 User Guide...
Page 167: Ipsec
Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. IX10 User Guide...
Page 168: Authentication
Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX10 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX10 device uses a private RSA key to authenticate with a...
Page 169 The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated.  WebUI IX10 User Guide...
Page 170 Virtual Private Networks (VPN) IPsec 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 171 Certificate Authority: For Certificate Authority chain, paste the Certificate Authority (CA) certificates. These must include all peer certificates in the chain up to the root CA certificate, in PEM format. 15. (Optional) For Management Priority, set the priority for this IPsec tunnel. IX10 User Guide...
Page 172 19. Click to expand Remote endpoint. a. For Hostname, select either a hostname or IP address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the IX10 User Guide...
Page 173 20. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. b. Click to expand Local network. IX10 User Guide...
Page 174 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. IX10 User Guide...
Page 175 NAT. 24. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 25. Click Apply to save the configuration and apply the change.  Command line IX10 User Guide...
Page 176 Virtual Private Networks (VPN) IPsec 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 177 Uses a private RSA key to authenticate with the remote peer. a. For the private_key parameter, paste the device's private RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth private_key key (config vpn ipsec tunnel ipsec_example)> IX10 User Guide...
Page 178 (config vpn ipsec tunnel ipsec_example)> ca: Uses the Certificate Authority chain for verification. For the ca_cert parameter, paste the Certificate Authority (CA) certificates. These must include all peer certificates in the chain up to the root CA certificate, in PEM format. IX10 User Guide...
Page 179 Set the ID type: (config vpn ipsec tunnel ipsec_example)> local id type value (config vpn ipsec tunnel ipsec_example)> where value is one of: auto: The ID will be automatically determined from the value of the tunnels endpoints. IX10 User Guide...
Page 180 (config vpn ipsec tunnel ipsec_example)> remote hostname value (config vpn ipsec tunnel ipsec_example)> If your device is not configured to initiate the IPsec connection (see initiate), you can also use the keyword any, which means that the hostname is dynamic or unknown. IX10 User Guide...
Page 181 (config vpn ipsec tunnel ipsec_example)> keyid: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity. Set the key ID: (config vpn ipsec tunnel ipsec_example)> remote id keyid_id id (config vpn ipsec tunnel ipsec_example)> IX10 User Guide...
Page 182 (config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime value (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set phase2_lifetime to ten minutes, enter either 10m or 600s: IX10 User Guide...
Page 183 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of ecp384, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, or modp8192, . The default is modp1024. v. (Optional) Add additional phase 1 proposals: i. Move back one level in the schema: IX10 User Guide...
Page 184 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of ecp384, modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, or modp8192, . The default is modp1024. vi. (Optional) Add additional phase 2 proposals: IX10 User Guide...
Page 185 (config vpn ipsec tunnel ipsec_example nat 0)> b. Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. IX10 User Guide...
Page 186 IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. d. Set the IP address and optional netmask of the remote network. The keyword any can also be used. IX10 User Guide...
Page 187 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 188: Configure Ipsec Failover
Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the IX10 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
Page 189 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).  Command line IX10 User Guide...
Page 190 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. IX10 User Guide...
Page 191: Configure Surelink Active Recovery For Ipsec
(config vpn ipsec tunnel backup_ipsec_tunnel)> Configure SureLink active recovery for IPsec You can configure the IX10 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
Page 192 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. IX10 User Guide...
Page 193 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. IX10 User Guide...
Page 194 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 195 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> test value (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is one of: ping (IPv4) or ping6 (IPv6): Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. IX10 User Guide...
Page 196 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: IX10 User Guide...
Page 197: Show Ipsec Status And Statistics
Show IPsec status and statistics  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 3. To view configuration details about an IPsec tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 198: Debug An Ipsec Configuration
To set the debug level to 1 by using the Admin CLI:  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 199 Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level, you can enable the IX10 device to write additional debug messages to the system log. The command accepts the following values to set the debug level: -1 —...
Page 200 4 — Also includes sensitive material in dumps (for example, encryption keys). 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 201: Openvpn
OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX10 device supports two types of OpenVPN topology:...
Page 202: Configure An Openvpn Server
LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The IX10 device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
Page 203 Additional OpenVPN parameters.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
Page 204 For Address, enter the IPv4 address or network that can access the device's service-type. Allowed values are: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. IX10 User Guide...
Page 205 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 206 LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The IX10 device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
Page 207 (config vpn openvpn server name)> port port (config vpn openvpn server name)> The default is 1194. 7. Determine the method of certificate management: a. To allow the server to manage certificates: (config vpn openvpn server name)> autogenerate true (config vpn openvpn server name)> IX10 User Guide...
Page 208 Paste the contents of the Diffie Hellman key (usually in dh2048.pem) into the value of the diffie parameter: (config vpn openvpn server name)> diffie value (config vpn openvpn server name)> 8. (Optional) Set the access control list to restrict access to the OpenVPN server: IX10 User Guide...
Page 209 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
Page 210: Configure An Openvpn Authentication Group And User
If username and password authentication is used for the OpenVPN server, you must create an OpenVPN authentication group and user. Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password authentication. See IX10 user authentication for more information about creating authentication groups and users.  WebUI...
Page 211 Virtual Private Networks (VPN) OpenVPN 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Add an OpenVPN authentication group: a.
Page 212 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 213 OpenVPN  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 214: Configure An Openvpn Client By Using An .Ovpn File
OpenVPN active recovery.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 215 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 216: Configure An Openvpn Client Without Using An .Ovpn File
The OpenVPN client is enabled by default. The mode used by the OpenVPN server, either routing (TUN), or bridging (TAP). The firewall zone to be used by the OpenVPN client. The IP address of the OpenVPN server. IX10 User Guide...
Page 217 OpenVPN active recovery.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 218 For OpenVPN parameters, type the additional OpenVPN parameters. For example, to override the configuration by using a configuration file, enter --config filename, for example, --config /etc/config/openvpn_config. 15. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 219 OpenVPN  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 220 (config vpn openvpn client name)> private_key value (config vpn openvpn client name)> 14. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn client name)> advanced_options enable true (config vpn openvpn client name)> IX10 User Guide...
Page 221: Configure Active Recovery For Openvpn
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure active recovery for OpenVPN You can configure the IX10 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
Page 222 Virtual Private Networks (VPN) OpenVPN 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 223 Down time: The amount of time that the interface can be down before this test is considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. IX10 User Guide...
Page 224 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 225 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1)> connection_monitor interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. IX10 User Guide...
Page 226 (IPv4) or http6 (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. Specify the url. Allowed value uses the format http[s]://hostname/[path]. (config vpn openvpn client openvpn_client1 connection_monitor target 0)> http_url url (config vpn openvpn client openvpn_client1 connection_monitor target 0)> IX10 User Guide...
Page 227 (config openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 228: Show Openvpn Server Status And Statistics
OpenVPN server's status pane.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 229: Show Openvpn Client Status And Statistics
OpenVPN client's status pane.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 230: Generic Routing Encapsulation (Gre)
Task One: Create a GRE loopback endpoint interface  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 231 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 232 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 233 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 234: Show Gre Tunnels
To view information about currently configured GRE tunnels:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 235: Example: Gre Tunnel Over An Ipsec Tunnel
Example: GRE tunnel over an IPSec tunnel The IX10 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 236 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on IX10-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
Page 237 15. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 238 Task two: Create an IPsec endpoint interface  WebUI 1. Click Network > Interface. 2. For Add Interface, type ipsec_endpoint1 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. IX10 User Guide...
Page 239 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.1/32: (config network interface ipsec_endpoint1)> ipv4 address 172.30.0.1/32 (config network interface ipsec_endpoint1)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint1 policy 0)> save Configuration saved. > Task three: Create a GRE tunnel IX10 User Guide...
Page 240 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX10-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> IX10 User Guide...
Page 241 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 242 Task one: Create an IPsec tunnel  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec > Tunnels.
Page 243 Generic Routing Encapsulation (GRE) 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX10-1 (testkey). 7. Click to expand Remote endpoint.
Page 244 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the IX10-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
Page 245 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> IX10 User Guide...
Page 246 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on IX10-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 247 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX10-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
Page 248 3. Set the zone to internal: (config network interface gre_interface2)> zone internal (config network interface gre_interface2)> 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> IX10 User Guide...
Page 249: Nemo
Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX10 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 250 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX10 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 251 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 252 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX10 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 253 Set the interface. For example: (config vpn nemo nemo_example)> coaddress interface eth1 (config vpn nemo nemo_example)> If ip is used, set the IP address: (config vpn nemo nemo_example)> coaddress address IP_address (config vpn nemo nemo_example)> The default is defaultroute. IX10 User Guide...
Page 254: Show Nemo Status
Show NEMO status  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, select Status > NEMO. The NEMO page appears. 3. To view configuration details about an NEMO tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 255 Virtual Private Networks (VPN) NEMO 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. To display details about all configured NEMO tunnel, type the following at the prompt: >...
Page 256 Simple Network Management Protocol (SNMP) Modbus gateway System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service IX10 User Guide...
Page 257: Allow Remote Access For Web Administration And Ssh
Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the IX10's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The IX10 device must have a publicly reachable IP address.
Page 258 Allow remote access for web administration and SSH  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 259 Services Allow remote access for web administration and SSH 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 260: Configure The Web Administration Service
By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the IX10's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
Page 261 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 262 Configure the service  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
Page 263 For example: 8. For Allow legacy encryption protocols, enable this option to allow clients to connect to the HTTPS session by using encryption protocols older than TLS 1.2, in addition to TLS 1.2 and later IX10 User Guide...
Page 264 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 265 Services Configure the web administration service To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service web_admin acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 266 (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI IX10 User Guide...
Page 267 TLS 1.2, in addition to TLS 1.2 and later protocols. This option is disabled by default, which means that only TLS 1.2 and later encryption protocols are allowed with HTTPS connections. To enable legacy encryption protocols: (config)> service web_admin legacy_encryption true (config)> 8. (Optional) Disable legacy port redirection. IX10 User Guide...
Page 268 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 269: Configure Ssh Access
Services Configure SSH access Configure SSH access The IX10's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
Page 270 Services Configure SSH access 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...
Page 271 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 272 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service ssh acl interface end value (config)>...
Page 273 6. (Optional) Set the port number for this service. The default setting of 22 normally should not be changed. (config)> service ssh port 24 (config)> 7. Save the configuration and apply the change: (config)> save Configuration saved. > IX10 User Guide...
Page 274 Services Configure SSH access 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 275: Use Ssh With Key Authentication
SSH public key for the user Additional configuration items If you want to access the IX10 device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
Page 276 These instructions assume an existing user named temp_user. 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 277: Configure Telnet Access
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 278 Configure the service  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > telnet.
Page 279 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 280 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service telnet acl interface end value (config)>...
Page 281: Configure Dns
Type quit to disconnect from the device. Configure DNS The IX10 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
Page 282 Services Configure DNS  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
Page 283 11. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 284 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service dns acl interface end value (config)>...
Page 285 (config service dns server 0)> c. To restrict the device's use of this DNS server based on the domain, use the domain command. If no domain are listed, then all queries may be sent to this server. IX10 User Guide...
Page 286 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 287: Simple Network Management Protocol (Snmp)
By default, the IX10 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a IX10 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
Page 288 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
Page 289 Simple Network Management Protocol (SNMP)  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 290 (config)> service snmp port port (config)> 8. (Optional) Configure Multicast DNS (mDNS) mDNS is a protocol that resolves host names in small networks that do not have a DNS server. For the SNMP agent, mDNS is disabled by default. To enable: IX10 User Guide...
Page 291: Download Mibs
To download a .zip archive of the SNMP MIBs supported by this device:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX10 device.
Page 292: Modbus Gateway
4. Click Download. Modbus gateway The IX10 supports the ability to function as a Modbus gateway, to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the IX10 gateway allows for communication between buses and and networks that use the Modbus protocol.
Page 293: Configure The Modbus Gateway
The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. IX10 User Guide...
Page 294 Whether packets should have their Modbus address adjusted downward before to delivery.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 295 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
Page 296 For Remote host, type the hostname or IP address of the remote host on which the Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX10 device. IX10 User Guide...
Page 297 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
Page 298 Modbus address filter set to 20. Adjust Modbus server address set to 10. This will configure the gateway to deliver all messages that have the Modbus server address address of 20 to the device with address 10. IX10 User Guide...
Page 299 17. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 300 15 minutes, and takes the format number{m|s}. For example, to set inactivity_timeout to ten minutes, enter either 10m or 600s: (config service modbus_gateway server test_modbus_server)> inactivity_timeout 600s (config service modbus_gateway server test_modbus_server)> IX10 User Guide...
Page 301 (config service modbus_gateway server test_modbus_server)> c. Repeat the above instructions for additional servers. 5. Configure clients: a. Type ... to return to the root of the configuration: (config)> add service modbus_gateway server test_modbus_server)> ... (config)> IX10 User Guide...
Page 302 Set the maximum allowable time between bytes in a packet: (config service modbus_gateway client test_modbus_client)> socket idle_gap value (config service modbus_gateway client test_modbus_client)> where value is any number between 10 milliseconds and one second, and take the format number{ms|s}. IX10 User Guide...
Page 303 ... serial port ? Serial Additional Configuration --------------------------------------------------------- ---------------------- port1 Port 1 (config service modbus_gateway client test_modbus_client)> ii. Set the port: (config service modbus_gateway client test_modbus_client)> serial port (config service modbus_gateway client test_modbus_client)> ii. Set the packet mode: IX10 User Guide...
Page 304 If it does not match the filters, the message is not forwarded. Allowed values are 1 through 255 or a hyphen-separated range. For example: To have this client filter for incoming messages that contain the Modbus address of 10, set the index 0 entry to 10: IX10 User Guide...
Page 305 Client one: filter set to 10. This will configure the gateway to deliver all messages that have the Modbus server address of 10 to this device. Client two: filter set to 20. adjust_server_address set to 10. IX10 User Guide...
Page 306: Show Modbus Gateway Status And Statistics
 Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 307 Resource Shortages Servers ------- modbus_socket ------------- Client Lookup Errors Incoming Connections Packet Errors RX Broadcasts RX Requests : 12 TX Exceptions TX Responses : 12 Clients ------- modbus_socket_41 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses IX10 User Guide...
Page 308 RX Responses RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 309: System Time
The IX10 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
Page 310 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your IX10 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
Page 311: Network Time Protocol
Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The IX10 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
Page 312: Configure The Device As An Ntp Server
3. Click Services > NTP. 4. Enable the IX10 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the IX10 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
Page 313 No limit to IPv6 addresses that can access the NTP service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
Page 314 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 315 Services Configure the device as an NTP server 5. (Optional) Configure the access control list to limit downstream access to the IX10 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)> add service ntp acl address end value (config)>...
Page 316: Configure A Multicast Route
By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX10 device can use the NTP service. 6. (Optional) Set the timezone for the location of your IX10 device. The default is UTC. (config)> system time timezone value (config)>...
Page 317 7. Type the Source port. Ensure the port is not used by another protocol. 8. Select a Source interface where multicast packets will arrive. 9. Select a Destination interface that the IX10 device will use to send mutlicast packets. 10. Click Apply to save the configuration and apply the change.
Page 318: Enable Service Discovery (Mdns)
Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 8. Set the destination interface that the IX10 device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)>...
Page 319 No limit to IPv6 addresses that can access the mDNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
Page 320 Services Enable service discovery (mDNS) 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 321: Use The Iperf Service
Type quit to disconnect from the device. Use the iPerf service Your IX10 device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 322 Additional configuration Items The port that the IX10 device's iPerf server will use to listen for incoming connections. The access control list for the iPerf server. When the iPerf server is enabled, the IX10 device will automatically configure its firewall rules to allow incoming connections on the configured listening port.
Page 323 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 324 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service iperf acl interface end value (config)>...
Page 325: Example Performance Test Using Iperf3
Done. Configure the ping responder service Your IX10 device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
Page 326 Configure the ping responder service  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Ping responder.
Page 327 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 328 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service iperf acl interface end value (config)>...
Page 329: Example Performance Test Using Iperf3
Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX10 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 330 Applications The IX10 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
Page 331: Configure Applications To Run Automatically
Whether the script should run one time only. Task one: Upload the application  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. IX10 User Guide...
Page 332 IX10 device. local-path is the location on the IX10 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX10 device, issue the following command: >...
Page 333: Task Two: Configure The Application To Run Automatically
Use with care.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
Page 334 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 335 For example, to set on_interval to ten minutes, enter either 10m or 600s: (config system schedule script 0)> on_interval 600s (config system schedule script 0)> IX10 User Guide...
Page 336 9. To run the script only once at the specified time: (config system schedule script 0)> once true (config system schedule script 0)> If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: IX10 User Guide...
Page 337: Run A Python Application At The Shell Prompt
1. Upload the Python application to the IX10 device:  WebUI a. Log into the IX10 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. IX10 User Guide...
Page 338 IX10 device. local-path is the location on the IX10 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX10 device, issue the following command: >...
Page 339: Start An Interactive Python Session
Applications Start an interactive Python session 2. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 340: Digidevice Module
Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages IX10 User Guide...
Page 341: Use Digidevice.cli To Execute Cli Commands
1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 342: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager
Help for using Python to execute IX10 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 343 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: 1. Log into the IX10 command line as a user with shell access.
Page 344: Use Digidevice.config For Device Configuration
Use the config Python module to access and modify the device configuration. Read the device configuration 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 345 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 346 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 347: Use Python To Respond To Digi Remote Manager Sci Requests
Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX10 device, and use the device_request module to send responses to those requests to Remote Manager.
Page 348 >>> In Remote Manager, you will receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="myTarget" status="0">OK</device_ request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request IX10 User Guide...
Page 349  WebUI i. Log into the IX10 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
Page 350 Click Apply to save the configuration and apply the change.  Command line i. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 351 > reboot To run the application from the shell prompt: i. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 352 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX10 Serial Number : IX10-000068 Hostname : IX10 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 20.11.32.138...
Page 353 : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX10 Serial Number : IX10-000023 Hostname : IX10 : 00:40:D0:26:79:1C Hardware Version : 50001959-01 A Firmware Version : 20.11.32.138...
Page 354 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the IX10 command line as a user with shell access.
Page 355: Use Digidevice Runtime To Access The Runtime Database
Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 356 Modify the runtime database Use the set() method to modify the runtime database: 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 357: Use Python To Upload The Device Name To Digi Remote Manager
Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
Page 358 5. Click Send. Upload a custom name 1. Log into the IX10 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 359: Use Python To Send And Receive Sms Messages
You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
Page 360 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 361: Use Python To Access Serial Ports
Use Python to access serial ports You can use the Python serial module to access serial ports on your IX10 device that are configured to be in Application mode. See Configure the serial port for information about configuring a serial port in Application mode.
Page 362: Use The Paho Mqtt Python Library
6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your IX10 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
Page 363 = cmd_path[len(PREFIX_CMD):] else: print("Invalid command path ({}), cannot send reply".format(cmd_path)) return reply = { "cmd": cmd, "status": status client.publish(PREFIX_RSP + path + "/" + cid, json.dumps(reply, separators= (',',':'))) def on_connect(client, userdata, flags, rc): print("Connected to MQTT server") IX10 User Guide...
Page 364 'r') as f: for line in f: elems = line.split() if len(elems) != 5: continue leases.append({"mac": elems[1], "ip": elems[2], "host": elems [3]}) if leases: client.publish(PREFIX_EVENT + "/leases", json.dumps(leases, separators=(',',':'))) except: print("Failed to open DHCP leases file") IX10 User Guide...
Page 365: Stop A Script That Is Currently Running
 Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. IX10 User Guide...
Page 366: Show Script Information
The Scripts page displays:  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 367 "$default_intf" log=$(runt log network.mgmt.log) accns_log network_mgmt "${log:+type=mgmt~}$log" > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 368: User Authentication
IX10 user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for IX10 users Example user configuration IX10 User Guide...
Page 369: Ix10 User Authentication
User authentication IX10 user authentication IX10 user authentication User authentication on the IX10 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
Page 370 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. IX10 User Guide...
Page 371: Add A New Authentication Method
To add an authentication method:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
Page 372 This procedure describes how to add methods to various places in the list. 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 373: Delete An Authentication Method
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 374: Rearrange The Position Of Authentication Methods
For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: IX10 User Guide...
Page 375 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 376: Authentication Groups
Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the IX10 device by using the serial console. Preconfigured authentication groups The IX10 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.
Page 377: Change The Access Rights For A Predefined Group
For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. Full access provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI.
Page 378 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 379: Add An Authentication Group
Access rights to OpenVPN tunnels, and the tunnels to which they have access. Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:  WebUI IX10 User Guide...
Page 380 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 381 Set the access level for Admin access: (config)> auth group admin acl admin level value (config)> where value is either: full: provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI. IX10 User Guide...
Page 382 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> IX10 User Guide...
Page 383: Delete An Authentication Group
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the IX10 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
Page 384 User authentication Authentication groups 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 385: Local Users
TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX10 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 386: Change A Local User's Password
To change a user's password:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 387: Configure A Local User
User authentication Local users 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 388 To configure a local user:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 389 Check Enable to enable two-factor authentication for this user. c. Select the Verification type: Time-based (TOTP): Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password. Counter-based (HOTP): HMAC-based One-Time Password (HOTP) uses a counter to validate a one-time password. IX10 User Guide...
Page 390 For Code, enter the scratch code. The code must be eight digits, with a minimum of 10000000. iv. Click  again to add additional scratch codes. 10. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 391 Local users  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 392 Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> 8. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: IX10 User Guide...
Page 393 Configure the valid code window size. This represents the allowed number of concurrently valid codes. In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. IX10 User Guide...
Page 394: Delete A Local User
10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your IX10:  WebUI IX10 User Guide...
Page 395 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 396: Terminal Access Controller Access-Control System Plus (Tacacs+)
With TACACS+ support, the IX10 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
Page 397: Tacacs+ User Configuration
The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX10. Alternatively, if the user is also configured as a local user on the IX10 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 398: Tacacs+ Server Failover And Fallback To Local Authentication
$ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX10 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 399 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX10 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
Page 400 9. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 401 TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the IX10 configuration. (config)> auth tacacs+ service service-name (config)> 6. Set the type of TLS connection used by the LDAP server: (config)>...
Page 402 Terminal Access Controller Access-Control System Plus (TACACS+) (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of IX10 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 403 15. Save the configuration and apply the change: (config)> save Configuration saved. > 16. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 404: Remote Authentication Dial-In User Service (Radius)
With RADIUS support, the IX10 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.
Page 405: Radius User Configuration
(password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication. This section outlines how to configure a RADIUS server to be used for user authentication on your IX10 device.
Page 406: Configure Your Ix10 Device To Use A Radius Server
If the RADIUS servers are unavailable and the IX10 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
Page 407 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX10 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the IX10 device by using ssh, the default value is sshd.
Page 408 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX10 device by using the WebUI, the default value is for NAS ID is httpd.
Page 409 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of IX10 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 410 RADIUS to the end of the list. See User authentication methods for information about adding methods to the beginning or middle of the list. (config)> add auth method end radius (config)> 15. Save the configuration and apply the change: (config)> save Configuration saved. > IX10 User Guide...
Page 411: Ldap
When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX10 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
Page 412: Ldap User Configuration
(password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX10 device.
Page 413: Ldap Server Failover And Fallback To Local Configuration
LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX10 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 414 User authentication LDAP 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
Page 415 14. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 416 8. Set the distinguished name (DN) on the server to search for users. This can be the root of the directory tree (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> IX10 User Guide...
Page 417 User authentication LDAP 9. (Optional) Set the name of the user attribute that contains the list of IX10 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute. (config)> auth ldap group_attribute value (config)>...
Page 418: Disable Shell Access
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 419: Set The Idle Timeout For Ix10 Users
By default, the Idle timeout is set to 10 minutes.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 420 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 421: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 422 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 423: Example 2: Radius, Tacacs+, And Local Authentication For One User
Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the IX10 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
Page 424 The authentication group on the IX10 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the IX10 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. IX10 User Guide...
Page 425 Assign the user to the admin group: i. Click Groups. ii. For Add Group, click . iii. For Group, select the admin group. a. Verify that the admin group has full administrator rights: i. Click Authentication > Groups. ii. Click admin. IX10 User Guide...
Page 426 In this example: The user's username is admin1. The user's password is password1. The authentication group on the IX10 device, admin, is identified in the Unix-FTP- Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
Page 427 Save and close the tac_plus.conf file. 3. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 428 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 429 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options IX10 User Guide...
Page 430: Firewall Configuration
IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the IX10 to be forwarded to other servers by translating the destination address.
Page 431  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 432: Configure The Firewall Zone For A Network Interface
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 433: Delete A Custom Firewall Zone
Type quit to disconnect from the device.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 434: Port Forwarding Rules
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 435: Configure Port Forwarding
To configure a port forwarding rule:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
Page 436 To specify firewall zones for white listing: a. Click Zones. b. For Add zone, click . c. For Zone, select the appropriate zone. d. Repeat for each additional zone. 13. Click Apply to save the configuration and apply the change.  Command line IX10 User Guide...
Page 437 Firewall Port forwarding rules 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 438 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------------------- --------- IX10 User Guide...
Page 439: Delete A Port Forwarding Rule
To delete a port forwarding rule:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
Page 440 Firewall Port forwarding rules 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 441: Packet Filtering
To configure a packet filtering rule:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
Page 442 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 443 (config firewall filter 1)> src_zone my_zone (config firewall filter 1)> 6. Set the destination firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. IX10 User Guide...
Page 444: Enable Or Disable A Packet Filtering Rule
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Enable or disable a packet filtering rule To enable or disable a packet filtering rule:  WebUI IX10 User Guide...
Page 445 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 446: Delete A Packet Filtering Rule
To delete a packet filtering rule:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
Page 447: Configure Custom Firewall Rules
Firewall Configure custom firewall rules 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 448 7. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 449: Configure Quality Of Service Options
(packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the IX10 device on the binding's interface. By default, the IX10 device has two preconfigured QoS bindings, Outbound and Inbound.
Page 450 Configure Quality of Service options  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 451 Firewall Configure Quality of Service options 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
Page 452 (Optional) Type a Label for the binding policy rule. iv. For Type Of Service, type the value of the Type of Service (ToS) packet header that defines packet priority. If unspecified, this field is ignored. https://www.tucny.com/Home/dscp-tos for a list of common TOS values. IX10 User Guide...
Page 453 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 454 Set a value for the amount of available bandwidth allocated to the policy, relative to other policies for this binding. The larger the weight, with respect to the other policy weights, the larger portion of the maximum bandwidth is available for this policy. For example, if a binding contains three IX10 User Guide...
Page 455 (config firewall qos 2 policy 0 rule 0)> tos value (config firewall qos 2 policy 0 rule 0)> where value is a hexadecimal number. See https://www.tucny.com/Home/dscp-tos for a list of common TOS values. IX10 User Guide...
Page 456 (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: IX10 User Guide...
Page 457 IPv6_address[/prefix_length], or any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 8. Save the configuration and apply the change: (config)> save Configuration saved. > IX10 User Guide...
Page 458 Firewall Configure Quality of Service options 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 459: System Administration
This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your IX10 device Reset the device to factory defaults Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet port...
Page 460: Review Device Status
Show basic system information: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 461: Configure System Information
Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your IX10 device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
Page 462 8. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 463: Update System Firmware
For example, IX10-20.11.32.138.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 464 4. For Version:, select the appropriate version of the device firmware. 5. Click Update Firmware. Update firmware from a local file 1. Download the IX10 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX10 WebUI as a user with Admin access.
Page 465 System administration Update system firmware 1. Download the IX10 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 466: Dual Boot Behavior
> reboot Rebooting system > 7. Once the device has rebooted, log into the IX10's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 467: Update Cellular Module Firmware
> system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device. You can also schedule modem firmware updates. See Schedule system maintenance tasks for details.
Page 468: Update Modem Firmware Over The Air (Ota)
Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the IX10 command line as a user with Admin access.
Page 469 Retrieving download location for modem firmware '25.20.666_CUST_067_1' > To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined using the modem firmware ota check or modem firmware ota list command.
Page 470: Update Modem Firmware By Using A Local Firmware File
Update cellular module firmware Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your IX10 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware. Modem firmware can be downloaded from Digi at https://ftp1.digi.com/support/firmware/dal/carrier_firmware/.
Page 471: Reboot Your Ix10 Device
Reboot your IX10 device Reboot your IX10 device You can reboot the IX10 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...
Page 472: Reset The Device To Factory Defaults
5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 473 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX10 by using the serial port or by using an Ethernet cable to connect the IX10 ETH port to your PC. b. Log into the IX10: User name: Use the default user name: admin.
Page 474 2. Enter the following: > system factory-erase 3. After resetting the device: a. Connect to the IX10 by using the serial port or by using an Ethernet cable to connect the IX10 ETH port to your PC. b. Log into the IX10: User name: Use the default user name: admin.
Page 475 You can reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command: 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 476: Configuration Files
Save configuration changes When you make changes to the IX10 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.
Page 477: Save Configuration To A File
Type quit to disconnect from the device. Save configuration to a file You can save your IX10 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
Page 478: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX10 device by using a backup from the device, or a backup from a similar device. ...
Page 479 IX10 device. local-path is the location on the IX10 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-19.05.17-19.01.17.bin local /etc/config/ to local...
Page 480 System administration Configuration files path is the location of configuration backup file on the IX10's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.
Page 481: Schedule System Maintenance Tasks
Custom scripts that should be run as part of the configuration check.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 482 Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. Scheduled scripts are enabled by default. To disable, click Enable to toggle off. c. (Optional) For Label, provide a label for the script. IX10 User Guide...
Page 483 Sandbox is enabled by default, which restricts access to the file system and available commands that can be used by the script. This option protects the script from accidentally destroying the system it is running on. IX10 User Guide...
Page 484 10. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 485 The script will run once each time the device boots. If boot is selected, set the action that will be taken when the script completes: (config system schedule script 0)> exit_action action (config system schedule script 0)> where action is one of the following: IX10 User Guide...
Page 486 If the script begins with #!, then the script will be invoked in the location specified by the path for the script command. Otherwise, the default shell will be used (equivalent to #!/bin/sh). IX10 User Guide...
Page 487: Disable Device Encryption
Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your IX10 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
Page 488: Re-Enable Cryptography After It Has Been Disabled
Disabling device encryption is not available in the WebUI. It can only be performed from the Admin CLI.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 489 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 IX10 User Guide...
Page 490: Configure The Speed Of Your Ethernet Port
Configure the speed of your Ethernet port 2. Connect the PC's Ethernet port to the Ethernet port on your IX10 device. 3. Open a telnet session and connect to the IX10 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
Page 491 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 492 System administration Configure the speed of your Ethernet port 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 493 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe IX10 User Guide...
Page 494: Intelliflow
WebUI. To use intelliFlow, the IX10 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
Page 495 6. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 496 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 497: Use Intelliflow To Display Average Cpu And Ram Usage
This procedure is only available from the WebUI. To display display average CPU and RAM usage:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 498: Use Intelliflow To Display Top Data Usage Information
Top data usage by service To generate a top data usage chart:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
Page 499 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. IX10 User Guide...
Page 500: Use Intelliflow To Display Data Usage By Host Over Time
Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 501: Configure Netflow Probe
To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX10 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 502 Configure NetFlow Probe  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
Page 503 12. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 504 Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> c. (Optional) Set the port used by the collector: (config monitoring netflow collector 0)> port port (config monitoring netflow collector 0)> IX10 User Guide...
Page 505 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 506 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 507: Digi Remote Manager Support
Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your IX10 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
Page 508 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the IX10 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
Page 509 16. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 510 (config)> cloud drm drm_url url (config)> 6. (Optional) Set the amount of time that the IX10 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
Page 511 Central management Configure Digi Remote Manager 30 seconds to two hours. The default is 290 seconds. (config)> cloud drm cellular_keep_alive value (config)> where value is any number of hours, minutes, or seconds, and takes the format number{h|m|s}. For example, to set the cellular keep-alive interval to ten minutes, enter either 10m or 600s: (config)>...
Page 512: Collect Device Health Data And Set The Sample Interval
Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is...
Page 513 To avoid a situation where several devices are uploading health metrics information to Remote Manager at the same time, the IX10 device includes a preconfigured randomization of two minutes for uploading metrics. For example, if Health sample interval is set to five minutes, the metrics will be uploaded to Remote Manager at a random time between five and seven minutes.
Page 514 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 515: Log Into Digi Remote Manager
1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 516: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.
Page 517: Add A Device To Digi Remote Manager
The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your IX10 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...
Page 518: Use The Digi Remote Manager Mobile App
2. Follow the prompts to complete your IX10 registration. Digi Remote Manager registers your IX10 and adds it to your Digi Remote Manager device list. You can now manage the device remotely using Digi Remote Manager.
Page 519: Learn More
Central management Learn more 1. Using the IX10 local WebUI, configure one IX10 router to use as the model configuration for all subsequent IX10s you need to manage. 2. Register the configured IX10 device in your Digi Remote Manager account.
Page 520 File system This chapter contains the following topics: The IX10 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...
Page 521: File System
The IX10 local file system The IX10 local file system The IX10 local file system has approximately TBD of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.
Page 522: Create A Directory
For example: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 523: Display File Contents
For example:  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...
Page 524: Move Or Rename A File Or Directory
Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 525: Delete A File Or Directory
Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 526: Upload And Download Files
FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 527: Upload And Download Files By Using The Secure Copy Command
IX10 device. local-path is the location on the IX10 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX10 device, issue the following command: >...
Page 528: Upload And Download Files Using Sftp
IX10 device. For example: To copy a support report from the IX10 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 529 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit IX10 User Guide...
Page 530 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems IX10 User Guide...
Page 531: Generate A Support Report
Attach the support report to any support requests.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 532: View System And Event Logs
View System Logs  WebUI 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
Page 533 5. Click  to download the system log.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 534: View Event Logs
6. Click  to download the event log.  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 535 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 536: Configure Syslog Servers
You can configure remote syslog servers for storing event and system logs.  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 537 5. Click Apply to save the configuration and apply the change.  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 538: Configure Options For The Event And System Logs
30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  WebUI IX10 User Guide...
Page 539 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the IX10 device erases system logs each time the device is powered off or rebooted. Note You should only enable Preserve system logs temporarily to debug issues.
Page 540 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the IX10 device erases system logs each time the device is powered off or rebooted.
Page 541 Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ info true Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver IX10 User Guide...
Page 542 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 543: Analyze Network Traffic
Analyze network traffic Analyze network traffic The IX10 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
Page 544: Configure Packet Capture For The Network Analyzer
To configure a packet capture configuration:  WebUI 1. Log into the IX10 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
Page 545 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 8. Click Apply to save the configuration and apply the change. IX10 User Guide...
Page 546 Analyze network traffic  Command line 1. Log into the IX10 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 547 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 548: Example Filters For Capturing Data Traffic
Example Ethernet capture filters Capture Ethernet packets to and from a host with a MAC address of 00:40:D0:13:35:36: ether host 00:40:D0:13:35:36 Capture Ethernet packets from host 00:40:D0:13:35:36: ether src 00:40:D0:13:35:36: Capture Ethernet packets to host 00:40:D0:13:35:36: ether dst 00:40:D0:13:35:36 IX10 User Guide...
Page 549: Capture Packets From The Command Line
To start packet capture from the command line:  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 550: Show Captured Traffic Data
Analyze network traffic  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 551 See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > show anaylzer name ? name: Name of the capture filter to use. Format: test_capture capture_ping IX10 User Guide...
Page 552: Save Captured Data Traffic To A File
 Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...
Page 553 4. Select the saved analyzer report you want to download and click  (download).  Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 554: Clear Captured Data
 Command line 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...
Page 555: Use The Ping Command To Troubleshoot Network Connections
Ping to check internet connection To check your internet connection: 1. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 556 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the IX10 device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.
Page 557: Digi Ix10 Regulatory And Safety Statements
Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX10 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 558: Ce Mark (Europe)
The IX10 is certified for use in several European countries. For information, visit www.digi.com/resources/certifications. If the IX10 is incorporated into a product, the manufacturer must ensure compliance of the final product with articles 3.1a and 3.1b of the RE Directive (Radio Equipment Directive). A Declaration of Conformity must be issued for each of these standards and kept on file as described in the RE Directive (Radio Equipment Directive).
Page 559: Maximum Transmit Power For Radio Frequencies
Digi IX10 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...
Page 560: Rohs Compliance Statement
RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments...
Page 561: Special Safety Notes For Wireless Routers
Special safety notes for wireless routers Digi International products are designed to the highest standards of safety and international standards compliance for the markets in which they are sold. However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance.
Page 562: Product Disposal Instructions
International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1...
Page 563 International EMC (Electromagnetic Compatibility) and safety standards Certification category Standards Electrical safety compliance The IX10 model 50002009-01 shall be powered using a DC power source Approved in its country of use as per ES1 [IEC 62368-1:2014(Ed.2.0)] or SELV [Safety Extra Low Voltage as per IEC 60950-1:2005(ED 2) + A1, A2.
Page 564 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference IX10 User Guide...
Page 565: Command Line Interface
Log in to the command line interface  Command line 1. Connect to the IX10 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 566: Exit The Command Line Interface
2. At the main menu, click Terminal. The device console appears. IX10 login: 3. Log into the IX10 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 567: Display Help For Commands And Parameters
Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX10 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------- Show commands help <Tab>...
Page 568: Display Help For Individual Commands
Typing the space bar has similar behavior. If multiple commands are available that will match the entered text, auto-complete is not performed and the available commands are displayed instead. Auto-complete applies to these command elements only : IX10 User Guide...
Page 569 Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. IX10 User Guide...
Page 570: Available Commands
Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the IX10 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX10 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.
Page 571: Use The Scp Command
The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the IX10 device from a remote host, or to the remote host from the IX10 device.
Page 572: Display Status And Statistics Using The Show Command
IX10 device. For example: To copy a support report from the IX10 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 573: Show System
"445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi IX10 Serial Number : IX10-000065 : IX10 Hostname : IX10 : DF:DD:E2:AE:21:18 Hardware Version...
Page 574: Execute Configuration Commands At The Root Admin Cli Prompt
For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX10 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
Page 575 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true > config service ssh enable IX10 User Guide...
Page 576: Configuration Mode
To save changes that you have made to the configuration while in configuration mode, use save. The save command automatically validates the configuration changes; the configuration will not be saved if it is not valid. Note that you can also validate configuration changes at any time while in IX10 User Guide...
Page 577: Exit Configuration Mode Without Saving Changes
See Manage elements in lists for information about using the del command with lists. Moves elements in a list. See Manage move elements in lists for information about using the move command with lists. IX10 User Guide...
Page 578: Display Command Line Help In Configuration Mode
Enter service to move to the service node: (config)> service (config service)> b. Enter ? to display help for the service node: (config service)> ? Either of these methods will display the following information: config> service ? Services Additional Configuration -------------------------------------------------------------------------- IX10 User Guide...
Page 579 Enable [private] Private key port Port Additional Configuration -------------------------------------------------------------------------- Access control list mdns (config)> service ssh 4. Lastly, to display allowed values and other information for the enable parameter, use one of the following methods: IX10 User Guide...
Page 580: Move Within The Configuration Schema
1. At the config prompt, type service to move to the service node: (config)> service (config service)> 2. Type ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Type acl to move to the acl node: (config service ssh)> acl (config service ssh acl)> IX10 User Guide...
Page 581: Manage Elements In Lists
2. Add an authentication method by using the add index_item command. For example: To add the TACACS+ authentication method to the beginning of the list, use the index number 0: (config)> add auth method 0 tacacs+ (config)> show auth method 0 tacacs+ IX10 User Guide...
Page 582 1 tacacs+ 2 radius (config)> 2. Delete one of the authentication methods by using the del index_number command. For example: a. To delete the local authentication method, use the index number 0: (config)> del auth method 0 (config)> IX10 User Guide...
Page 583: The Revert Command
(config)> The revert command The revert command is used to revert changes to the IX10 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
Page 584 Move to the location in the configuration and enter the revert command without the path parameter. For example: 1. Change to the auth method node: (config)> auth method (config auth method)> 2. Enter the revert command: (config auth method)> revert (config auth method)> IX10 User Guide...
Page 585: Enter Strings In Configuration Commands
(config)> system description "Digi IX10" Example: Create a new user by using the command line In this example, you will use the IX10 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
Page 586 5. List available authentication groups: (config auth user user1)> show ..group admin admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable false no ports shell enable false serial admin IX10 User Guide...
Page 587 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
Page 588: Command Line Reference
Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute IX10 User Guide...
Page 589: Analyzer
Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING IX10 User Guide...
Page 590 The source file or directory to copy. Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True IX10 User Guide...
Page 591: Help
Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None IX10 User Guide...
Page 592 Directory listing command. ls [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True IX10 User Guide...
Page 593: Mkdir
Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING IX10 User Guide...
Page 594: Modem
Optional: True modem firmware Commands for interacting with cellular modem firmware. See Update cellular module firmware further information about using the modem firmware commands. firmware check [imei STRING] [name STRING] Inspect /opt/[MODEM_MODEL]/Custom_Firmware/ directory for new modem firmware file. IX10 User Guide...
Page 595 Commands for performing FOTA (firmware-over-the-air) interactions with cellular modem. ota check [imei STRING] [name STRING] Query the Digi firmware server for the latest remote modem firmware version. Parameters imei The IMEI of the modem to execute this CLI command on...
Page 596 Command line interface Command line reference ota list [imei STRING] [name STRING] Query the Digi firmware server for a list of modem firmware versions. Parameters imei The IMEI of the modem to execute this CLI command on Optional: True Type: string...
Page 597 [imei STRING] [name STRING] PIN Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. IX10 User Guide...
Page 598 PUK locked when there are no remaining retries Parameters imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True IX10 User Guide...
Page 599: Modem Puk Status [Imei String] [Name String]
Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True puk unlock [imei STRING] [name STRING] PUK NEW-PIN Unlock the SIM with a PUK code from the SIM provider. IX10 User Guide...
Page 600 Show or change the modem's active SIM slot. This applies only to modems with multiple SIM slots. Parameters slot The SIM slot to change to. Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. IX10 User Guide...
Page 601 Command line interface Command line reference Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True IX10 User Guide...
Page 602: More
Command line interface Command line reference more path The file to view. Syntax: STRING IX10 User Guide...
Page 603 The source file or directory to move. Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True IX10 User Guide...
Page 604: Ping
If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 IX10 User Guide...
Page 605 Command line reference source The ping command will send a packet with the source address set to the IP address of this interface, rather than the address of the interface the packet is sent from. Syntax: STRING Optional: True IX10 User Guide...
Page 606: Reboot
Command line interface Command line reference reboot Reboot the system. Parameters None IX10 User Guide...
Page 607 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True IX10 User Guide...
Page 608: Scp
Syntax: STRING Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING IX10 User Guide...
Page 609: Show
Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. IX10 User Guide...
Page 610 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True IX10 User Guide...
Page 611 Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True IX10 User Guide...
Page 612 The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False IX10 User Guide...
Page 613 Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show openvpn Show OpenVPN status and statistics. openvpn client [all] [name STRING] Show OpenVPN client status statistics. Parameters Display all clients including disabled clients. Syntax: BOOLEAN Default: False Optional: True IX10 User Guide...
Page 614 Display IPv4 routes. Syntax: BOOLEAN Default: False Optional: True ipv6 Display IPv6 routes. Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show scripts Show scheduled system scripts IX10 User Guide...
Page 615 Optional: True show usb Show USB information. Parameters None show version [verbose] Show firmware version. Parameters verbose Display more information (build date) Syntax: BOOLEAN Default: False Optional: True show vrrp [all|verbose] [name STRING] Show VRRP status and statistics. IX10 User Guide...
Page 616: Ssh
Optional: True Type: string host The hostname or IP address of the remote host Syntax: {hostname|IPv4_address|IPv6_address} Type: string port The SSH port to use to connect to the remote host. Default: 22 Maximum: 65535 Minimum: 1 IX10 User Guide...
Page 617 Command line interface Command line reference Syntax: {Integer} Type: integer user The username to use when connecting to the remote host. Type: string IX10 User Guide...
Page 618: System
Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Parameters None IX10 User Guide...
Page 619 Parameters script Script to stop. Syntax: STRING system serial clear PORT Clears the serial log. Parameters port Serial port. Type: string system serial save PORT FILENAME Saves the current serial log to a file. IX10 User Guide...
Page 620 Serial port. Type: string system serial stop PORT Start logging data on a serial port. Parameters port Serial port. Type: string system support-report PATH Save a support report to a file and include with support requests. IX10 User Guide...
Page 621 Command line interface Command line reference Parameters path The file path to save the support report to. Syntax: STRING path The file path to save the backup to. Syntax: STRING IX10 User Guide...
Page 622: Traceroute
Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True icmp Use ICMP ECHO for probes. Syntax: BOOLEAN Default: False IX10 User Guide...
Page 623 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes Syntax: INT Minimum: 0 Default: 0 IX10 User Guide...
Page 624 Syntax: INT Minimum: -1 Default: -1 waittime Determines how long to wait for a response to a probe. Syntax: INT Minimum: 1 Default: 5 host The host that we wish to trace the route packets for. Syntax: STRING IX10 User Guide...

Digi IX10 User Manual

What's New in Digi IX10 Version 20.11

Digi IX10 Quick Start

Digi IX10 Hardware Reference

Hardware Setup

Configuration and Management

Interfaces

Serial Port

Routing

Virtual Privatenetworks(VPN)

Services

Applications

User Authentication

Firewall

System Administration

Monitoring

Centralmanagement

File System

Diagnostics

Digi IX10 Regulatory and Safety Statements

Digiix10 Certifications

Command Line Interface

Quick Links

Related Manuals for Digi IX10

Summary of Contents for Digi IX10