Digi Connect IT 16 User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Server
  5. Connect IT 16
  6. User manual

Digi Connect IT 16 User Manual

Hide thumbs Also See for Connect IT 16:
1
2
3
4
5
6
7
8
Table Of Contents
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
Table of Contents

Advertisement

Quick Links

Download this manual
Digi Connect IT® 16/48
User Guide
Firmware version 21.2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Connect IT 16 and is the answer not in the manual?

Questions and answers

Related Manuals for Digi Connect IT 16

Summary of Contents for Digi Connect IT 16

  • Page 1 Digi Connect IT® 16/48 User Guide Firmware version 21.2...
  • Page 2 Description June 2020 Added note that for devices manufactured prior to the release of firmware version 19.11.x, the default user name may be root. Updated information about the factory default July 2020 network settings. Digi Connect IT® 16/48 User Guide...
  • Page 3 Revision Date Description Release of Digi Connect IT 16/48 firmware September 2020 version 20.8: Support for NEMO/DMNR virtual private networks. Support for serial Modbus Gateway. Support for Ethernet network bonding. Support for VRRP+, an extension to the VRRP standard that uses network probing to monitor connections through VRRP-enabled devices.
  • Page 4 Admin CLI to view custom scripts and applications configured in the device, along with their status. Added the system scripts stop command to the Admin CLI to stop a custom script or application. Digi Connect IT® 16/48 User Guide...
  • Page 5 Revision Date Description Release of Digi Connect IT 16/48 firmware December 2020 version 20.11: Modem firmware update commands added to the Admin CLI. Network bridging enhanced to use the MAC address of the first active device listed in Network > Bridges > Bridge name >...
  • Page 6 DSCP field in the packet. Added a Defaultroute option for matching policy-based routes to the device's active default route. Added a link to User Guide under the User menu in the Web UI. Digi Connect IT® 16/48 User Guide...
  • Page 7 Revision Date Description Release of Digi Connect IT 16/48 firmware March 2021 version 21.2: Location services added, including: The ability to define a static latitude and longitude as a location for the device. Reporting location information as health metrics to Digi Remote Manager.
  • Page 8 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect IT® 16/48 User Guide, 90002332 A) in the subject line of your email. Digi Connect IT® 16/48 User Guide...

  • Page 9: Table Of Contents

    Contents Digi Connect IT® 16/48 User Guide Connect IT 16 and 48 key features Get started with Connect IT 16/48 Verify product components Included equipment Required additional equipment Optional additional equipment Optional equipment Cellular ONLY: Insert the CORE module Prerequisites...
  • Page 10 About Local Area Networks (LANs) Configure a LAN Example: Configure two LANs Show LAN status and statistics Delete a LAN DHCP servers Create a Virtual LAN (VLAN) route Bridging Edit the preconfigured ETH2 bridge Configure a bridge Digi Connect IT® 16/48 User Guide...
  • Page 11 Configure an OpenVPN Authentication Group and User Configure an OpenVPN client by using an .ovpn file Configure an OpenVPN client without using an .ovpn file Configure SureLink active recovery for OpenVPN Show OpenVPN server status and statistics Digi Connect IT® 16/48 User Guide...
  • Page 12 Task one: Upload the application Task two: Configure the application to run automatically Run a Python application at the shell prompt Start an interactive Python session Digidevice module Use digidevice.cli to execute CLI commands Digi Connect IT® 16/48 User Guide...
  • Page 13 Use Python to access serial ports Use the Paho MQTT python library Use the local REST API to configure the Connect IT 16/48 device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and add items to a list...
  • Page 14 Reboot your Connect IT 16/48 device Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the Connect IT 16/48 device to use custom factory default settings Configuration files Save configuration changes Save configuration to a file...
  • Page 15 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 16 Display command line help in configuration mode Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference Digi Connect IT® 16/48 User Guide...
  • Page 17 [imei STRING] [name STRING] modem scan [imeiSTRING] [nameSTRING] more ping reboot show system traceroute Digi Connect IT® 16/48 User Guide...

  • Page 18: Digi Connect It® 16/48 User Guide

    Digi Connect IT® 16/48 User Guide This guide provides reference and usage information for the Connect IT Connect IT 16/48. The Connect IT 16/48 provides out-of-band management for remote network or infrastructure devices. Cellular connectivity, available as standard in some models and as an option in other models, provides fast reliable cellular connections without additional equipment.

  • Page 19: Get Started With Connect It 16/48

    Get started with Connect IT 16/48 This section explains what comes with each Connect IT model, how to install the necessary software, and how to connect the hardware. Verify product components. Cellular ONLY: Insert the CORE module. Connect the power supplies and fans.

  • Page 20: Included Equipment

    Digi Connect IT 48 Note This image is of Connect IT 48. The Connect IT 16 has a blank panel instead of ports 17 - 48. For detailed information about the front and back panels, see Front panel and LEDs Back panel and LEDs.

  • Page 21: Required Additional Equipment

    Description Each kit includes three items: two power supply items and one fan Power supply kit item. These items are connected to the Connect IT 16/48. See Connect the power supplies and fans. You can choose between the following two kits: ITPS-PSEK: Connect IT 16/48 power supply kit, port-side exhaust.

  • Page 22: Optional Equipment

    If you are connecting to a network using an Ethernet connection, you can skip this section. See Connect hardware and connect to site network using an Ethernet LAN. This section explains how to connect the Digi CORE® module and cellular antennas to the Connect IT hardware. Prerequisites Activated SIM card from your cellular network provider.

  • Page 23: Connect The Power Supplies And Fans

    The thumb screws used to connect the items to the Connect IT are blue. ITPS-PSIK: Connect IT 16/48 power supply kit, port-side intake. Use this when the serial ports will be in the cold aisle. The thumb screws used to connect the items to the Connect IT are red.

  • Page 24: Optional: Connect Sfp+ Modules

    Get started with Connect IT 16/48 Optional: Connect SFP+ modules 4. Connect the stand-alone fan unit to the Connect IT. a. Orient the fan unit to match the picture shown above. b. Insert the fan into the slot next to the power supply and fan unit on the right side of the device.

  • Page 25: Connect Hardware And Connect To A Cellular Network

    The second power cord can also be plugged in, but it is not required. It is available for power redundancy. 3. Plug the power supply unit into an AC power outlet to power up the Connect IT 16/48. Manually configure PC to connect to the Connect IT To manually connect to the device, you must manually set an IP address on your PC to be able to communicate with the Connect IT.
  • Page 26 Get started with Connect IT 16/48 Manually configure PC to connect to the Connect IT 3. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. 4. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1...

  • Page 27: Connect Equipment To The Connect It Serial Ports

    Signal name Console port and DTE mode DCE mode Signals are not used in DCE mode. Signals are not used in DCE mode. GND/DCD Signals are not used in DCE mode. Signals are not used in DCE mode. Digi Connect IT® 16/48 User Guide...
  • Page 28 Configuration and management This chapter contains the following topics: Review Connect IT 16/48 default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the web interface Using the command line...

  • Page 29: Configuration And Management

    Configuration and management Review Connect IT 16/48 default settings Review Connect IT 16/48 default settings You can review the default settings for your Connect IT 16/48 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. See Using the web interface for details.

  • Page 30: Other Default Configuration Settings

    Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Login...

  • Page 31: Change The Default Password For The Admin User

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 32: Configuration Methods

    A robust command line allows you to perform all configuration and management tasks from within a command shell. Both the Remote Manager and the local web interface also have the option to open a terminal emulator for executing commands on your Connect IT 16/48 device. Using the command line for more information about using the command line to manage and configure your Connect IT 16/48 device.
  • Page 33 Configuration and management Configuration methods Shows how to perform a task by using the command line interface. Digi Connect IT® 16/48 User Guide...

  • Page 34: Using Digi Remote Manager

    Using the web interface To connect to the Connect IT 16/48 local WebUI: 1. Use an Ethernet cable to connect the Connect IT 16/48's ETH2 port to a laptop or PC. 2. Open a browser and go to 192.168.2.1. The device is also accessible at the default IP address of 192.168.210.1. However, because this IP address does not use a DHCP server, to connect to this address you must configure your local PC with an appropriate static IP address (for example, 192.168.210.2).

  • Page 35: Log Out Of The Web Interface

    Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.

  • Page 36: Using The Command Line

    Configuration and management Using the command line Using the command line The Digi Connect IT 16/48 device provides a command-line interface that you can use to configure the device, display status and statistics, update firmware, and manage device files. Command line interface...

  • Page 37: Log Into The Connect It From The Console Port

    Log in to the command line interface    Command line 1. Connect to the Connect IT 16/48 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 38: Exit The Command Line Interface

    (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type a or admin to access the Connect IT 16/48 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...

  • Page 39: Configure Remote Power Management

    Manage power to the power controller outlets You can manage the power to an individual outlet on the power controller from the web UI or a terminal. Manage the power to the power controller outlets from the Connect IT Digi Connect IT® 16/48 User Guide...

  • Page 40: Configure The Connect It To Connect To A Power Controller Using A Serial Port

    7. Expand the Serial Settings section. The entries in the following fields must match the information for the power controller. Refer to your power controller manual for the correct entries: Baud rate, Data bits, Parity, Stop bits, and Flow control. 8. Click Apply. Digi Connect IT® 16/48 User Guide...

  • Page 41: Connect A Power Controller To The Connect It Serial Port

    The serial port you configure for an outlet must be configured for Remote Access mode. d. Repeat the process to configure additional outlets. You can click Add Outlet to add another outlet. 12. Click Apply. Digi Connect IT® 16/48 User Guide...

  • Page 42: Connect A 3Rd-Party Device To The Connect It Serial Port And The Power Controller

    2. Connect one end of a serial cable to the serial port on the Connect IT that is configured to communicate with a 3rd-party device plugged into the power controller. In this example, serial port 5 is configured to communicate. Digi Connect IT® 16/48 User Guide...

  • Page 43: Configure The Connect It To Connect To A Power Controller Using The Network

    From the Controlled Device list box, select a serial port. In this example, outlet 1 is configured for serial port 4. d. Repeat the process to configure additional outlets. You can click Add Outlet to add another outlet. 12. Click Apply. Digi Connect IT® 16/48 User Guide...

  • Page 44: Connect The Connect It To Your Network

    Connect a 3rd-party device to a serial port on the Connect IT and then to the power controller You can complete the connection between the power controller, the Connect IT, and the 3rd-party device that you want to manage from the Connect IT. Digi Connect IT® 16/48 User Guide...

  • Page 45: Create An Access Control Group For Power Management And Assign To Users

    Expand the Power outlets section. b. Click + next to Add Outlet. c. From the Outlet list box, select an outlet for the group. d. Repeat the process to add additional outlets. 9. Click Apply. Digi Connect IT® 16/48 User Guide...

  • Page 46: Manage The Power To The Power Controller Outlets From The Connect It

    7. Enter ~b. to disconnect from the port. View power controller status and manage power (Administrators) You can view the status of each outlet configured for a power controller and turn the power to an outlet on and off. Digi Connect IT® 16/48 User Guide...

  • Page 47: Control The Outlet Power From The Serial Status Page

    3. If a serial port is configured for communication with a 3rd-party device plugged into an outlet, the power status displays in the Power column. ON: ON displays in green when there is power to the outlet configured for the serial port. Click ON to turn power to the outlet off. Digi Connect IT® 16/48 User Guide...
  • Page 48 Manage the power to the power controller outlets from the Connect IT OFF: OFF displays in red when there is no power to the outlet configured for the serial port. Click OFF to turn power to the outlet on. Digi Connect IT® 16/48 User Guide...

  • Page 49: Interfaces

    Connect IT devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs) Bridging Digi Connect IT® 16/48 User Guide...

  • Page 50: Wide Area Networks (Wans)

    Wide Area Networks (WANs) Wide Area Networks (WANs) The Connect IT 16/48 device is preconfigured with one Wide Area Network (WAN), named ETH1, and one Wireless Wide Area Network (WWAN), named WWAN. You can modify configuration settings for the existing WAN and WWANs, and you can create new WANs and WWANs.

  • Page 51: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    Wireless Wide Area Network (WWAN), named WWAN. You can also create additional WANs and WWANs. When a WAN is initialized, the Connect IT 16/48 device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
  • Page 52 Wide Area Networks (WANs)    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Set the metrics for WWAN: a.
  • Page 53 5. Click Apply to save the configuration and apply the change. The Connect IT 16/48 device is now configured to use the cellular modem WWAN, WWAN, as its highest priority WAN, and its Ethernet WAN, ETH1, as its secondary WAN.

  • Page 54: Wan/Wwan Failover

    WAN, and its Ethernet WAN, ETH1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the Connect IT 16/48 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...

  • Page 55: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the Connect IT 16/48 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 56   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 57 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. Digi Connect IT® 16/48 User Guide...
  • Page 58 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 59 The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this test is considered to have failed. Digi Connect IT® 16/48 User Guide...
  • Page 60 To configure the device to restart the interface when its connection is considered to have failed: (config network interface my_wan ipv4 surelink)> restart enable (config network interface my_wan ipv4 surelink> This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. Digi Connect IT® 16/48 User Guide...
  • Page 61 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 8. (Optional) Repeat this procedure for IPv6. Digi Connect IT® 16/48 User Guide...

  • Page 62: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the Connect IT 16/48 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 63   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 64 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 12. (Optional) Repeat this procedure for IPv6. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 65 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 66 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi Connect IT® 16/48 User Guide...
  • Page 67 For example, to set interval to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> interval 600s (config network interface my_wan ipv4 surelink)> The default is 15 minutes. Digi Connect IT® 16/48 User Guide...

  • Page 68: Disable Surelink

    DNS resolution, follow this procedure to disable the default SureLink connectivity tests. You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 69    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 70    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 71    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 72: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    256 bytes to the IP host 43.66.93.111 every 10 seconds. If there are three consecutive failed responses, the Connect IT 16/48 device brings the ETH1 interface down and starts using the WWAN interface. It continues to regularly test the connection to ETH1, and when tests on ETH1 succeed, the device falls back to ETH1.
  • Page 73    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 74: Using Ethernet Devices In A Wan

    Using Ethernet devices in a WAN The Connect IT 16/48 device has two Ethernet devices, named ETH1 and ETH2. You can use these Ethernet interfaces as a WAN when connecting to the Internet, through a device such as a cable...
  • Page 75 To configure the modem:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Modem are enabled by default. Click to toggle Enable to off to disable.
  • Page 76    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 77 1: Uses the first SIM slot. 2. Uses the second SIM slot. The default is any. 6. If sim_slot is set to any, set the SIM slot that should be considered the preferred slot for this modem: Digi Connect IT® 16/48 User Guide...
  • Page 78 The default is all, which uses the best available technology. 10. Set whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas: (config)> network modem wwan antenna value (config)> Digi Connect IT® 16/48 User Guide...
  • Page 79 Type quit to disconnect from the device. Configure cellular modem APNs The Connect IT 16/48 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 80    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 81 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: (config)> network interface wwan modem apn_lock true (config)> 8. Save the configuration and apply the change: Digi Connect IT® 16/48 User Guide...
  • Page 82 1002-CM04 CORE modem.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 83 (Optional): Configure the public APN. If the public APN is not configured, the Connect IT 16/48 will attempt to determine the APN. i. Click to expand APN list > APN. ii. For APN, type the public APN for your cellular carrier. Digi Connect IT® 16/48 User Guide...
  • Page 84 For Label, enter Route through public APN. d. For Interface, select Interface: WWAN_Public. e. Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN1. Digi Connect IT® 16/48 User Guide...
  • Page 85 Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. iii. For Interface, select Interface: WWAN_Private. 6. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 16/48 User Guide...
  • Page 86 (config network interface WWANPublic)> modem device wwan (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the Connect IT 16/48 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
  • Page 87 Set the type to interface: (config network route policy 0)> dst type interface (config network route policy 0)> ii. Set the interface to WWANPublic : (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> Digi Connect IT® 16/48 User Guide...
  • Page 88 (config network route policy 1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 89 The Network PLMN ID.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. For Carrier selection mode, select one of the following: Automatic—The device automatically selects the carrier based on your SIM and cellular...
  • Page 90    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 91 Admin CLI. 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 92 The modem status window is displayed    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 93   Command line To unlock a SIM card: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 94 To run AT commands from the Connect IT 16/48 command line:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 95 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 96: Configure A Wide Area Network (Wan)

    The IPv4 Maximum Transmission Unit (MTU) of the WAN. When to use DNS servers for this interface. Whether to include the Connect IT 16/48 device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
  • Page 97 Interfaces Wide Area Networks (WANs) 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 98 Never: Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the Connect IT 16/48 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 99    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 100 Set the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, the weight is used to load balance traffic to the interfaces. Digi Connect IT® 16/48 User Guide...
  • Page 101 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the Connect IT 16/48 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 102 (config network interface my_wan)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 103: Configure A Wireless Wide Area Network (Wwan)

    The IPv6 Maximum Transmission Unit (MTU) of the WAN. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 104 Interfaces Wide Area Networks (WANs) 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 105 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the Connect IT 16/48 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 106    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 107 Set the cellular carrier must be in active for this WWAN to be used: i. Use ? to determine available carriers: (config network interface my_wwan)> modem carrier Match SIM carrier: The SIM carrier match criteria. This Digi Connect IT® 16/48 User Guide...
  • Page 108 (config network interface my_wwan)> sim_slot Set which SIM slot must be in active for this WWAN to be used: (config network interface my_wwan)> modem sim_slot value (config network interface my_wwan)> where value is either 1 or 2. Digi Connect IT® 16/48 User Guide...
  • Page 109 (config network interface my_wwan)> modem sim_failover_retries num (config network interface my_wwan)> The default setting is 5. ii. Configure how SIM failover will function if automatic SIM switching is unavailable: (config network interface my_wwan)> modem sim_failover_alt value (config network interface my_wwan)> Digi Connect IT® 16/48 User Guide...
  • Page 110 The device will reboot if automatic SIM switching is unavailable. 7. The Connect IT 16/48 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 111 (config network interface my_wwan)> ipv6 mtu num (config network interface my_wwan)> g. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring active recovery. 1. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 16/48 User Guide...

  • Page 112: Show Wan And Wwan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 113 IPv6 DNS Server(s) : fd00:244::1, fe80::234:f3f4:fe0e:4320 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 114: Delete A Wan Or Wwan

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 115 Interfaces Wide Area Networks (WANs) 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 116: Local Area Networks (Lans)

    Local Area Networks (LANs) Local Area Networks (LANs) The Connect IT 16/48 device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for ETH2, and you can create new LANs. This section contains the following topics:...

  • Page 117: About Local Area Networks (Lans)

    The IPv6 Maximum Transmission Unit (MTU) of the LAN. The IPv6 prefix length and ID. IPv6 DHCP server configuration. See DHCP servers for more information. MAC address blacklist and whitelist. To create a new LAN or edit an existing LAN: Digi Connect IT® 16/48 User Guide...
  • Page 118 Local Area Networks (LANs)    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 119 If there whitelist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Click to expand MAC address whitelist. b. For Add MAC address, click . c. Type the MAC address. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 120    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 121 (config network interface my_lan)> ipv4 mtu num (config network interface my_lan)> c. Enable the DHCP server: (config network interface my_lan)> ipv4 dhcp_server enable true DHCP servers for information about configuring the DHCP server. 7. (Optional) Configure IPv6 settings: Digi Connect IT® 16/48 User Guide...
  • Page 122 DHCPv6 server: The DHCPv6 server settings for this network interface. Parameters Current Value ----------------------------------------------------------------------- -------- enable true Enable (config network interface my_lan)> d. Modify any of the remaining default settings as appropriate. For example, to change the minimum length of the prefix: Digi Connect IT® 16/48 User Guide...

  • Page 123: Example: Configure Two Lans

    The default configuration of the Connect IT 16/48 consists of one WAN (named ETH1), one WWAN (Modem), and one LAN (ETH2). For Connect IT 16/48W Wi-Fi enabled devices, the default configuration of the ETH2 uses a bridge that consists of two devices, the ETH2 Ethernet device and the Digi AP Wi-Fi access point.
  • Page 124    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 125 Task two: Create a new bridge (Connect IT 16/48W )    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 126    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 127 Task three: Create the LANs    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi Connect IT® 16/48 User Guide...
  • Page 128 For Add Interface:, type LAN1 and click . c. For Zone, select Internal. d. For Device: If you are configuring a Wi-Fi enabled Connect IT 16/48W , select Bridge: Example_ bridge. If you are configuring a non-Wi-Fi Connect IT 16/48, select Ethernet: ETH1.
  • Page 129 Interfaces Local Area Networks (LANs) 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 130 Configure the IPv4 address for the LAN2 interface: (config network interface LAN2)> ipv4 address 192.168.4.1/24 (config network interface LAN2)> e. Enable the DHCP server for the LAN2 interface: (config network interface LAN2)> ipv4 dhcp_server enable true (config network interface LAN2)> Digi Connect IT® 16/48 User Guide...

  • Page 131: Show Lan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 132: Delete A Lan

    Type quit to disconnect from the device. Delete a LAN Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 133 Interfaces Local Area Networks (LANs) 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.

  • Page 134: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your Connect IT 16/48 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 135    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 136    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 137 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the Connect IT 16/48 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)>...
  • Page 138 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the Connect IT 16/48 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 139 To map static IP addresses:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 140    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 141    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 142    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 143 Required configuration items DHCP option number. Value for the DHCP option. Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi Connect IT® 16/48 User Guide...
  • Page 144    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 145 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte 4byte ipv4 The default is str. Digi Connect IT® 16/48 User Guide...
  • Page 146 LAN. For the Connect IT 16/48 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 147    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 148: Create A Virtual Lan (Vlan) Route

    3. Under Networking, click DHCP Leases.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 149 Interfaces Local Area Networks (LANs) Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. Digi Connect IT® 16/48 User Guide...
  • Page 150 To create a VLAN:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 151    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 152: Bridging

    Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. By default, the Connect IT 16/48 has the following preconfigured bridges: You can modify configuration settings for the existing bridge, and you can create new bridges.

  • Page 153: Edit The Preconfigured Eth2 Bridge

    To edit the preconfigured LAN1 bridge:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 154    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 155 (config network bridge my_bridge)> ..interface lan device ? Default value: /network/bridge/lan Current value: /network/bridge/lan (config network bridge my_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap (config)>...

  • Page 156: Configure A Bridge

    To create a bridge:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges.
  • Page 157 Interfaces Bridging 8. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 158    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 159 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 160 Connect IT 16/48 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your Connect IT 16/48 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the Connect IT 16/48 device's serial port.

  • Page 161: Serial Port

    To change the configuration to match the serial configuration of the device to which you want to connect:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Use the Search ports field to limit the list of ports displayed on the page.
  • Page 162 For Data bits, select the number of data bits used by the device to which you want to connect. For Parity, select the type of parity used by the device to which you want to connect. Digi Connect IT® 16/48 User Guide...
  • Page 163 10. Click to expand Monitor Settings. This section is available only if the Remote Access mode is selected. Click CTS Changes to monitor CTS (Clear To Send) changes on this port. Click DCD Changes to monitor DCD (Data Carrier Detect) changes on this port. Digi Connect IT® 16/48 User Guide...
  • Page 164 Serial port Configure the serial port 11. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 165    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 166: Add A Usb Console Port

    Type quit to disconnect from the device. Add a USB console port Your Connect IT 16/48 can be configured to support USB-to-serial adapters for console access to the device, remote serial out-of-band (OOB) access to other devices, or for use in python applications. The...
  • Page 167 Modbus: Allows you to use the serial port for Modbus. Power Management: Allows you to configure the port for use with a power controller. Configure Remote Power Management. 10. (Optional) For Label, type a descriptive label for this serial port. Digi Connect IT® 16/48 User Guide...
  • Page 168 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. Digi Connect IT® 16/48 User Guide...
  • Page 169 To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv4 address or network that can access the device's service-type. Allowed values are: Digi Connect IT® 16/48 User Guide...
  • Page 170 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. Digi Connect IT® 16/48 User Guide...
  • Page 171    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 172 Set the stop bits used by the device to which you want to connect: (config serial USB_port)> stopbits bits (config serial USB_port)> e. Set the type of flow control used by the device to which you want to connect: (config serial USB_port)> flow type (config serial USB_port) Digi Connect IT® 16/48 User Guide...
  • Page 173 (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config serial USB_port)> monitor cts true (config serial USB_port) f. (Optional) Enable monitoring of DCD (Data Carrier Detect) changes on this port: (config serial USB_port)> monitor dcd true (config serial USB_port) Digi Connect IT® 16/48 User Guide...
  • Page 174 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 16/48 device: Digi Connect IT® 16/48 User Guide...
  • Page 175 (config serial USB_port)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------- ----------------------------- dynamic_routes edge external internal ipsec Digi Connect IT® 16/48 User Guide...
  • Page 176 (config serial USB_port)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the telnet port. Digi Connect IT® 16/48 User Guide...
  • Page 177 Type ... firewall zone ? at the config prompt: (config serial USB_port)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------- ----------------------------- Digi Connect IT® 16/48 User Guide...
  • Page 178 Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config serial USB_port)> add service ssh acl address6 end value (config serial USB_port)> Where value can be: Digi Connect IT® 16/48 User Guide...
  • Page 179 Type ... firewall zone ? at the config prompt: (config serial USB_port)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration Digi Connect IT® 16/48 User Guide...

  • Page 180: Show Serial Status And Statistics

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 181: Serial Status Page

    The number ports you can display is determined by the number of ports available on the device. Status Displays the connection status. CONNECTED: A terminal, SSH, TCP, or telnet session is active. NO SIGNAL: CTS or DCD is not active on the port. Digi Connect IT® 16/48 User Guide...
  • Page 182 Displays the total number of bytes that have been transmitted and received. Signals Indicates the types of communication that the device is ready to send. DCD: Carrier Detected CTS: Clear to Send DTR: Data Terminal Ready RTS: Ready to Dend Digi Connect IT® 16/48 User Guide...

  • Page 183: Search For A Port

    TXD and RXD pins are swapped, and the DCD pin is connected to ground. All other hardware signal pins (such as RTS/CTS/DTR/DSR) are inactive. To configure this option, select the Reversed Mode option on the System Configuration page. Standard mode Reversed mode GND/DCD Digi Connect IT® 16/48 User Guide...

  • Page 184: Console Port

    To change the configuration to match the serial configuration of the device to which you want to connect:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration page is displayed. Digi Connect IT® 16/48 User Guide...
  • Page 185 For Stop bits, select the number of stop bits used by the device to which you want to connect. For Flow control, select the type of flow control used by the device to which you want to connect. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...

  • Page 186: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi Connect IT® 16/48 User Guide...

  • Page 187: Ip Routing

    IP routing IP routing The Connect IT 16/48 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 188: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 189 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the Connect IT 16/48 device that will be used with this static route.
  • Page 190 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the Connect IT 16/48 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>interface ?

  • Page 191: Delete A Static Route

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 192: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the Connect IT 16/48 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 193: Configure A Routing Policy

    To configure a routing policy:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 194 Routing IP routing 6. For Interface, select the interface on the Connect IT 16/48 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 195 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the Connect IT 16/48 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>interface ?
  • Page 196 Set the destination port: (config network route policy 0)> dst_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the destination port. Digi Connect IT® 16/48 User Guide...
  • Page 197 (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Current value: any (config network route policy 0)> src zone Digi Connect IT® 16/48 User Guide...
  • Page 198 (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the source MAC address to the specified MAC address. Set the MAC address to be matched: Digi Connect IT® 16/48 User Guide...
  • Page 199 Matches the destination IP address to the selected interface's network address. Set the interface: a. Use the ? to determine available interfaces: (config network route policy 0)>dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback /network/interface/sfp1 Digi Connect IT® 16/48 User Guide...
  • Page 200 (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 201: Routing Services

    Routing IP routing Routing services Your Connect IT 16/48 includes support for dynamic routing services and protocols. The following routing services are supported: Service or protocol Information RFC2453 The IPv4 Routing Information Protocol (RIP) service supports RIPv2 ( RFC1058 and RIPv1 (...
  • Page 202    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 203 Complete the configuration of the routing service. For example, use the ? to view the available parameters for the RIP service: (config)> network route service rip ? Parameters Current Value ----------------------------------------------------------------------- -------- ecmp false Allow ECMP enable true Enable Additional Configuration ----------------------------------------------------------------------- -------- interface Interfaces Digi Connect IT® 16/48 User Guide...

  • Page 204: Show The Routing Table

    To display the routing table:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > Routes.

  • Page 205: Dynamic Dns

    DNS provider, the router can automatically update the remote nameserver whenever your WAN or public IP address changes. Your Connect IT 16/48 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 206 Dynamic DNS    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
  • Page 207    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 208 Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)> 7. Set the domain name that is linked to the interface's IP address: (config network ddns new_ddns_instance)> domain domain_name (config network ddns new_ddns_instance)> Digi Connect IT® 16/48 User Guide...
  • Page 209 For example, to set retry_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> retry_interval 600s (config network ddns new_ddns_instance)> The default is 60s. 13. (Optional) Set the number of times to retry a failed IP address update: Digi Connect IT® 16/48 User Guide...

  • Page 210: Virtual Router Redundancy Protocol (Vrrp)

    Multiple Connect IT 16/48 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 211 VRRP priorty of devices based on the status of their network connectivity.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 212    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 213 9. Add a virtual IP address associated with this VRRP instance. This can be an IPv4 or IPv6 address. (config network vrrp VRRP_test)> add virtual_address end ip_address (config network vrrp VRRP_test)> Additional virtual IP addresses can be added by repeating this step with different values for ip_ address. Digi Connect IT® 16/48 User Guide...

  • Page 214: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a Connect IT 16/48 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 215 Routing Virtual Router Redundancy Protocol (VRRP) 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
  • Page 216 For backup devices, enable and configure SureLink on the VRRP interface. Generally, this should be a LAN interface; VRRP+ will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. Digi Connect IT® 16/48 User Guide...
  • Page 217    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 218 (config)> network vrrp VRRP_test vrrp_plus monitor_master true (config)> 8. Configure the VRRP interface: a. Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: Digi Connect IT® 16/48 User Guide...
  • Page 219 For example, to set interval to ten minutes, enter 5s: (config)> network interface eth2 ipv4 surelink interval 5s (config)> Digi Connect IT® 16/48 User Guide...
  • Page 220 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi Connect IT® 16/48 User Guide...

  • Page 221: Example: Vrrp/Vrrp+ Configuration

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two Connect IT 16/48 devices: Digi Connect IT® 16/48 User Guide...

  • Page 222: Configure Device One (Master Device)

      WebUI Task 1: Configure VRRP on device one 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 223 6. For Priority modifier, type 30. Task 3: Configure the IP address for the VRRP interface, ETH2, on device one 1. Click Network > Interfaces > ETH2 > IPv4 2. For Address, type 192.168.3.1/24. Digi Connect IT® 16/48 User Guide...
  • Page 224   Command line Task 1: Configure VRRP on device one 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 225 1. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 100: (config)> network interface eth2 ipv4 dhcp_server lease_start 100 (config)> b. Set the end address to 199: (config)> network interface eth2 ipv4 dhcp_server lease_end 199 (config)> Digi Connect IT® 16/48 User Guide...

  • Page 226: Configure Device Two (Backup Device)

      WebUI Task 1: Configure VRRP on device two 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 227 1. Click Network > Interfaces > ETH2 > IPv4 2. For Address, type 192.168.3.2/24. 3. For Default gateway, type the IP address of the VRRP interface on the master device, configured above in Task 3, step 2 (192.168.3.1). Digi Connect IT® 16/48 User Guide...
  • Page 228 3. For Lease range end, type 250. 4. Click Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. 7. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 16/48 User Guide...
  • Page 229 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 230 2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 200: (config)> network interface eth2 ipv4 dhcp_server lease_start 200 (config)> Digi Connect IT® 16/48 User Guide...

  • Page 231: Show Vrrp Status And Statistics

    Web UI only.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 232 Virtual Router Redundancy Protocol (VRRP)    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 233: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO Digi Connect IT® 16/48 User Guide...

  • Page 234: Ipsec

    Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. Digi Connect IT® 16/48 User Guide...

  • Page 235: Authentication

    16/48 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the Connect IT 16/48 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key.
  • Page 236 The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. Digi Connect IT® 16/48 User Guide...
  • Page 237 IPsec    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 238 AH (Authentication Header): Provides authentication and integrity only. 14. Click to expand Authentication. a. For Authentication type, select one of the following: Pre-shared key: Uses a pre-shared key (PSK) to authenticate with the remote peer. i. Type the Pre-shared key. Digi Connect IT® 16/48 User Guide...
  • Page 239 IP address, from the remote peer. 18. Click to expand Local endpoint. a. For Type, select either: Default route: Uses the same network interface as the default route. Interface: Select the Interface to be used as the local endpoint. Digi Connect IT® 16/48 User Guide...
  • Page 240 IPv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ ADDR IKE identity. For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi Connect IT® 16/48 User Guide...
  • Page 241 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . Digi Connect IT® 16/48 User Guide...
  • Page 242 For Hash, select the type of hash to use to verify communication integrity. iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key exchange. v. You can add additional Phase 1 proposals by clicking  next to Add Phase 1 Proposal. Digi Connect IT® 16/48 User Guide...
  • Page 243 NAT. 24. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 25. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 244    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 245 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. Digi Connect IT® 16/48 User Guide...
  • Page 246 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key key (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® 16/48 User Guide...
  • Page 247 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® 16/48 User Guide...
  • Page 248 (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi Connect IT® 16/48 User Guide...
  • Page 249 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. Digi Connect IT® 16/48 User Guide...
  • Page 250 (config vpn ipsec tunnel ipsec_example)> ike initiate false (config vpn ipsec tunnel ipsec_example)> c. Set the IKE phase 1 mode: (config vpn ipsec tunnel ipsec_example)> ike mode value (config vpn ipsec tunnel ipsec_example)> where value is either aggressive or main. Digi Connect IT® 16/48 User Guide...
  • Page 251 For example, to set lifetime_margin to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s (config vpn ipsec tunnel ipsec_example)> The default is nine minutes. Digi Connect IT® 16/48 User Guide...
  • Page 252 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 2: i. Move back two levels in the schema: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ..(config vpn ipsec tunnel ipsec_example ike)> Digi Connect IT® 16/48 User Guide...
  • Page 253 Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically restarted when failure occurs. Digi Connect IT® 16/48 User Guide...
  • Page 254 (config)> add vpn ipsec tunnel ipsec_example policy end (config vpn ipsec tunnel ipsec_example policy 0)> c. Set the type of local network policy: (config vpn ipsec tunnel ipsec_example policy 0)> local type value (config vpn ipsec tunnel ipsec_example policy 0)> Digi Connect IT® 16/48 User Guide...
  • Page 255 Set the network: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)>local network Interface: The network interface. Format: defaultip defaultlinklocal eth1 eth2 loopback sfp1 sfp2 wwan Current value: Digi Connect IT® 16/48 User Guide...
  • Page 256 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 257: Configure Ipsec Failover

    IPsec Configure IPsec failover There are two methods to configure the Connect IT 16/48 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 258 Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line Digi Connect IT® 16/48 User Guide...
  • Page 259 (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. Digi Connect IT® 16/48 User Guide...

  • Page 260: Configure Surelink Active Recovery For Ipsec

    To configure the Connect IT 16/48 device to regularly probe the IPsec connection:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. Digi Connect IT® 16/48 User Guide...
  • Page 261 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. Digi Connect IT® 16/48 User Guide...
  • Page 262 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. Digi Connect IT® 16/48 User Guide...
  • Page 263    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 264 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is one of: ping (IPv4) or ping6 (IPv6): Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. Digi Connect IT® 16/48 User Guide...
  • Page 265 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: Digi Connect IT® 16/48 User Guide...

  • Page 266: Show Ipsec Status And Statistics

    Show IPsec status and statistics    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 3. To view configuration details about an IPsec tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 267: Debug An Ipsec Configuration

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 268 Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level, you can enable the Connect IT 16/48 device to write additional debug messages to the system log. The command accepts the following values to set the debug level: -1 —...
  • Page 269 4 — Also includes sensitive material in dumps (for example, encryption keys). 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 270: Openvpn

    Each OpenVPN client connected to the OpenVPN server is assigned an IP address within the IP subnet specified in the OpenVPN server configuration. For the Connect IT 16/48 device, pushed routes are not allowed; you will need to manually configure routes on the device.

  • Page 271: Configure An Openvpn Server

    OpenVPN that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect IT 16/48 device supports two mechanisms for configuring an OpenVPN server in TAP mode: OpenVPN managed—The Connect IT 16/48 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration).
  • Page 272 Additional OpenVPN parameters.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 273 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Digi Connect IT® 16/48 User Guide...
  • Page 274 Click Enable to enable the use of additional OpenVPN parameters. b. Click Override if the additional OpenVPN parameters should override default options. c. For OpenVPN parameters, type the additional OpenVPN parameters. 12. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 275    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 276 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. Digi Connect IT® 16/48 User Guide...
  • Page 277 Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> Digi Connect IT® 16/48 User Guide...
  • Page 278 To limit access to hosts connected through a specified interface on the Connect IT 16/48 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)> Where value is an interface defined on your device. Display a list of available interfaces: Digi Connect IT® 16/48 User Guide...
  • Page 279 Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. Digi Connect IT® 16/48 User Guide...

  • Page 280: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 281 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. Digi Connect IT® 16/48 User Guide...
  • Page 282 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 283    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 284: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 285    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 286: Configure An Openvpn Client Without Using An .Ovpn File

    The OpenVPN client is enabled by default. The mode used by the OpenVPN server, either routing (TUN), or bridging (TAP). The firewall zone to be used by the OpenVPN client. The IP address of the OpenVPN server. Digi Connect IT® 16/48 User Guide...
  • Page 287 OpenVPN active recovery.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 288 For OpenVPN parameters, type the additional OpenVPN parameters. For example, to override the configuration by using a configuration file, enter --config filename, for example, --config /etc/config/openvpn_config. 15. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 289    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 290 (config vpn openvpn client name)> private_key value (config vpn openvpn client name)> 14. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn client name)> advanced_options enable true (config vpn openvpn client name)> Digi Connect IT® 16/48 User Guide...

  • Page 291: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the Connect IT 16/48 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 292 Virtual Private Networks (VPN) OpenVPN 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 293 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. Digi Connect IT® 16/48 User Guide...
  • Page 294    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 295 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1)> connection_monitor interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. Digi Connect IT® 16/48 User Guide...
  • Page 296 (IPv4) or http6 (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. Specify the url. Allowed value uses the format http[s]://hostname/[path]. (config vpn openvpn client openvpn_client1 connection_monitor target 0)> http_url url (config vpn openvpn client openvpn_client1 connection_monitor target 0)> Digi Connect IT® 16/48 User Guide...
  • Page 297 (config vpn openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 298: Show Openvpn Server Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 299: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 300: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 301    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 302    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 303 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 304: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 305: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The Connect IT 16/48 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 306 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on Connect IT 16/48-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 307    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 308 (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change: (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > Digi Connect IT® 16/48 User Guide...
  • Page 309 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 310 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect IT 16/48-2, 172.30.0.2. Digi Connect IT® 16/48 User Guide...
  • Page 311 Task two (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 16/48-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)>...
  • Page 312 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 313 Task one: Create an IPsec tunnel    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 314 6. For Pre-shared key, type the same pre-shared key that was configured for the Connect IT 16/48-1 (testkey). 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the Connect IT 16/48-1 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 315 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 316 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> Digi Connect IT® 16/48 User Guide...
  • Page 317 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect IT 16/48-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 318 Task two (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 16/48-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)>...
  • Page 319 3. Set the zone to internal: (config network interface gre_interface2)> zone internal (config network interface gre_interface2)> 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> Digi Connect IT® 16/48 User Guide...

  • Page 320: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the Connect IT 16/48 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 321 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the Connect IT 16/48 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 322    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 323 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the Connect IT 16/48 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 324 Use the ? to determine available interfaces: (config vpn nemo nemo_example)>coaddress interface ? Interface: Use the IP address of this network interface as this node's Care-of-Address. Format: defaultip defaultlinklocal eth1 eth2 loopback sfp1 Digi Connect IT® 16/48 User Guide...
  • Page 325 Interface: The network interface to use to communicate with the peer. Set this field to blank if using the default route. Format: defaultip defaultlinklocal eth1 eth2 loopback sfp1 sfp2 wwan Current value: (config vpn nemo nemo_example)> tun_local interface Digi Connect IT® 16/48 User Guide...

  • Page 326: Show Nemo Status

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 327 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 328 Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi Connect IT® 16/48 User Guide...

  • Page 329: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the Connect IT 16/48's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The Connect IT 16/48 device must have a publicly reachable IP address.
  • Page 330    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 331 Services Allow remote access for web administration and SSH 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...

  • Page 332: Configure The Web Administration Service

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 333    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 334 Configure the service    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
  • Page 335 For example: 8. For Allow legacy encryption protocols, enable this option to allow clients to connect to the HTTPS session by using encryption protocols older than TLS 1.2, in addition to TLS 1.2 and later Digi Connect IT® 16/48 User Guide...
  • Page 336    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 337 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback Digi Connect IT® 16/48 User Guide...
  • Page 338 Enclose the contents of certificate.pem and key.pem in quotes. For example: (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 Digi Connect IT® 16/48 User Guide...
  • Page 339 To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service web_admin mdns enable true (config> To disable the mDNS protocl: (config)> service web_admin mdns enable false (config)> 6. (Optional) Set the port number for this service. Digi Connect IT® 16/48 User Guide...
  • Page 340 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 341: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 342 Services Configure SSH access 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 343 7. For Private key, type the private key in PEM format. If Private key is blank, the device will use an automatically-generated key. 8. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 16/48 User Guide...
  • Page 344 Services Configure SSH access 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 345 DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: Digi Connect IT® 16/48 User Guide...
  • Page 346 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 347: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 348 These instructions assume an existing user named temp_user. 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 349: Configure Telnet Access

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 350 Configure the service    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > telnet.
  • Page 351    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 352 To limit access based on firewall zones: (config)> add service telnet acl zone end value Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect IT® 16/48 User Guide...

  • Page 353: Configure Dns

    Type quit to disconnect from the device. Configure DNS The Connect IT 16/48 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 354 Whether the device should always perform DNS queries to all available DNS servers. Whether to prevent upstream DNS servers from returning private IP addresses. Additional DNS servers, in addition to the ones associated with the device's network interfaces. Specific host names and their IP addresses. Digi Connect IT® 16/48 User Guide...
  • Page 355 To configure the DNS server:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
  • Page 356    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 357 (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP defaultlinklocal Default Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback sfp1 SFP1 sfp2 SFP2 wwan WWAN (config)> Repeat this step to list additional interfaces. Digi Connect IT® 16/48 User Guide...
  • Page 358 To disable: (config)> service dns query_all_servers false (config> 6. (Optional) Rebind protection By default, rebind protection is disabled. If enabled, this prevents upstream DNS servers from returning private IP addresses. To enable: Digi Connect IT® 16/48 User Guide...
  • Page 359 (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> 10. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 16/48 User Guide...
  • Page 360 Services Configure DNS 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 361: Simple Network Management Protocol (Snmp)

    By default, the Connect IT 16/48 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a Connect IT 16/48 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See Configure Simple Network Management Protocol (SNMP).
  • Page 362 11. (Optional) Type the Privacy passphrase. If not set, the password, entered above, is used. 12. (Optional) Select the Privacy protocol, either DES or AES. The default is DES. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 363    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 364 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to list additional firewall zones. Digi Connect IT® 16/48 User Guide...

  • Page 365: Download Mibs

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Download MIBs This procedure is available from the WebUI only. Required configuration items Enable SNMP. Digi Connect IT® 16/48 User Guide...
  • Page 366 To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the Connect IT 16/48 device.

  • Page 367: Location Information

    You can also configure your Connect IT 16/48 device to forward location messages, either from the Connect IT 16/48 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 368: Configure The Location Service

       WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location.
  • Page 369    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 370: Use A Dead Reckoning External Usb Gnss Receiver

    Inc.. The ability to use an external USB GNSS receiver is enabled by default. After purchasing the USB GNSS receiver, plug it into a USB port on the Connect IT 16/48, and it will begin providing location information. To disable support for the external GNSS receiver, or enable it if it has been disabled: ...

  • Page 371: Configure The Device To Use A User-Defined Static Location

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure the device to use a user-defined static location You can configured your Connect IT 16/48 device to use a user-defined static location.    WebUI...
  • Page 372    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 373: Configure The Device To Accept Location Messages From External Sources

    Connect IT 16/48 device to forward location messages. This procedure configures a UDP port on the Connect IT 16/48 device that will be used to listen for incoming messages. Required configuration items The location server must be enabled.
  • Page 374 Location information    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Location sources.
  • Page 375    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 376 To limit access based on firewall zones: (config)> add service location source 1 acl zone end value Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect IT® 16/48 User Guide...

  • Page 377: Forward Location Information To A Remote Host

    Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the Connect IT 16/48 device that forward location messages in either NMEA or TAIP format to a remote host. Required configuration items Enable the location service.
  • Page 378 Configure the Connect IT device to forward location information:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 379    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 380 Allowed value is a four digit alphanumerical string (for example, 01A3 or 1234). If no vehicle ID is configured, this setting defaults to 0000. (config service location forward 0)> vehicle-id 1234 (config service location forward 0)> 11. (Optional) Provide a description of the remote host: Digi Connect IT® 16/48 User Guide...
  • Page 381 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. Digi Connect IT® 16/48 User Guide...
  • Page 382 (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 383: Configure Geofencing

    Whether the script should be executed within a sandbox that will prevent the script from affecting the system itself. Additional configuration items Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 384 Services Location information 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Geofence.
  • Page 385 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 386 For example, if the Update interval is 1m (one minute) and the Number of intervals is 3, the On entry actions will not be performed until the device has been inside the geofence for three minutes. d. Click to expand Actions. Digi Connect IT® 16/48 User Guide...
  • Page 387    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 388 (config service location geofence test_geofence)> where int is: For latitude, any integer between -90 and 90, with up to six decimal places. For longitude, any integer between -180 and 180, with up to six decimal places. Digi Connect IT® 16/48 User Guide...
  • Page 389 For latitude, any integer between -90 and 90, with up to six decimal places. For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. Digi Connect IT® 16/48 User Guide...
  • Page 390 Services Location information For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add coordinates end (config service location geofence test_geofence coordinates 0)> latitude 44.927220 (config service location geofence test_geofence coordinates 0)>...
  • Page 391 If type is set to script: i. Type or paste the script, closed in quote marks: (config service location geofence test_geofence on_entry action 0)> commands "script" (config service location geofence test_geofence on_entry action 0)> Digi Connect IT® 16/48 User Guide...
  • Page 392 To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: a. (Optional) Configure the device to preform the actions if the device is outside the geofence when it boots: Digi Connect IT® 16/48 User Guide...
  • Page 393 (config service location geofence test_geofence on_exit action 0)> If the script begins with #!, then the proceeding file path will be used to invoke the script interpreter. If not, then the default shell will be used. Digi Connect IT® 16/48 User Guide...
  • Page 394 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 395: Show Location Information

      Command line Show location information 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 396: Modbus Gateway

    Type quit to disconnect from the device. Modbus gateway The Connect IT 16/48 supports the ability to function as a Modbus gateway, to provide serial-to- Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the Connect IT 16/48 gateway allows for communication between buses and and networks that use the Modbus protocol.

  • Page 397: Configure The Modbus Gateway

    Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi Connect IT® 16/48 User Guide...
  • Page 398 Whether packets should have their Modbus address adjusted downward before to delivery.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 399 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT 16/48 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 400 For Remote host, type the hostname or IP address of the remote host on which the Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT 16/48 device. Digi Connect IT® 16/48 User Guide...
  • Page 401 To limit access to hosts connected through a specified interface on the Connect IT 16/48 device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces. Digi Connect IT® 16/48 User Guide...
  • Page 402 Modbus address of 10, you can create two clients on the gateway: Client one: Modbus address filter set to 10. This will configure the gateway to deliver all messages that have the Modbus server address of 10 to this device. Digi Connect IT® 16/48 User Guide...
  • Page 403    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 404 15 minutes, and takes the format number{m|s}. For example, to set inactivity_timeout to ten minutes, enter either 10m or 600s: (config service modbus_gateway server test_modbus_server)> inactivity_timeout 600s (config service modbus_gateway server test_modbus_server)> Digi Connect IT® 16/48 User Guide...
  • Page 405 (config service modbus_gateway server test_modbus_server)> c. Repeat the above instructions for additional servers. 5. Configure clients: a. Type ... to return to the root of the configuration: (config)> add service modbus_gateway server test_modbus_server)> ... (config)> Digi Connect IT® 16/48 User Guide...
  • Page 406 Set the maximum allowable time between bytes in a packet: (config service modbus_gateway client test_modbus_client)> socket idle_gap value (config service modbus_gateway client test_modbus_client)> where value is any number between 10 milliseconds and one second, and take the format number{ms|s}. Digi Connect IT® 16/48 User Guide...
  • Page 407 Serial Additional Configuration --------------------------------------------------------- ---------------------- port1 Port 1 (config service modbus_gateway client test_modbus_client)> ii. Set the port: (config service modbus_gateway client test_modbus_client)> serial port (config service modbus_gateway client test_modbus_client)> ii. Set the packet mode: Digi Connect IT® 16/48 User Guide...
  • Page 408 Allowed values are 1 through 255 or a hyphen-separated range. For example: To have this client filter for incoming messages that contain the Modbus address of 10, set the index 0 entry to 10: Digi Connect IT® 16/48 User Guide...
  • Page 409 10. This will configure the gateway to deliver all messages that have the Modbus server address of 10 to this device. Client two: filter set to 20. adjust_server_address set to 10. Digi Connect IT® 16/48 User Guide...

  • Page 410: Show Modbus Gateway Status And Statistics

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 411 ------------- Client Lookup Errors Incoming Connections Packet Errors RX Broadcasts RX Requests : 12 TX Exceptions TX Responses : 12 Clients ------- modbus_socket_41 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses Digi Connect IT® 16/48 User Guide...
  • Page 412 TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 413: System Time

    The Connect IT 16/48 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 414    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 415: Network Time Protocol

    When the device is configured as an NTP server, it also functions as an NTP client. The NTP client will be consistently synchronized with one or more upstream NTP servers, which means that NTP packets Digi Connect IT® 16/48 User Guide...

  • Page 416: Configure The Device As An Ntp Server

    To configure the Connect IT 16/48 device's NTP service:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 417 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the Connect IT 16/48 device can use the NTP service. 6. (Optional) Add upstream NTP servers that the device will use to synchronize its time. The default setting is time.devicecloud.com.
  • Page 418    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 419 Services Configure the device as an NTP server 5. (Optional) Configure the access control list to limit downstream access to the Connect IT 16/48 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)> add service ntp acl address end value (config)>...
  • Page 420 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the Connect IT 16/48 device can use the NTP service. 6. (Optional) Set the timezone for the location of your Connect IT 16/48 device. The default is UTC.
  • Page 421 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 422: Configure A Multicast Route

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 423 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 8. Set the destination interface that the Connect IT 16/48 device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)>...
  • Page 424 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 425: Ethernet Network Bonding

    Ethernet network bonding Ethernet network bonding The Connect IT 16/48 device supports bonding mode for the Ethernet network. This allows you to configure the device so that Ethernet ports share one IP address. When both ports are being used, they act as one Ethernet network port.
  • Page 426    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 427: Enable Service Discovery (Mdns)

    You can enable the Connect IT 16/48 device to use mDNS.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 428    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 429 Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP Digi Connect IT® 16/48 User Guide...
  • Page 430 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 431: Use The Iperf Service

    Use the iPerf service Use the iPerf service Your Connect IT 16/48 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 432 To enable the iPerf3 server:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > iPerf.
  • Page 433    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 434 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration Digi Connect IT® 16/48 User Guide...

  • Page 435: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the Connect IT 16/48 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...

  • Page 436: Configure The Ping Responder Service

    Configure the ping responder service Your Connect IT 16/48 device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
  • Page 437    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 438 Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be Digi Connect IT® 16/48 User Guide...

  • Page 439: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the Connect IT 16/48 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 440 Services Configure the ping responder service iperf Done. Digi Connect IT® 16/48 User Guide...
  • Page 441 Applications The Connect IT 16/48 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 442: Configure Applications To Run Automatically

    Task one: Upload the application    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. Digi Connect IT® 16/48 User Guide...
  • Page 443 Connect IT 16/48 device. local-path is the location on the Connect IT 16/48 device where the copied file will be placed.

  • Page 444: Task Two: Configure The Application To Run Automatically

    Use with care.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
  • Page 445    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 446 For example, to set on_interval to ten minutes, enter either 10m or 600s: (config system schedule script 0)> on_interval 600s (config system schedule script 0)> Digi Connect IT® 16/48 User Guide...
  • Page 447 (config system schedule script 0)> once true (config system schedule script 0)> If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Digi Connect IT® 16/48 User Guide...

  • Page 448: Run A Python Application At The Shell Prompt

    1. Upload the Python application to the Connect IT 16/48 device:    WebUI a. Log into the Connect IT 16/48 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 449 The uploaded file is uploaded to the /etc/config/scripts directory.    Command line a. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 450: Start An Interactive Python Session

    You can also create Python applications by using the vi command when logged in with shell access. 2. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 451: Digidevice Module

    Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to send and receive SMS messages...

  • Page 452: Use Digidevice.cli To Execute Cli Commands

    1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 453: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 454 For example, to use an interactive Python session to upload datapoints related to velocity, temperature, and the state of the emergency door: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 455: Use Digidevice.config For Device Configuration

    Use the config Python module to access and modify the device configuration. Read the device configuration 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 456 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 457 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 458: Use Python To Respond To Digi Remote Manager Sci Requests

    Use Remote Manager's SCI interface to create SCI requests that are sent to your Connect IT 16/48 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 459 >>> In Remote Manager, you will receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="myTarget" status="0">OK</device_ request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request Digi Connect IT® 16/48 User Guide...
  • Page 460    WebUI i. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
  • Page 461    Command line i. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 462 > reboot To run the application from the shell prompt: i. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 463 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi Connect IT 16/48 Serial Number : Connect IT 16/48-000068 Hostname : Connect IT 16/48 : 00:40:D0:13:35:36 Hardware Version...
  • Page 464 : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi Connect IT 16/48 Serial Number : Connect IT 16/48-000023 Hostname : Connect IT 16/48 : 00:40:D0:26:79:1C Hardware Version : 50001959-01 A Firmware Version : 21.2.39.67...
  • Page 465 Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 466: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 467 Modify the runtime database Use the set() method to modify the runtime database: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 468: Use Python To Upload The Device Name To Digi Remote Manager

    Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 469 5. Click Send. Upload a custom name 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 470: Use Python To Access The Device Location Data

    Use Python to access the device location data The location submodule enables access to the location data for the Connect IT 16/48 device. The module takes a snapshot of location data stored in the runt database. The location data snapshot can be subsequently updated by using the update method.
  • Page 471 The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 472 The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 473 Help for the digidevice location module Get help for the digidevice location module: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 474: Use Python To Send And Receive Sms Messages

    You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
  • Page 475    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 476: Use The Human Interface Device (Hid) Module

    Python script. For example, to determine information about a USB-connected keyboard: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 477: Help For The Hid Module

    Help for the hid module Get help for the hid module: 1. Log into the Connect IT 16/48 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 478: Use Python To Access Serial Ports

    Use Python to access serial ports You can use the Python serial module to access serial ports on your Connect IT 16/48 device that are configured to be in Application mode. For example, you can configure USB ports to function serial ports and interact programmatically with those ports.

  • Page 479: Use The Paho Mqtt Python Library

    6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your Connect IT 16/48 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 480 = cmd_path[len(PREFIX_CMD):] else: print("Invalid command path ({}), cannot send reply".format(cmd_path)) return reply = { "cmd": cmd, "status": status Digi Connect IT® 16/48 User Guide...
  • Page 481 {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) def publish_dhcp_leases(): leases = [] try: with open('/etc/config/dhcp.leases', 'r') as f: for line in f: elems = line.split() if len(elems) != 5: continue Digi Connect IT® 16/48 User Guide...

  • Page 482: Use The Local Rest Api To Configure The Connect It 16/48 Device

    Use the local REST API to configure the Connect IT 16/48 device Your Connect IT 16/48 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: Digi Connect IT®...

  • Page 483: Use The Get Method To Return Device Configuration Information

    To determine allowed values for path from the Admin CLI: 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 484 Applications Use the local REST API to configure the Connect IT 16/48 device iperf IPerf location Location mdns Service Discovery (mDNS) modbus_gateway Modbus Gateway multicast Multicast ping Ping responder snmp SNMP telnet Telnet web_admin Web administration (config)> service For example, to use curl to return the ssh configuration: $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh -X...

  • Page 485: Use The Post Method To Modify Device Configuration Parameters And Add Items To A List Array

    Applications Use the local REST API to configure the Connect IT 16/48 device Use the POST method to modify device configuration parameters and add items to a list array To modify configuration parameters, use the POST method with the path and value parameters.

  • Page 486: Stop A Script That Is Currently Running

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 487: Show Script Information

    The Scripts page displays:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 488 Applications Show script information 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 489 User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for Connect IT 16/48 users Example user configuration Digi Connect IT® 16/48 User Guide...

  • Page 490: User Authentication

    User authentication Connect IT 16/48 user authentication Connect IT 16/48 user authentication User authentication on the Connect IT 16/48 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 491 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect IT® 16/48 User Guide...

  • Page 492: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 493 This procedure describes how to add methods to various places in the list. 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 494: Delete An Authentication Method

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 495: Rearrange The Position Of Authentication Methods

    For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: Digi Connect IT® 16/48 User Guide...
  • Page 496    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 497: Authentication Groups

    Admin access: Users with Admin access can be configured to have either: The ability to manage the Connect IT 16/48 device by using the WebUI or the Admin CLI. Read-only access to the WebUI and Admin CLI.

  • Page 498: Change The Access Rights For A Predefined Group

       WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
  • Page 499    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 500: Add An Authentication Group

    Access rights to OpenVPN tunnels, and the tunnels to which they have access. Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 501 User authentication Authentication groups 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
  • Page 502    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 503 Authentication groups where value is either: full: provides users of this group with the ability to manage the Connect IT 16/48 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 504: Delete An Authentication Group

    To delete an authentication group that you have created:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 505    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 506: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each Connect IT 16/48 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 507: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.

  • Page 508: Configure A Local User

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 509 To configure a local user:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 510 Select the Verification type: Time-based (TOTP): Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password. Counter-based (HOTP): HMAC-based One-Time Password (HOTP) uses a counter to validate a one-time password. Digi Connect IT® 16/48 User Guide...
  • Page 511 For Code, enter the scratch code. The code must be eight digits, with a minimum of 10000000. iv. Click  again to add additional scratch codes. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 512    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 513 Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> 8. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: Digi Connect IT® 16/48 User Guide...
  • Page 514 Configure the valid code window size. This represents the allowed number of concurrently valid codes. In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. Digi Connect IT® 16/48 User Guide...

  • Page 515: Delete A Local User

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your Connect IT 16/48:    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 516 User authentication Local users 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 517    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 518: Terminal Access Controller Access-Control System Plus (Tacacs+)

    To use TACACS+ authentication, you must set up a TACACS+ server that is accessible by the Connect IT 16/48 device prior to configuration. The process of setting up a TACACS+ server varies by the server environment.

  • Page 519: Tacacs+ User Configuration

    Connect IT 16/48. Alternatively, if the user is also configured as a local user on the Connect IT 16/48 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups. See...

  • Page 520: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your Connect IT 16/48 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 521 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 522    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 523 TACACS+ server's configuration. For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the Connect IT 16/48 configuration. (config)> auth tacacs+ service service-name (config)> 6. Add a TACACS+ server: a.

  • Page 524: Remote Authentication Dial-In User Service (Radius)

    With RADIUS support, the Connect IT 16/48 device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.

  • Page 525: Radius User Configuration

    $ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your Connect IT 16/48 device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.

  • Page 526: Configure Your Connect It 16/48 Device To Use A Radius Server

    Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the Connect IT 16/48 device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 527 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the Connect IT 16/48 device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 528    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 529: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the Connect IT 16/48 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
  • Page 530 User authentication LDAP This section contains the following topics: LDAP user configuration LDAP server failover and fallback to local configuration Configure your Connect IT 16/48 device to use an LDAP server Digi Connect IT® 16/48 User Guide...

  • Page 531: Ldap User Configuration

    LDAP LDAP user configuration When configured to use LDAP support, the Connect IT 16/48 device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.

  • Page 532: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your Connect IT 16/48 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 533 User authentication LDAP 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
  • Page 534    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 535 8. Set the distinguished name (DN) on the server to search for users. This can be the root of the directory tree (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> Digi Connect IT® 16/48 User Guide...
  • Page 536 User authentication LDAP 9. (Optional) Set the name of the user attribute that contains the list of Connect IT 16/48 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.

  • Page 537: Disable Shell Access

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 538: Set The Idle Timeout For Connect It 16/48 Users

    By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 539    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 540: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 541    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 542: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the Connect IT 16/48 device, user authentication will occur in the following order: 1.
  • Page 543 Save and close the tac_plus.conf file. 3. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. Digi Connect IT® 16/48 User Guide...
  • Page 544 Click Groups. ii. For Add Group, click . iii. For Group, select the admin group. a. Verify that the admin group has full administrator rights: i. Click Authentication > Groups. ii. Click admin. Digi Connect IT® 16/48 User Guide...
  • Page 545 In this example: The user's username is admin1. The user's password is password1. The authentication group on the Connect IT 16/48 device, admin, is identified in the Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
  • Page 546 Save and close the tac_plus.conf file. 3. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 547 Type quit to disconnect from the device. Example 3: Multiple users with specific serial port access Goal: To create two RADIUS users that do not have configuration access to the Connect IT 16/48 but have access rights to specific serial ports.
  • Page 548 For example, if you want administrators of the Connect IT 16/48 to log into the device using local authentication, make sure that Local users authentication is included in the Methods list. Otherwise they will not be able to log into the device.
  • Page 549    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 550 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 13. Configure the users on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: Digi Connect IT® 16/48 User Guide...
  • Page 551 Example user configuration $ sudo gedit /etc/freeradius/3.0/users b. Add the users to the users file: serialuser1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "serialgroup1" serialuser2 Cleartext-Password := "password2" Unix-FTP-Group-Names := "serialgroup2" c. Save and close the users file. Digi Connect IT® 16/48 User Guide...
  • Page 552 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Digi Connect IT® 16/48 User Guide...

  • Page 553: Firewall Configuration

    IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the Connect IT 16/48 to be forwarded to other servers by translating the destination address.
  • Page 554    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 555: Configure The Firewall Zone For A Network Interface

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 556: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 557: Port Forwarding Rules

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 558 To configure a port forwarding rule:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 559    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 560 8. Set the IP address of the server to which traffic should be forwarded: For IPv4 addresses: (config firewall dnat 0)> to_address ip-address (config firewall dnat 0)> For IPv6 addresses: (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)> Digi Connect IT® 16/48 User Guide...
  • Page 561 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------------------- --------- dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> Digi Connect IT® 16/48 User Guide...

  • Page 562: Delete A Port Forwarding Rule

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 563 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 564: Packet Filtering

    By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the Connect IT 16/48 device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
  • Page 565    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 566 3. (Optional) Set the label for the rule. (config firewall filter 1)> label "My filter rule" (config firewall filter 1)> 4. Set the action to be performed by the filter rule. (config firewall filter 1)> action value (config firewall filter 1)> Digi Connect IT® 16/48 User Guide...
  • Page 567 (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 16/48 User Guide...

  • Page 568: Enable Or Disable A Packet Filtering Rule

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 569: Delete A Packet Filtering Rule

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a packet filtering rule To delete a packet filtering rule:    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 570    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 571: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
  • Page 572 Firewall Configure custom firewall rules 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...

  • Page 573: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the Connect IT 16/48 device on the binding's interface. By default, the Connect IT 16/48 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 574    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 575 Create a new binding    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
  • Page 576 For Add Policy, click . The QoS binding policy configuration window is displayed. New QoS binding policies are enabled by default. To disable, click Enable. c. (Optional) Type a Label for the binding policy. Digi Connect IT® 16/48 User Guide...
  • Page 577 Interface: Only traffic from the selected Interface will be matched. IPv4 address: Only traffic from the IP address typed in IPv4 address will be matched. Use the format IPv4_address[/netmask], or use any to match any IPv4 address. Digi Connect IT® 16/48 User Guide...
  • Page 578 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 579    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 580 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> Digi Connect IT® 16/48 User Guide...
  • Page 581 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. Digi Connect IT® 16/48 User Guide...
  • Page 582 Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> Digi Connect IT® 16/48 User Guide...
  • Page 583 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address value (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. Digi Connect IT® 16/48 User Guide...
  • Page 584 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 585 This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your Connect IT 16/48 device Erase device configuration and reset to factory defaults Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet ports Digi Connect IT®...

  • Page 586: System Administration

    Show basic system information: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 587: Configure System Information

    Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your Connect IT 16/48 device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
  • Page 588    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 589: Update System Firmware

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The Connect IT 16/48 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 590 5. Click Update Firmware. Update firmware from a local file 1. Download the Connect IT 16/48 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect IT 16/48 WebUI as a user with Admin access.
  • Page 591 System administration Update system firmware 1. Download the Connect IT 16/48 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 592: Dual Boot Behavior

    > reboot Rebooting system > 7. Once the device has rebooted, log into the Connect IT 16/48's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 593: Update Cellular Module Firmware

    4. Click Duplicate Firmware.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 594: Update Modem Firmware Over The Air (Ota)

      Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the Connect IT 16/48 command line as a user with Admin access.
  • Page 595 Retrieving download location for modem firmware '25.20.666_CUST_067_1' > To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined using the modem firmware ota check or modem firmware ota list command.

  • Page 596: Update Modem Firmware By Using A Local Firmware File

    Update cellular module firmware Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your Connect IT 16/48 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware. Modem firmware can be downloaded from Digi at https://ftp1.digi.com/support/firmware/dal/carrier_firmware/.

  • Page 597: Reboot Your Connect It 16/48 Device

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Reboot your Connect IT 16/48 device You can reboot the Connect IT 16/48 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting.

  • Page 598: Reboot Your Device Immediately

    Schedule reboots of your device    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Select System > Scheduled tasks.

  • Page 599: Erase Device Configuration And Reset To Factory Defaults

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 600 4. Click CONFIRM. 5. After resetting the device: a. Connect to the Connect IT 16/48 by using the serial port or by using an Ethernet cable to connect the Connect IT 16/48 ETH2 port to your PC. b. Log into the Connect IT 16/48: User name: Use the default user name: admin.
  • Page 601 > system factory-erase 3. After resetting the device: a. Connect to the Connect IT 16/48 by using the serial port or by using an Ethernet cable to connect the Connect IT 16/48 ETH2 port to your PC. b. Log into the Connect IT 16/48: User name: Use the default user name: admin.

  • Page 602: Configure The Connect It 16/48 Device To Use Custom Factory Default Settings

    You can reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command: 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 603 Erase device configuration and reset to factory defaults    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. Configure your Connect IT 16/48 device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.
  • Page 604 System administration Erase device configuration and reset to factory defaults 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 605: Configuration Files

       Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 606: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your Connect IT 16/48 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 607: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your Connect IT 16/48 device by using a backup from the device, or a backup from a similar device. ...
  • Page 608 Connect IT 16/48 device. local-path is the location on the Connect IT 16/48 device where the copied file will be placed.
  • Page 609 16/48's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created. For example: > system restore /opt/backup-archive-0040FF800120-21.2.39.67- 19.23.42.bin Digi Connect IT® 16/48 User Guide...

  • Page 610: Schedule System Maintenance Tasks

    Custom scripts that should be run as part of the configuration check.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 611 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care. Scripts created here are also automatically entered in Configuration > Applications. b. For Add Script, click . The schedule script configuration window is displayed. Digi Connect IT® 16/48 User Guide...
  • Page 612 Click to enable Log script output to log the script's output to the system log. ii. Click to enable Log script errors to log script errors to the system log. If neither option is selected, only the script's exit code is written to the system log. Digi Connect IT® 16/48 User Guide...
  • Page 613    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 614 6. (Optional) Allow scheduled scripts to handle SMS messages: (config)> system schedule sms_script_handling true (config)> 7. (Optional) Schedule custom scripts: a. Add a script: (config)> add system schedule script end (config system schedule script 0)> Digi Connect IT® 16/48 User Guide...
  • Page 615 (config system schedule script 0)> If once is set to false, a new instance of the script will be started at every interval, regardless of whether the script is still running from a previous interval. Digi Connect IT® 16/48 User Guide...
  • Page 616 If once is enabled, rebooting the device will cause the script to run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Disable once. Digi Connect IT® 16/48 User Guide...

  • Page 617: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your Connect IT 16/48 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.

  • Page 618: Re-Enable Cryptography After It Has Been Disabled

    Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Digi Connect IT® 16/48 User Guide...

  • Page 619: Configure The Speed Of Your Ethernet Ports

    Gateway: 192.168.210.1 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your Connect IT 16/48 device. 3. Open a telnet session and connect to the Connect IT 16/48 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 620    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 621 Configure the speed of your Ethernet ports 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 622 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect IT® 16/48 User Guide...

  • Page 623: Intelliflow

    WebUI. To use intelliFlow, the Connect IT 16/48 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 624    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 625 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 626: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 627: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 628 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect IT® 16/48 User Guide...

  • Page 629: Use Intelliflow To Display Data Usage By Host Over Time

    To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 630: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the Connect IT 16/48 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 631 Configure NetFlow Probe    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 632    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 633 Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> c. (Optional) Set the port used by the collector: (config monitoring netflow collector 0)> port port (config monitoring netflow collector 0)> Digi Connect IT® 16/48 User Guide...
  • Page 634 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...
  • Page 635 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 636: Central Management

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your Connect IT 16/48 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
  • Page 637 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the Connect IT 16/48 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 638    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 639 (config)> cloud drm drm_url url (config)> 6. (Optional) Set the amount of time that the Connect IT 16/48 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
  • Page 640 The minimum value is 30 minutes and the maximum is 48 hours. If not set, this option is disabled. The default is disabled. 12. (Optional) Determine whether to require a login and password to authenticate the user from the remote cloud services CLI: Digi Connect IT® 16/48 User Guide...
  • Page 641 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 13. (Optional) Configure the Connect IT 16/48 device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...

  • Page 642: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 643    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 644: Log Into Digi Remote Manager

    8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Log into Digi Remote Manager To start Digi Remote Manager Digi Connect IT® 16/48 User Guide...
  • Page 645 1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.

  • Page 646: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 647: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your Connect IT 16/48 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...

  • Page 648: Use The Digi Remote Manager Mobile App

    The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.

  • Page 649: Configure Multiple Devices Using Profiles

    16/48 routers. Typically, if you want to provision multiple Connect IT 16/48 routers: 1. Using the Connect IT 16/48 local WebUI, configure one Connect IT 16/48 router to use as the model configuration for all subsequent Connect IT 16/48s you need to manage.
  • Page 650 File system This chapter contains the following topics: The Connect IT 16/48 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect IT®...

  • Page 651: File System

    The Connect IT 16/48 local file system The Connect IT 16/48 local file system The Connect IT 16/48 local file system has approximately 4.5 GB of space available for storing files, such as alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 652: Create A Directory

    For example: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 653: Display File Contents

    For example:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 654: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 655: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 656: Upload And Download Files

    Upload and download files by using the WebUI Upload files 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 657: Upload And Download Files By Using The Secure Copy Command

    Connect IT 16/48 device. local-path is the location on the Connect IT 16/48 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on...

  • Page 658: Upload And Download Files Using Sftp

    Connect IT 16/48 device. For example: To copy a support report from the Connect IT 16/48 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 659 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit Digi Connect IT® 16/48 User Guide...
  • Page 660 View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect IT® 16/48 User Guide...

  • Page 661: Generate A Support Report

    Attach the support report to any support requests.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 662: View System And Event Logs

    View System Logs    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 663 5. Click  to download the system log.    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 664: View Event Logs

       WebUI 1. Log into the Connect IT 16/48 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 665 Diagnostics View system and event logs 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 666: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 667    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 668: Configure Options For The Event And System Logs

    30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI Digi Connect IT® 16/48 User Guide...
  • Page 669 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the Connect IT 16/48 device erases system logs each time the device is powered off or rebooted.
  • Page 670    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 671 Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ info true Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver Digi Connect IT® 16/48 User Guide...
  • Page 672 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 673: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The Connect IT 16/48 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 674: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the Connect IT 16/48 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 675 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 8. Click Apply to save the configuration and apply the change. Digi Connect IT® 16/48 User Guide...
  • Page 676    Command line 1. Log into the Connect IT 16/48 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 677 (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set save_interval to ten minutes, enter either 10m or 600s: Digi Connect IT® 16/48 User Guide...

  • Page 678: Example Filters For Capturing Data Traffic

    Capture traffic from UDP port 53: ip proto udp and src port 53 Capture to and from IP host 10.0.0.1 but filter out ports 22 and 80: ip host 10.0.0.1 and not (port 22 or port 80) Digi Connect IT® 16/48 User Guide...

  • Page 679: Capture Packets From The Command Line

    To start packet capture from the command line:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 680: Stop Capturing Packets

    To stop packet capture from the command line:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 681 To show captured data traffic:    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 682: Save Captured Data Traffic To A File

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 683: Download Captured Data To Your Pc

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 684: Clear Captured Data

       Command line 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 685: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 686 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 687: Front Panel And Leds

    When starting up, the WWAN Signal, WWAN Service, and Status LEDs on the back of the Connect IT also flash. Solid blue: The Connect IT initialization is complete. Red: The Connect IT has had start-up failure. Digi Connect IT® 16/48 User Guide...
  • Page 688 Connect IT from the Console port. Left (yellow): There is activity on the port. Right (green): The port is in use. Connect a USB flash drive to the Connect IT for backup or logging. USB ports Digi Connect IT® 16/48 User Guide...

  • Page 689: Back Panel And Leds

    See Connect equipment to the Connect IT serial ports. Connect IT 16: serial ports 1-16. Connect IT 48: serial ports 1-48. The LED on the left lights: Yellow: There is activity on the port.
  • Page 690 Off: No power is connected to the PS2 power supply. Solid blue: Power is connected to the PS2 power supply and is in use by the Connect IT. Flashing blue: Power is connected to the PS2 power supply, but is it unusable. Digi Connect IT® 16/48 User Guide...

  • Page 691: Hardware Specifications

    0° C - 50° C Power supply The Connect IT 16 or 48 must be operated only with power supplies from a Digi-provided power supply kit, either ITPS-PSIK (for Port Side Air Intake) or ITPS-PSIK (for Port Side Air Exhaust), as appropriate for the device installation location.

  • Page 692: Mounting Options

    A QR code is printed on the label attached to the device and on the loose label included in the box with the device components. The QR code contains information about the device. QR code items Semicolon separated list of: ProductName;DeviceID;Password;SerialNumber;SKUPartNumber SKUPartRevision Note There is a space between PartNumber and PartRevision. Example Connect IT 48;00000000-00000000-112233FF-FF445566;PW1234567890;IT48-123456;IT48-1002 C Digi Connect IT® 16/48 User Guide...

  • Page 693: Troubleshooting

    If the signal strength LEDs or the signal quality for your device indicate Poor or No servcie, try the following things to improve signal strength: If available, connect a different set of antennas. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1 Download a support report You can download a support report from the device to provide to technical support.

  • Page 694: Regulatory And Safety Information

    Regulatory and safety information Safety warnings Review the following safety warnings for Connect IT 16/48. WARNING! Notice the following safety warnings: Risk of explosion if battery is replaced by incorrect battery type. Dispose of used batteries according to the instructions.

  • Page 695: Power Supply And Supplemental Fan Module Considerations

    Manuals and further information are provided. Warning messages for replacing batteries and for restricted access area requirements are available in this manual. See Safety warnings. The Digi Connect IT® 16/48 User Guide is accessible online. Digi Connect IT® 16/48 User Guide...
  • Page 696 Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi Connect IT® 16/48 User Guide...

  • Page 697: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the Connect IT 16/48 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 698: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. Connect IT 16/48 login: 3. Log into the Connect IT 16/48 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 699: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the Connect IT 16/48 command line, and other keyboard shortcuts: > help...

  • Page 700: Display Help For Individual Commands

    Show modbus gateway status & statistics modem Show modem statistics. network Show network interface statistics. openvpn Show OpenVPN statistics. route Show IP routing information. serial Show serial statistics. system Show system statistics. version Show firmware version. > show Digi Connect IT® 16/48 User Guide...

  • Page 701: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect IT® 16/48 User Guide...

  • Page 702: Available Commands

    Reboots the Connect IT 16/48 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the Connect IT 16/48 device and a remote host. Use the scp command for information about using the scp command.

  • Page 703: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the Connect IT 16/48 device from a remote host, or to the remote host from the Connect IT 16/48 device.

  • Page 704: Display Status And Statistics Using The Show Command

    Connect IT 16/48 device. For example: To copy a support report from the Connect IT 16/48 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 705: Show System

    CPU usage. > show system Model : Digi Connect IT 16/48 Serial Number : Connect IT 16/48-000065 : Connect IT 16/48 Hostname : Connect IT 16/48...

  • Page 706: Device Configuration Using The Command Line Interface

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The Connect IT 16/48 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 707 Additional Configuration -------------------------------------------------------------------------- Access control list mdns > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Digi Connect IT® 16/48 User Guide...

  • Page 708: Configuration Mode

    (config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> Digi Connect IT® 16/48 User Guide...

  • Page 709: Save Changes And Exit Configuration Mode

    Saves configuration changes and exits configuration mode. validate Validates configuration changes. Reverts the configuration to default revert settings. See The revert command more information. show Displays configuration settings. Digi Connect IT® 16/48 User Guide...

  • Page 710: Display Command Line Help In Configuration Mode

    2. You can then display help for the additional configuration commands. For example, to display help for the config service command, use one of the following methods: At the config prompt, enter service ?: (config)> service ? Digi Connect IT® 16/48 User Guide...
  • Page 711 Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter ? to display help for the ssh node: (config service ssh)> ? Digi Connect IT® 16/48 User Guide...
  • Page 712 Either of these methods will display the following information: (config)> service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true (config)> service ssh enable Digi Connect IT® 16/48 User Guide...

  • Page 713: Move Within The Configuration Schema

    While in configuration mode, you can use the add, del, and move action commands to manage elements in a list. When working with lists, these actions require an index number to identify the list item that will be acted on. Digi Connect IT® 16/48 User Guide...
  • Page 714 (config)> add auth user new-user group end admin (config)> 3. Use the show command again to verify that the admin group has been added to the user's configuration: (config)> show auth user new-user group 0 admin (config)> Digi Connect IT® 16/48 User Guide...
  • Page 715 2. To configure the device to use TACACS+ authentication first to authenticate a user, use the move index_number_1 index_number_2 command: (config)> move auth method 1 0 (config)> 3. Use the show command again to verify the change: (config)> show auth method 0 tacacs+ 1 local 2 radius (config)> Digi Connect IT® 16/48 User Guide...

  • Page 716: The Revert Command

    Configuration mode The revert command The revert command is used to revert changes to the Connect IT 16/48 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.

  • Page 717: Enter Strings In Configuration Commands

    For string parameters, if the string value contains a space, the value must be enclosed in quotation marks. For example, to assign a descriptive name for the device using the system command, enter: (config)> system description "Digi Connect IT 16/48" Digi Connect IT® 16/48 User Guide...

  • Page 718: Example: Create A New User By Using The Command Line

    Example: Create a new user by using the command line In this example, you will use the Connect IT 16/48 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 719 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 16/48 User Guide...

  • Page 720: Command Line Reference

    Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] modem scan [imeiSTRING] [nameSTRING] more ping reboot show system traceroute Digi Connect IT® 16/48 User Guide...

  • Page 721: Analyzer

    Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING Digi Connect IT® 16/48 User Guide...
  • Page 722 Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 723: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None Digi Connect IT® 16/48 User Guide...
  • Page 724 [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 725: Mkdir

    Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING Digi Connect IT® 16/48 User Guide...

  • Page 726: Modem

    Commands for interacting with cellular modem firmware. See Update cellular module firmware further information about using the modem firmware commands. firmware check [imei STRING] [name STRING] Inspect /opt/[MODEM_MODEL]/Custom_Firmware/ directory for new modem firmware file. Digi Connect IT® 16/48 User Guide...
  • Page 727 Commands for performing FOTA (firmware-over-the-air) interactions with cellular modem. ota check [imei STRING] [name STRING] Query the Digi firmware server for the latest remote modem firmware version. Parameters imei The IMEI of the modem to execute this CLI command on...
  • Page 728 Command line interface Command line reference ota list [imei STRING] [name STRING] Query the Digi firmware server for a list of modem firmware versions. Parameters imei The IMEI of the modem to execute this CLI command on Optional: True Type: string...
  • Page 729 [imei STRING] [name STRING] PIN Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. Digi Connect IT® 16/48 User Guide...
  • Page 730 Parameters imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 731: Modem Puk Status [Imei String] [Name String]

    The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True puk unlock [imei STRING] [name STRING] PUK NEW-PIN Unlock the SIM with a PUK code from the SIM provider. Digi Connect IT® 16/48 User Guide...

  • Page 732: Modem Scan [Imeistring] [Namestring]

    [imeiSTRING] [nameSTRING] imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Digi Connect IT® 16/48 User Guide...
  • Page 733 Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 734: More

    Command line interface Command line reference more path The file to view. Syntax: STRING Digi Connect IT® 16/48 User Guide...
  • Page 735 Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 736: Ping

    If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 Digi Connect IT® 16/48 User Guide...
  • Page 737 The ping command will send a packet with the source address set to the IP address of this interface, rather than the address of the interface the packet is sent from. Syntax: STRING Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 738: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None Digi Connect IT® 16/48 User Guide...
  • Page 739 Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® 16/48 User Guide...

  • Page 740: Scp

    Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING Digi Connect IT® 16/48 User Guide...

  • Page 741: Show

    Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. Digi Connect IT® 16/48 User Guide...
  • Page 742 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True Digi Connect IT® 16/48 User Guide...
  • Page 743 (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True Digi Connect IT® 16/48 User Guide...
  • Page 744 The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Digi Connect IT® 16/48 User Guide...
  • Page 745 Default: False Optional: True show openvpn Show OpenVPN status and statistics. openvpn client [all] [name STRING] Show OpenVPN client status statistics. Parameters Display all clients including disabled clients. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® 16/48 User Guide...
  • Page 746 Default: False Optional: True ipv6 Display IPv6 routes. Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show scripts Show scheduled system scripts Digi Connect IT® 16/48 User Guide...
  • Page 747 Show USB information. Parameters None show version [verbose] Show firmware version. Parameters verbose Display more information (build date) Syntax: BOOLEAN Default: False Optional: True show vrrp [all|verbose] [name STRING] Show VRRP status and statistics. Digi Connect IT® 16/48 User Guide...

  • Page 748: Ssh

    Type: string host The hostname or IP address of the remote host Syntax: {hostname|IPv4_address|IPv6_address} Type: string port The SSH port to use to connect to the remote host. Default: 22 Maximum: 65535 Minimum: 1 Digi Connect IT® 16/48 User Guide...
  • Page 749 Command line interface Command line reference Syntax: {Integer} Type: integer user The username to use when connecting to the remote host. Type: string Digi Connect IT® 16/48 User Guide...

  • Page 750: System

    Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Digi Connect IT® 16/48 User Guide...
  • Page 751 Parameters script Script to stop. Syntax: STRING system serial clear PORT Clears the serial log. Parameters port Serial port. Type: string system serial save PORT FILENAME Saves the current serial log to a file. Digi Connect IT® 16/48 User Guide...
  • Page 752 Type: string system serial stop PORT Start logging data on a serial port. Parameters port Serial port. Type: string system support-report PATH Save a support report to a file and include with support requests. Digi Connect IT® 16/48 User Guide...
  • Page 753 Command line interface Command line reference Parameters path The file path to save the support report to. Syntax: STRING Digi Connect IT® 16/48 User Guide...

  • Page 754: Traceroute

    Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True icmp Use ICMP ECHO for probes. Syntax: BOOLEAN Default: False Digi Connect IT® 16/48 User Guide...
  • Page 755 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes Syntax: INT Minimum: 0 Default: 0 Digi Connect IT® 16/48 User Guide...
  • Page 756 Default: -1 waittime Determines how long to wait for a response to a probe. Syntax: INT Minimum: 1 Default: 5 host The host that we wish to trace the route packets for. Syntax: STRING Digi Connect IT® 16/48 User Guide...

This manual is also suitable for:

Connect it 48

Table of Contents