Page 1 Digi Connect IT® Mini User Guide User Guide...
Page 2 Digi Remote Manager. Added a randomized two minute delay window for uploading health metrics to the Digi Remote Manager to avoid situations where multiple devices are uploading metrics at the same time. Added note that for devices...
Page 3 Revision Date Description Release of Digi Connect IT Mini firmware version September 2020 20.8: Support for NEMO/DMNR virtual private networks. Support for serial Modbus Gateway. Support for VRRP+, an extension to the VRRP standard that uses network probing to monitor connections through VRRP-enabled devices.
Page 4 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
Page 5 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect IT® Mini User Guide, 90002358 C) in the subject line of your email. Digi Connect IT® Mini User Guide...
Page 6: Table Of Contents
Contents Digi Connect IT® Mini User Guide Get started with the Connect IT Mini Verify product components Included equipment Required additional equipment Connect the hardware to a network Connect hardware and connect to a cellular network Connect hardware and connect to site network using an Ethernet port...
Page 7 Show LAN status and statistics Delete a LAN DHCP servers Create a Virtual LAN (VLAN) route Bridging Configure a bridge Serial port Configure the serial port Show serial status and statistics Serial Status page Routing IP routing Digi Connect IT® Mini User Guide...
Page 8 Configure a NEMO tunnel Show NEMO status Services Allow remote access for web administration and SSH Configure the web administration service Configure SSH access Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Digi Connect IT® Mini User Guide...
Page 9 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages Use Python to access serial ports Use the Paho MQTT python library...
Page 10 Configure your Connect IT Mini device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your Connect IT Mini device to use a RADIUS server LDAP...
Page 11 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 12 Use the traceroute command to diagnose IP routing problems Hardware Connect IT Mini hardware and LEDs Top panel and LEDs Left side of the Connect IT Right side of the Connect IT Signal strength Exchange power tips Troubleshooting Use the RESET button to reset your device to the factory defaults...
Page 13 Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute Digi Connect IT® Mini User Guide...
Page 14: Digi Connect It® Mini User Guide
This guide provides reference and usage information for the Connect IT. The Connect IT Mini provides out-of-band management for remote network or infrastructure devices. Cellular connectivity, available as standard in some models and as an option in other models, provides fast reliable cellular connections without additional equipment.
Page 15: Get Started With The Connect It Mini
Get started with the Connect IT Mini This section explains what comes with each Connect IT model, how to install the necessary software, and how to connect the hardware. Verify product components. Connect the hardware to a network. Access the device from the web Update the firmware on the Connect IT.
Page 16: Verify Product Components
Get started with the Connect IT Mini Verify product components Verify product components Verify that you have the following included equipment. Included equipment Equipment Description Digi Connect IT For detailed information about the front and back panels, see Connect IT Mini hardware and LEDs.
Page 17: Required Additional Equipment
Do not tighten the antenna by holding any part of the plastic antenna housing. 4. Connect the power supply unit to the device. 5. Verify the cellular network signal strength indicator on the front of the Connect IT Mini shows two or more bars for proper operation. See Signal strength.
Page 18: Connect Hardware And Connect To Site Network Using An Ethernet Port
Connect IT Mini. 2. Connect one end of an Ethernet cable to your site gateway. 3. Connect the other end of the Ethernet cable to the ETH port on the Connect IT Mini. Digi Connect IT® Mini User Guide...
Page 19: Connect Equipment To The Connect It
50 feet (15 meters) long. For the Connect IT the use of standard CAT 5 cables enables serial communication at all baud rates up to 50 feet. CAT5 unshielded twisted pair cable lengths much longer than 50 feet have been verified at 9600 baud but are non-standard and are not guaranteed. Digi Connect IT® Mini User Guide...
Page 20: Connect Equipment To The Connect It Usb Port
Connect equipment to the Connect IT Connect equipment to the Connect IT USB port The Digi Connect IT Mini RS232 serial port is DTE and has the following pin configuration. Console port and DTE mode Signal name Description Request to send...
Page 21 Connect equipment to the Connect IT Connect equipment to the Connect IT USB port Digi Connect IT® Mini User Guide...
Page 22: Configuration And Management
Configuration and management This chapter contains the following topics: Review Connect IT Mini default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the web interface Using the command line...
Page 23: Review Connect It Mini Default Settings
Configuration and management Review Connect IT Mini default settings Review Connect IT Mini default settings You can review the default settings for your Connect IT Mini device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. See Using the web interface for details.
Page 24: Other Default Configuration Settings
É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users > admin.
Page 25: Configuration Methods
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 26 A robust command line allows you to perform all configuration and management tasks from within a command shell. Both the Remote Manager and the local web interface also have the option to open a terminal emulator for executing commands on your Connect IT Mini device. Using the command line for more information about using the command line to manage and configure your Connect IT Mini device.
Page 27: Using Digi Remote Manager
Central management information about configuring the device remotely if the site network provides Internet connectivity. 1. Use an Ethernet cable to connect the Connect IT Mini's ETH port to a laptop or PC. 2. Open a browser and go to 192.168.210.1.
Page 28: Log Out Of The Web Interface
Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Displays the device connection status for Digi Remote Manager, the amount of time Remote the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.
Page 29 2. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. 3. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. 4. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect IT® Mini User Guide...
Page 30: Using The Command Line
Configuration and management Using the command line Using the command line The Digi Connect IT Mini device provides a command-line interface that you can use to configure the device, display status and statistics, update firmware, and manage device files. Command line interface...
Page 31: Log In To The Command Line Interface
Log in to the command line interface Command line 1. Connect to the Connect IT Mini device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See...
Page 32: Exit The Command Line Interface
2. Depending on the device configuration, you may be presented with another menu, for example: Access selection menu: a: Admin CLI 1: Serial: port1 (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type q or quit to exit. Digi Connect IT® Mini User Guide...
Page 33: Configure Remote Power Management
Manage power to the power controller outlets You can manage the power to an individual outlet on the power controller from the web UI or a terminal. Manage the power to the power controller outlets from the Connect IT Digi Connect IT® Mini User Guide...
Page 34: Configure The Connect It To Connect To A Power Controller Using A Serial Port
7. Expand the Serial Settings section. The entries in the following fields must match the information for the power controller. Refer to your power controller manual for the correct entries: Baud rate, Data bits, Parity, Stop bits, and Flow control. 8. Click Apply. Digi Connect IT® Mini User Guide...
Page 35: Connect A Power Controller To The Connect It Serial Port
In the Index field, enter the appropriate outlet index. Refer to the manual for your power controller to determine the outlet index. c. From the Controlled Device list box, select Serial Port 1. 12. Click Apply. Digi Connect IT® Mini User Guide...
Page 36: Connect The Connect It To Your Network
In the Add Group field, enter a group name. b. Click +. 6. Select the Serial access option. 7. Configure the serial port for the group. a. Expand the Serial ports section. b. Click + next to Add Port. Digi Connect IT® Mini User Guide...
Page 37: Manage The Power To The Power Controller Outlets From The Connect It
Cycle the outlets on this port. Turn the power off, then on. If the power state for the outlet is currently off, then the power is just turned on. Power off all the outlets on this port. Digi Connect IT® Mini User Guide...
Page 38: View Power Controller Status And Manage Power (Administrators)
3. If a serial port is configured for communication with a 3rd-party device plugged into an outlet, the power status displays in the Power column. ON: ON displays in green when there is power to the outlet configured for the serial port. Click ON to turn power to the outlet off. Digi Connect IT® Mini User Guide...
Page 39 Manage the power to the power controller outlets from the Connect IT OFF: OFF displays in red when there is no power to the outlet configured for the serial port. Click OFF to turn power to the outlet on. Digi Connect IT® Mini User Guide...
Page 40: Interfaces
Connect IT devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs) Bridging Digi Connect IT® Mini User Guide...
Page 41: Wide Area Networks (Wans)
Wide Area Networks (WANs) Wide Area Networks (WANs) The Connect IT Mini device is preconfigured with one Wide Area Network (WAN), named ETH, and one Wireless Wide Area Network (WWAN), named Modem. You can modify configuration settings for the existing WAN and WWANs, and you can create new WANs and WWANs.
Page 42: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)
Wireless Wide Area Network (WWAN), named Modem. You can also create additional WANs and WWANs. When a WAN is initialized, the Connect IT Mini device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
Page 43 5. Click Apply to save the configuration and apply the change. The Connect IT Mini device is now configured to use the cellular modem WWAN, Modem, as its highest priority WAN, and its Ethernet WAN, ETH, as its secondary WAN.
Page 44: Wan/Wwan Failover
WAN, and its Ethernet WAN, ETH, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the Connect IT Mini device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
Page 45: Configure Surelink Active Recovery To Detect Wan/Wwan Failures
Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the Connect IT Mini device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 46 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 47 For Restart interface, enable to configure the device to restart the interface when its connection is considered to have failed. This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. Digi Connect IT® Mini User Guide...
Page 48 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 49 The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this Digi Connect IT® Mini User Guide...
Page 50 This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. c. To configure the device to reboot when the interface is considered to have failed: (config network interface my_wan ipv4 surelink)> reboot enable (config network interface my_wan ipv4 surelink> Digi Connect IT® Mini User Guide...
Page 51 (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 8. (Optional) Repeat this procedure for IPv6. 9. Save the configuration and apply the change: (config network interface my_wan ipv4 surelink)> save Configuration saved. > Digi Connect IT® Mini User Guide...
Page 52: Configure The Device To Reboot When A Failure Is Detected
Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the Connect IT Mini device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
Page 53 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 54 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 12. (Optional) Repeat this procedure for IPv6. 13. Click Apply to save the configuration and apply the change. Command line Digi Connect IT® Mini User Guide...
Page 55 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 56 (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: (config network interface my_wan ipv4 surelink target 0)> interface_timeout value (config network interface my_wan ipv4 surelink target 0)> Digi Connect IT® Mini User Guide...
Page 57 (config network interface my_wan ipv4 surelink> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: Digi Connect IT® Mini User Guide...
Page 58: Disable Surelink
SureLink interface test. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 59 Wide Area Networks (WANs) Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 60 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 61: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular
256 bytes to the IP host 43.66.93.111 every 10 seconds. If there are three consecutive failed responses, the Connect IT Mini device brings the ETH interface down and starts using the Modem interface. It continues to regularly test the connection to ETH, and when tests on ETH succeed, the device falls back to ETH1.
Page 62 For Ping host, type 43.66.93.111. h. For Ping payload size, type 256. 4. Repeat the above step for Modem to enable SureLink on that interface. 5. Click Apply to save the configuration and apply the change. Command line Digi Connect IT® Mini User Guide...
Page 63 Interfaces Wide Area Networks (WANs) 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 64: Using Cellular Modems In A Wireless Wan (Wwan)
Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the Connect IT Mini device cannot connect to the network using SIM1, it automatically fails over to SIM2. Connect IT Mini devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 65 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 66 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 67 The modem status window is displayed Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 68 Command line To unlock a SIM card: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 69 To run AT commands from the Connect IT Mini command line: Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 70 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 71 (Optional): Configure the public APN. If the public APN is not configured, the Connect IT Mini will attempt to determine the APN. i. Click to expand APN list > APN. ii. For APN, type the public APN for your cellular carrier. Digi Connect IT® Mini User Guide...
Page 72 For Label, enter Route through public APN. d. For Interface, select Interface: WWAN_Public. e. Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN1. Digi Connect IT® Mini User Guide...
Page 73 For Interface, select Interface: WWAN_Private. 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 74 (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the Connect IT Mini will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
Page 75 (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> f. Use to periods (..) to move back one level in the configuration: (config nnetwork route policy 0)> .. (config nnetwork route policy)> Digi Connect IT® Mini User Guide...
Page 76 (config network route policy 1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 77: Configure A Wide Area Network (Wan)
MAC address blacklist and whitelist. To create a new WAN or edit an existing WAN: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 78 For multiple active interfaces with the same metric, Weight is used to load balance traffic to the interfaces. iii. Set the Management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. Digi Connect IT® Mini User Guide...
Page 79 Never: Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the Connect IT Mini device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 80 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 81 (config network interface my_wan)> ipv4 weight num (config network interface my_wan)> iii. Set the management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. Digi Connect IT® Mini User Guide...
Page 82 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the Connect IT Mini device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 83: Configure A Wireless Wide Area Network (Wwan)
Configure a Wireless Wide Area Network (WWAN) Configuring a Wireless Wide Area Network (WWAN) involves configuring the following items: Required configuration items The interface type: Modem. The firewall zone: External. The cellular modem that is used by the WWAN. Digi Connect IT® Mini User Guide...
Page 84 É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 85 Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. d. Roaming is enabled by default. Click to disable. Digi Connect IT® Mini User Guide...
Page 86 Reboot device: The device will reboot if automatic SIM switching is unavailable. 9. For APN list and APN list only, the Connect IT Mini device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 87 2. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 88 (config network interface my_wwan)> modem carrier Match SIM carrier: The SIM carrier match criteria. This interface is applied when the SIM card is provisioned from the carrier. Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Digi Connect IT® Mini User Guide...
Page 89 (config network interface my_wwan)> Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. Digi Connect IT® Mini User Guide...
Page 90 The device will reboot if automatic SIM switching is unavailable. 7. The Connect IT Mini device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 91 (config network interface my_wwan)> ipv4 mtu num (config network interface my_wwan)> f. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring active recovery. 10. Optional IPv6 configuration items: a. Click IPv6 to expand. Digi Connect IT® Mini User Guide...
Page 92: Show Wan And Wwan Status And Statistics
Show WAN and WWAN status and statistics É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Networking, click Interfaces. Digi Connect IT® Mini User Guide...
Page 93 Wide Area Networks (WANs) Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 94 Interfaces Wide Area Networks (WANs) 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 95: Delete A Wan Or Wwan
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 96 Interfaces Wide Area Networks (WANs) 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 97: Local Area Networks (Lans)
Local Area Networks (LANs) Local Area Networks (LANs) The Connect IT Mini device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for ETH, and you can create new LANs. This section contains the following topics:...
Page 98: About Local Area Networks (Lans)
The IPv6 Maximum Transmission Unit (MTU) of the LAN. The IPv6 prefix length and ID. IPv6 DHCP server configuration. See DHCP servers for more information. MAC address blacklist and whitelist. To create a new LAN or edit an existing LAN: Digi Connect IT® Mini User Guide...
Page 99 Local Area Networks (LANs) É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 100 If there whitelist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Click to expand MAC address whitelist. b. For Add MAC address, click g . c. Type the MAC address. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 101 Local Area Networks (LANs) Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 102 (config network interface my_lan)> c. Enable the DHCP server: (config network interface my_lan)> ipv4 dhcp_server enable true DHCP servers for information about configuring the DHCP server. 7. (Optional) Configure IPv6 settings: a. Enable IPv6 support: Digi Connect IT® Mini User Guide...
Page 103 Modify any of the remaining default settings as appropriate. For example, to change the minimum length of the prefix: (config network interface my_lan)> ipv6 prefix_length 60 (config network interface my_lan)> If the minimum length is not available, then a longer prefix will be used. Digi Connect IT® Mini User Guide...
Page 104: Show Lan Status And Statistics
3. Under Networking, click Interfaces. Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 105: Delete A Lan
LAN, LAN1. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 106 Interfaces Local Area Networks (LANs) 5. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 107: Dhcp Servers
Type quit to disconnect from the device. DHCP servers You can enable DHCP on your Connect IT Mini device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
Page 108 É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 109 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 110 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the Connect IT Mini device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)>...
Page 111 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the Connect IT Mini device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
Page 112 To map static IP addresses: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 113 Interfaces Local Area Networks (LANs) 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 114 3. Under Networking, click DHCP Leases. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 115 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 116 Required configuration items DHCP option number. Value for the DHCP option. Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi Connect IT® Mini User Guide...
Page 117 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 118 (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 119 LAN. For the Connect IT Mini device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
Page 120 Local Area Networks (LANs) Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 121: Create A Virtual Lan (Vlan) Route
3. Under Networking, click DHCP Leases. Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 122 To create a VLAN: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
Page 123 Local Area Networks (LANs) Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 124: Bridging
Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. This section contains the following topics: Configure a bridge Digi Connect IT® Mini User Guide...
Page 125: Configure A Bridge
Interfaces Bridging Configure a bridge Required configuration items A name for the bridge. Bridges are enabled by default. Devices to be included in the bridge. Additional configuration items Enable Spanning Tree Protocol (STP). Digi Connect IT® Mini User Guide...
Page 126 To create a bridge: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges.
Page 127 Bridging Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 128 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 129: Serial Port
Connect IT Mini devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your Connect IT Mini to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the Connect IT Mini device's serial port.
Page 130 É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. 3. Click on the port name to expand the port you want to configure.
Page 131 For Stop bits, select the number of stop bits used by the device to which you want to connect. For Flow control, select the type of flow control used by the device to which you want to connect. Digi Connect IT® Mini User Guide...
Page 132 Click CTS Changes to monitor CTS (Clear To Send) changes on this port. Click DCD Changes to monitor DCD (Data Carrier Detect) changes on this port. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 133 Configure the serial port Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 134: Show Serial Status And Statistics
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 135: Serial Status Page
See the description for Port (above) for more information. TX/RX Bytes Displays the total number of bytes that have been transmitted and received. Digi Connect IT® Mini User Guide...
Page 136 Serial port Serial Status page Item Description Signals Indicates the types of communication that the device is ready to send. DCD: Carrier Detected CTS: Clear to Send DTR: Data Terminal Ready RTS: Ready to Dend Digi Connect IT® Mini User Guide...
Page 137: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi Connect IT® Mini User Guide...
Page 138: Ip Routing
IP routing IP routing The Connect IT Mini device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 139: Configure A Static Route
To configure a static route: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
Page 140 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the Connect IT Mini device that will be used with this static route.
Page 141 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the Connect IT Mini device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>interface ?
Page 142: Delete A Static Route
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 143: Policy-Based Routing
However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the Connect IT Mini device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 144: Configure A Routing Policy
To configure a routing policy: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
Page 145 Routing IP routing 6. For Interface, select the interface on the Connect IT Mini device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 146 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the Connect IT Mini device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>interface ?
Page 147 Set the source port: (config network route policy 0)> src_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the source port. Digi Connect IT® Mini User Guide...
Page 148 (config network route policy 0)> src zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the source IP address to the selected interface's network address. Set the interface: Digi Connect IT® Mini User Guide...
Page 149 Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> dst zone ? Digi Connect IT® Mini User Guide...
Page 150 (config network route policy 0)> address: Matches the destination IPv4 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> dst address value (config network route policy 0)> Digi Connect IT® Mini User Guide...
Page 151 (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 152: Routing Services
Routing IP routing Routing services Your Connect IT Mini includes support for dynamic routing services and protocols. The following routing services are supported: Service or protocol Information RFC2453 The IPv4 Routing Information Protocol (RIP) service supports RIPv2 ( RFC1058 and RIPv1 (...
Page 153 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 154 RIP service: (config)> network route service rip ? Parameters Current Value ------------------------------------------------------------------------------- ecmp false Allow ECMP enable true Enable Additional Configuration ------------------------------------------------------------------------------- interface Interfaces neighbour Neighbours redis Route redistribution timer Timers Digi Connect IT® Mini User Guide...
Page 155: Show The Routing Table
To display the routing table: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > Routes.
Page 156: Dynamic Dns
DNS provider, the router can automatically update the remote nameserver whenever your WAN or public IP address changes. Your Connect IT Mini device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
Page 157 Dynamic DNS É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
Page 158 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 159 Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)> 7. Set the domain name that is linked to the interface's IP address: (config network ddns new_ddns_instance)> domain domain_name (config network ddns new_ddns_instance)> Digi Connect IT® Mini User Guide...
Page 160 For example, to set retry_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> retry_interval 600s (config network ddns new_ddns_instance)> The default is 60s. 13. (Optional) Set the number of times to retry a failed IP address update: Digi Connect IT® Mini User Guide...
Page 161: Virtual Router Redundancy Protocol (Vrrp)
Multiple Connect IT Mini devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
Page 162 VRRP priorty of devices based on the status of their network connectivity. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 163 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 164 (config network vrrp VRRP_test)> add virtual_address end ip_address (config network vrrp VRRP_test)> Additional virtual IP addresses can be added by repeating this step with different values for ip_ address. 10. Save the configuration and apply the change: Digi Connect IT® Mini User Guide...
Page 165: Configure Vrrp
For backup VRRP devices, enable the ability to monitor the VRRP master, so that a backup device can increase its priority when the master device fails SureLink tests. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 166 80, then the Priority modifier should be set to an amount greater than 20 so that if SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. Digi Connect IT® Mini User Guide...
Page 167 LAN interface; VRRP+ will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. Digi Connect IT® Mini User Guide...
Page 168 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 169 Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Set the DHCP server gateway type to custom: (config)> network interface eth ipv4 dhcp_server advanced gateway custom (config)> Digi Connect IT® Mini User Guide...
Page 170 For example, to set interval to ten minutes, enter 5s: (config)> network interface eth ipv4 surelink interval 5s (config)> iv. Create a SureLink test target: (config)> add network interface eth ipv4 surelink target end (config network interface eth ipv4 surelink target 0)> Digi Connect IT® Mini User Guide...
Page 171 (config network interface eth ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: Digi Connect IT® Mini User Guide...
Page 172: Example: Vrrp/Vrrp+ Configuration
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two Connect IT Mini devices: Digi Connect IT® Mini User Guide...
Page 173: Configure Device One (Master Device)
WebUI Task 1: Configure VRRP on device one 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 174 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 175 Command line Task 1: Configure VRRP on device one 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 176: Configure Device Two (Backup Device)
5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure device two (backup device) É WebUI Digi Connect IT® Mini User Guide...
Page 177 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 178 6. For Ping host, type my.devicecloud.com. Task 5: Configure the DHCP server for ETH on device two 1. Click to expand Network > Interfaces > ETH > IPv4 > DHCP Server 2. For Lease range start, type 200. Digi Connect IT® Mini User Guide...
Page 179 Command line Task 1: Configure VRRP on device two 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 180 1. Enable SureLink on the ETH interface: (config)> network interface eth ipv4 surelink enable true (config)> 2. Create a SureLink test target: (config)> add network interface eth ipv4 surelink target end (config network interface eth ipv4 surelink target 0)> Digi Connect IT® Mini User Guide...
Page 181: Show Vrrp Status And Statistics
Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a Connect IT device. VRRP status is available from the Web UI only. Digi Connect IT® Mini User Guide...
Page 182 Virtual Router Redundancy Protocol (VRRP) É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > VRRP.
Page 183 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > Digi Connect IT® Mini User Guide...
Page 184: Virtual Private Networks (Vpn)
Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO Digi Connect IT® Mini User Guide...
Page 185: Ipsec
Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. Digi Connect IT® Mini User Guide...
Page 186: Authentication
Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The Connect IT Mini device can be configured to authenticate with the remote peer as an XAUTH client.
Page 187 The amount of time before the IKE phase 1 lifetime expires. The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. Digi Connect IT® Mini User Guide...
Page 188 IPsec É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 189 Transport: Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. 12. Select the Protocol, either: ESP (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. AH (Authentication Header): Provides authentication and integrity only. Digi Connect IT® Mini User Guide...
Page 190 Type the Username and Password that the device will use to authenticate as an XAUTH client with the peer. 16. (Optional) Click Enable MODECFG client to receive configuration information, such as the private IP address, from the remote peer. Digi Connect IT® Mini User Guide...
Page 191 IPv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ ADDR IKE identity. For IPv4 ID value, type an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. Digi Connect IT® Mini User Guide...
Page 192 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . Digi Connect IT® Mini User Guide...
Page 193 For Hash, select the type of hash to use to verify communication integrity. iv. For Diffie-Hellman group, select the type of Diffie-Hellman group to use for key exchange. v. You can add additional Phase 1 proposals by clicking gnext to Add Phase 1 Proposal. Digi Connect IT® Mini User Guide...
Page 194 NAT. 23. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 24. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 195 IPsec Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 196 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. Digi Connect IT® Mini User Guide...
Page 197 (config vpn ipsec tunnel ipsec_example)> auth private_key_passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the cert parameter, paste the local X.509 certificate in PEM format: (config vpn ipsec tunnel ipsec_example)> auth cert certificate (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® Mini User Guide...
Page 198 (config vpn ipsec tunnel ipsec_example)> modecfg_client enable true (config vpn ipsec tunnel ipsec_example)> 13. Configure the local endpoint: a. Set the method for determining the local network interface: (config vpn ipsec tunnel ipsec_example)> local type value (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® Mini User Guide...
Page 199 The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. Set the ID as an FQDN: (config vpn ipsec tunnel ipsec_example)> local id rfc822_id id (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® Mini User Guide...
Page 200 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id ipv6_id id (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® Mini User Guide...
Page 201 (config vpn ipsec tunnel ipsec_example)> e. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: (config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® Mini User Guide...
Page 202 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des. Digi Connect IT® Mini User Guide...
Page 203 Set the type of hash to use during phase 2 to verify communication integrity: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> hash value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of md5, sha1, sha256, sha384, or sha512. The default is sha1. Digi Connect IT® Mini User Guide...
Page 204 The default is 90. (config)> vpn ipsec tunnel ipsec_example dpd timeout value (config)> 17. (Optional) Create a list of destination networks that require source NAT: a. Add a destination network: Digi Connect IT® Mini User Guide...
Page 205 Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local address ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example policy 0)> local address eth (config vpn ipsec tunnel ipsec_example policy 0)> Digi Connect IT® Mini User Guide...
Page 206 (config)> vpn ipsec advanced keep_alive value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set keep_alive to ten minutes, enter either 10m or 600s: Digi Connect IT® Mini User Guide...
Page 207 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 208: Configure Ipsec Failover
Virtual Private Networks (VPN) IPsec Configure IPsec failover You can configure the Connect IT Mini device to fail over from a primary IPsec tunnel to a backup tunnel. During configuration of the backup IPsec tunnel, identify the primary IPsec tunnel in the Preferred tunnel parameter.
Page 209: Configure Surelink Active Recovery For Ipsec
Type quit to disconnect from the device. Configure SureLink active recovery for IPsec You can configure the Connect IT Mini device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
Page 210 Virtual Private Networks (VPN) IPsec 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 211 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. The default is 60 seconds. Digi Connect IT® Mini User Guide...
Page 212 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 213 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> b. Set the test type: (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> test value (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is one of: Digi Connect IT® Mini User Guide...
Page 214 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: Digi Connect IT® Mini User Guide...
Page 215: Show Ipsec Status And Statistics
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 216 : tunnel Type : esp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 217: Openvpn
OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect IT Mini device supports two mechanisms for configuring an OpenVPN server in TAP mode: Digi Connect IT® Mini User Guide...
Page 218: Configure An Openvpn Server
LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The Connect IT Mini device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
Page 219 Additional OpenVPN parameters. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
Page 220 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Digi Connect IT® Mini User Guide...
Page 221 No limit to IPv6 addresses that can access the service-type. d. Click gagain to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: a. Click Interfaces.
Page 222 OpenVPN Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 223 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. Digi Connect IT® Mini User Guide...
Page 224 Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name )> cacert value (config vpn openvpn server name )> Digi Connect IT® Mini User Guide...
Page 225 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
Page 226 Repeat this step to list additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name )> advanced_options enable true (config vpn openvpn server name )> Digi Connect IT® Mini User Guide...
Page 227: Configure An Openvpn Authentication Group And User
É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 228 Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. Digi Connect IT® Mini User Guide...
Page 229 Click to expand the Groups node. e. Click gto add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 230 OpenVPN Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 231: Configure An Openvpn Client By Using An .Ovpn File
OpenVPN active recovery. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 232 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 233: Configure An Openvpn Client Without Using An .Ovpn File
The OpenVPN client is enabled by default. The mode used by the OpenVPN server, either routing (TUN), or bridging (TAP). The firewall zone to be used by the OpenVPN client. The IP address of the OpenVPN server. Digi Connect IT® Mini User Guide...
Page 234 OpenVPN active recovery. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 235 For OpenVPN parameters, type the additional OpenVPN parameters. For example, to override the configuration by using a configuration file, enter --config filename, for example, --config /etc/config/openvpn_config. 15. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 236 OpenVPN Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 237 (config vpn openvpn client name )> 14. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn client name )> advanced_options enable true (config vpn openvpn client name )> Digi Connect IT® Mini User Guide...
Page 238: Configure Active Recovery For Openvpn
To configure the Connect IT Mini device to regularly probe the OpenVPN connection: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 239 10. For Success condition, determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets. 11. For Attempts, type the number of probe attempts before the WAN is considered to have failed. Digi Connect IT® Mini User Guide...
Page 240 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. The default is 60 seconds. Digi Connect IT® Mini User Guide...
Page 241 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 242 (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add connection_monitor target end (config vpn openvpn client openvpn_client1 connection_monitor target 0)> Digi Connect IT® Mini User Guide...
Page 243 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: (config vpn openvpn client openvpn_client1 connection_monitor target 0)> interface_down_time value (config vpn openvpn client openvpn_client1 connection_monitor target 0)> Digi Connect IT® Mini User Guide...
Page 244: Show Openvpn Server Status And Statistics
É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears. 3. To view configuration details about an OpenVPN server, click the (configuration) icon in the upper right of the OpenVPN server's status pane.
Page 245: Show Openvpn Client Status And Statistics
Virtual Private Networks (VPN) OpenVPN Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 246 Virtual Private Networks (VPN) OpenVPN Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 247: Generic Routing Encapsulation (Gre)
Task One: Create a GRE loopback endpoint interface É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 248 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 249 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 250 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 251: Show Gre Tunnels
To view information about currently configured GRE tunnels: É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the (configuration) icon in the upper right of the tunnel's status pane.
Page 252: Example: Gre Tunnel Over An Ipsec Tunnel
Example: GRE tunnel over an IPSec tunnel The Connect IT Mini device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 253 Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on Connect IT Mini-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
Page 254 15. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 255 (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change: (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > Digi Connect IT® Mini User Guide...
Page 256 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 257 É WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click g . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). Digi Connect IT® Mini User Guide...
Page 258 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT Mini-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
Page 259 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 260 Task one: Create an IPsec tunnel É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 261 14. For Remote network, type the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32. 15. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 262 (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)> 5. Set the remote endpoint to public IP address of the Connect IT Mini-1 device: (config vpn ipsec tunnel ipsec_gre2)> remote hostname 192.168.100.1 (config vpn ipsec tunnel ipsec_gre2)>...
Page 263 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change. Command line 1. At the command line, type config to enter configuration mode: > config (config)> Digi Connect IT® Mini User Guide...
Page 264 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect IT Mini-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 265 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT Mini-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
Page 266 3. Set the zone to internal: (config network interface gre_interface2)> zone internal (config network interface gre_interface2)> 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> Digi Connect IT® Mini User Guide...
Page 267: Nemo
Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the Connect IT Mini device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 268 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the Connect IT Mini device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 269 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 270 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the Connect IT Mini device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 271 Use the ? to determine available interfaces: (config vpn nemo nemo_example)>coaddress interface ? Interface: Use the IP address of this network interface as this node's Care-of- Address. Format: defaultip defaultlinklocal loopback modem Current value: (config vpn nemo nemo_example)> coaddress interface Digi Connect IT® Mini User Guide...
Page 272 13. Configure one or more local networks to use as a virtual NEMO network interface. Generally, this will be a Local Area Network (LAN): a. Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end eth (config vpn nemo nemo_example)> Digi Connect IT® Mini User Guide...
Page 273: Show Nemo Status
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 274 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 275 Simple Network Management Protocol (SNMP) Configure the Modbus gateway System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service Digi Connect IT® Mini User Guide...
Page 276: Allow Remote Access For Web Administration And Ssh
Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the Connect IT Mini's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The Connect IT Mini device must have a publicly reachable IP address.
Page 277 Allow remote access for web administration and SSH Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 278 Services Allow remote access for web administration and SSH 4. For Add Zone, click g . 5. Select External. 6. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 279: Configure The Web Administration Service
Configure the web administration service Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 280 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 281 Configure the service É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
Page 282 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 283 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service web_admin acl interface end value (config)>...
Page 284 7. (Optional) Configure the device to allow legacy encryption protocols. Legacy encryption protocols allow clients to connect to the HTTPS session by using encryption protocols older than TLS 1.2, in addition to TLS 1.2 and later protocols. This option is disabled by Digi Connect IT® Mini User Guide...
Page 285 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 286: Configure Ssh Access
3. Click Services > SSH. 4. Click Enable. 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 287 Configure the service É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > SSH.
Page 288 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 289 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service ssh acl interface end value (config)>...
Page 290 DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service ssh mdns enable true (config> Digi Connect IT® Mini User Guide...
Page 291 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 292: Use Ssh With Key Authentication
SSH service to allow SSH access for the External firewall zone. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 293 These instructions assume an existing user named temp_user. 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 294: Configure Telnet Access
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 295 Configure the service É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > telnet.
Page 296 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 297 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service telnet acl interface end value (config)>...
Page 298: Configure Dns
Type quit to disconnect from the device. Configure DNS The Connect IT Mini device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
Page 299 Whether the device should always perform DNS queries to all available DNS servers. Whether to prevent upstream DNS servers from returning private IP addresses. Additional DNS servers, in addition to the ones associated with the device's network interfaces. Specific host names and their IP addresses. Digi Connect IT® Mini User Guide...
Page 300 To configure the DNS server: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
Page 301 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 302 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service dns acl interface end value (config)>...
Page 303 To disable: (config)> service dns query_all_servers false (config> 6. (Optional) Rebind protection By default, rebind protection is disabled. If enabled, this prevents upstream DNS servers from returning private IP addresses. To enable: Digi Connect IT® Mini User Guide...
Page 304 (config service dns host 0)> address ip-addr (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> 10. Save the configuration and apply the change: Digi Connect IT® Mini User Guide...
Page 305 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 306: Simple Network Management Protocol (Snmp)
By default, the Connect IT Mini device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a Connect IT Mini device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See Configure Simple Network Management Protocol (SNMP).
Page 307 No limit to IPv6 addresses that can access the SNMP agent. d. Click gagain to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: a. Click Interfaces.
Page 308 Simple Network Management Protocol (SNMP) Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 309 (config)> Repeat this step to list additional firewall zones. 5. Set the name of the user that will be used to connect to the SNMP agent. (config)> service snmp username name (config)> Digi Connect IT® Mini User Guide...
Page 310: Download Mibs
Type quit to disconnect from the device. Download MIBs This procedure is available from the WebUI only. Required configuration items Enable SNMP. To download a .zip archive of the SNMP MIBs supported by this device: É WebUI Digi Connect IT® Mini User Guide...
Page 311: Configure The Modbus Gateway
4. Click Download. Configure the Modbus gateway Your Connect IT Mini supports the ability to function as a Modbus gateway, to provide serial-to- Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the Connect IT Mini gateway allows for communication between buses and and networks that use the Modbus protocol.
Page 312 Whether packets should have their Modbus address adjusted downward before to delivery. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 313: Configure Gateway Servers
For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT Mini device. 5. For Packet mode, select RTU or RAW (if Connection typeis set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 314: Configure Clients
No limit to IPv6 addresses that can access the web administration service. d. Click gagain to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: a. Click Interfaces.
Page 315 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT Mini device. 5. For Packet mode, select RTU or RAW (if Connection typeis set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 316 No limit to IPv6 addresses that can access the web administration service. d. Click gagain to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: a. Click Interfaces.
Page 317 17. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 318 1 and 65535. The default is 502. iii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> socket packet_ mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or raw. The default is rtu. Digi Connect IT® Mini User Guide...
Page 319 Set the port: (config service modbus_gateway server test_modbus_server)> serial port (config service modbus_gateway server test_modbus_server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_ mode value (config service modbus_gateway server test_modbus_server)> Digi Connect IT® Mini User Guide...
Page 320 The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> where value is either tcp or udp. Digi Connect IT® Mini User Guide...
Page 321 (config service modbus_gateway client test_modbus_client)> If connection_type is set to serial: i. Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_client)> ... serial port ? Digi Connect IT® Mini User Guide...
Page 322 Set the maximum time to wait for a response to a message: (config service modbus_gateway client test_modbus_client)> response_timeout value (config service modbus_gateway client test_modbus_client)> Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. Digi Connect IT® Mini User Guide...
Page 323 This allows you to configure clients on the gateway that will forward messages to remote devices with the same Modbus address on different buses. For example, if there are two devices on two Digi Connect IT® Mini User Guide...
Page 324 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 325: System Time
The Connect IT Mini device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
Page 326 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your Connect IT Mini device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
Page 327: Network Time Protocol
Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The Connect IT Mini device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
Page 328: Configure The Device As An Ntp Server
To configure the Connect IT Mini device's NTP service: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 329 No limit to IPv6 addresses that can access the NTP service. d. Click gagain to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: a. Click Interfaces.
Page 330 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 331 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service ntp acl interface end value (config)>...
Page 332 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the Connect IT Mini device can use the NTP service. 6. (Optional) Set the timezone for the location of your Connect IT Mini device. The default is UTC. (config)> system time timezone value (config)>...
Page 333 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 334: Configure A Multicast Route
10. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 335 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth (config service multicast test)> 8. Set the destination interface that the Connect IT Mini device will use to send mutlicast packets. (config service multicast test)> interface interface (config service multicast test)>...
Page 336 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 337: Enable Service Discovery (Mdns)
You can enable the Connect IT Mini device to use mDNS. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 338 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 339 Services Enable service discovery (mDNS) Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service mdns acl interface end value (config)>...
Page 340: Use The Iperf Service
Type quit to disconnect from the device. Use the iPerf service Your Connect IT Mini device includes an iPerf3 server that you can use to test the performance of your network. IPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 341 To enable the Iperf3 server: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > IPerf.
Page 342 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 343 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT Mini device: (config)> add service iperf acl interface end value (config)>...
Page 344: Example Performance Test Using Iperf3
Example performance test using Iperf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the Connect IT Mini device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 [ ...
Page 345 Applications The Connect IT Mini supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
Page 346: Configure Applications To Run Automatically
Task one: Upload the application É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. Digi Connect IT® Mini User Guide...
Page 347 Connect IT Mini device. local-path is the location on the Connect IT Mini device where the copied file will be placed.
Page 348: Task Two: Configure The Application To Run Automatically
Use with care. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
Page 349 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 350 For example, to set on_interval to ten minutes, enter either 10m or 600s: (config system schedule script 0)> on_interval 600s (config system schedule script 0)> Digi Connect IT® Mini User Guide...
Page 351 (config system schedule script 0)> once true (config system schedule script 0)> If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Digi Connect IT® Mini User Guide...
Page 352: Run A Python Application At The Shell Prompt
1. Upload the Python application to the Connect IT Mini device: É WebUI a. Log into the Connect IT Mini WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 353 Connect IT Mini device. local-path is the location on the Connect IT Mini device where the copied file will be placed.
Page 354: Start An Interactive Python Session
Applications Start an interactive Python session 2. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 355: Digidevice Module
Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to send and receive SMS messages Digi Connect IT® Mini User Guide...
Page 356: Use Digidevice.cli To Execute Cli Commands
1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 357: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager
Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 358 For example, to use an interactive Python session to upload datapoints related to velocity, temperature, and the state of the emergency door: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 359: Use Digidevice.config For Device Configuration
Read the device configuration Use the get() method to read the device configuration: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 360 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 361: Use Python To Respond To Digi Remote Manager Sci Requests
Use Remote Manager's SCI interface to create SCI requests that are sent to your Connect IT Mini device, and use the device_request module to send responses to those requests to Remote Manager.
Page 362 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
Page 363 Remote Manager: from digidevice import device_request from digidevice import cli import time def handler(target, request): return cli.execute("show system verbose") def status_cb(error_code, error_description): Digi Connect IT® Mini User Guide...
Page 364 É WebUI i. Log into the Connect IT Mini WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. iii. Click System > Scheduled tasks > Custom scripts.
Page 365 Click Apply to save the configuration and apply the change. Command line i. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 366 > reboot To run the application from the shell prompt: i. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 367 : Jane Smith Disk ---- Load Average : 0.10, 0.05, 0.00 RAM Usage : 85.176MB/250.484MB(34%) Disk /etc/config Usage : 0.068MB/13.416MB(1%) Disk /opt Usage : 47.724MB/5309.752MB(1%) Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Digi Connect IT® Mini User Guide...
Page 368 Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 369: Use Digidevice Runtime To Access The Runtime Database
Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 370 Modify the runtime database Use the set() method to modify the runtime database: 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 371: Use Python To Upload The Device Name To Digi Remote Manager
5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. Digi Connect IT® Mini User Guide...
Page 372 5. Click Send. Upload a custom name 1. Log into the Connect IT Mini command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
Page 373: Use Python To Send And Receive Sms Messages
You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
Page 374 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 375: Use Python To Access Serial Ports
Use Python to access serial ports You can use the Python serial module to access serial ports on your Connect IT Mini device that are configured to be in Application mode. See for information about configuring a serial port in Application mode.
Page 376: Use The Paho Mqtt Python Library
6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your Connect IT Mini device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
Page 377 HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): path = cmd_path[len(PREFIX_CMD):] else: Digi Connect IT® Mini User Guide...
Page 378 # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) def publish_dhcp_leases(): leases = [] try: Digi Connect IT® Mini User Guide...
Page 379: Stop A Script That Is Currently Running
MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Stop a script that is currently running You can stop a script that is currently running by using the system script stop name command. Digi Connect IT® Mini User Guide...
Page 380: Show Script Information
Show script information Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 381 Applications Show script information 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 382 Applications Show script information 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 383: User Authentication
User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for Connect IT Mini users Example user configuration Digi Connect IT® Mini User Guide...
Page 384: Connect It Mini User Authentication
User authentication Connect IT Mini user authentication Connect IT Mini user authentication User authentication on the Connect IT Mini has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
Page 385 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect IT® Mini User Guide...
Page 386: Add A New Authentication Method
To add an authentication method: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
Page 387 This procedure describes how to add methods to various places in the list. 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 388: Delete An Authentication Method
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 389: Rearrange The Position Of Authentication Methods
For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: Digi Connect IT® Mini User Guide...
Page 390 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 391: Authentication Groups
Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the Connect IT Mini device by using the serial console. Preconfigured authentication groups The Connect IT Mini device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.
Page 392: Change The Access Rights For A Predefined Group
É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
Page 393 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 394: Add An Authentication Group
Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 395 6. (Optional) Configure OpenVPN access. See for further information. 7. (Optional) Configure captive portal access: a. Enable captive portal access rights for users of this group by checking the box next to Captive portal access. Digi Connect IT® Mini User Guide...
Page 396 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 397 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> Digi Connect IT® Mini User Guide...
Page 398: Delete An Authentication Group
To delete an authentication group that you have created: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 399 Authentication groups Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 400: Local Users
TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each Connect IT Mini device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 401: Change A Local User's Password
To change a user's password: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 402: Configure A Local User
Local users Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 403 To configure a local user: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 404 Select the Verification type: Time-based (TOTP): Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password. Counter-based (HOTP): HMAC-based One-Time Password (HOTP) uses a counter to validate a one-time password. Digi Connect IT® Mini User Guide...
Page 405 For Code, enter the scratch code. The code must be eight digits, with a minimum of 10000000. iv. Click gagain to add additional scratch codes. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 406 Local users Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 407 SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> 8. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: a. Change to the user's two-factor authentication node: Digi Connect IT® Mini User Guide...
Page 408 In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. (config auth user new_user 2fa)> window_size 3 (config auth user new_user 2fa)> Digi Connect IT® Mini User Guide...
Page 409: Delete A Local User
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your Connect IT Mini: É WebUI Digi Connect IT® Mini User Guide...
Page 410 User authentication Local users 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 411 Local users Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 412: Terminal Access Controller Access-Control System Plus (Tacacs+)
To use TACACS+ authentication, you must set up a TACACS+ server that is accessible by the Connect IT Mini device prior to configuration. The process of setting up a TACACS+ server varies by the server environment.
Page 413: Tacacs+ User Configuration
The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your Connect IT Mini. Alternatively, if the user is also configured as a local user on the Connect IT Mini device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 414: Tacacs+ Server Failover And Fallback To Local Authentication
$ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your Connect IT Mini device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 415 7. (Optional) For Service, type the value of the service attribute in the the TACACS+ server's configuration. For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the Connect IT Mini configuration. Digi Connect IT® Mini User Guide...
Page 416 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 417 TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the Connect IT Mini configuration. (config)> auth tacacs+ service service-name (config)> 6. Set the type of TLS connection used by the LDAP server: (config)>...
Page 418 Terminal Access Controller Access-Control System Plus (TACACS+) (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of Connect IT Mini authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 419 (config)> save Configuration saved. > 16. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 420: Remote Authentication Dial-In User Service (Radius)
With RADIUS support, the Connect IT Mini device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP. The RADIUS server then authenticates the RADIUS client requests and sends back a response message to the device.
Page 421: Radius User Configuration
$ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your Connect IT Mini device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.
Page 422: Configure Your Connect It Mini Device To Use A Radius Server
Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the Connect IT Mini device by using the WebUI, the default value is for NAS ID is httpd.
Page 423 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the Connect IT Mini device by using the WebUI, the default value is for NAS ID is httpd.
Page 424 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 425 (config)> auth ldap base_dn value (config)> 11. (Optional) Set the name of the user attribute that contains the list of Connect IT Mini authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 426 User authentication methods for information about adding methods to the beginning or middle of the list. (config)> add auth method end radius (config)> 15. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® Mini User Guide...
Page 427: Ldap
When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the Connect IT Mini device prior to configuration. The process of setting up a LDAP server varies by the server environment.
Page 428: Ldap User Configuration
LDAP LDAP user configuration When configured to use LDAP support, the Connect IT Mini device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.
Page 429: Ldap Server Failover And Fallback To Local Configuration
LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your Connect IT Mini device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 430 User authentication LDAP 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
Page 431 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 432 8. Set the distinguished name (DN) on the server to search for users. This can be the root of the directory tree (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)> Digi Connect IT® Mini User Guide...
Page 433 User authentication LDAP 9. (Optional) Set the name of the user attribute that contains the list of Connect IT Mini authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 434: Disable Shell Access
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 435: Set The Idle Timeout For Connect It Mini Users
By default, the Idle timeout is set to 10 minutes. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 436 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 437: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 438 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 439: Example 2: Radius, Tacacs+, And Local Authentication For One User
Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the Connect IT Mini device, user authentication will occur in the following order: 1.
Page 440 Save and close the tac_plus.conf file. 3. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. Digi Connect IT® Mini User Guide...
Page 441 Click Groups. ii. For Add Group, click g . iii. For Group, select the admin group. c. Verify that the admin group has full administrator rights: i. Click Authentication > Groups. ii. Click admin. Digi Connect IT® Mini User Guide...
Page 442 In this example: The user's username is admin1. The user's password is password1. The authentication group on the Connect IT Mini device, admin, is identified in the Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
Page 443 Save and close the tac_plus.conf file. 3. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 444 Type quit to disconnect from the device. Example 3: Multiple users with specific serial port access Goal: To create two RADIUS users that do not have configuration access to the Connect IT Mini but have access rights to specific serial ports.
Page 445 For example, if you want administrators of the Connect IT Mini to log into the device using local authentication, make sure that Local users authentication is included in the Methods list. Otherwise they will not be able to log into the device.
Page 446 Save and close the users file. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 447 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 13. Configure the users on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: Digi Connect IT® Mini User Guide...
Page 448 Example user configuration $ sudo gedit /etc/freeradius/3.0/users b. Add the users to the users file: serialuser1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "serialgroup1" serialuser2 Cleartext-Password := "password2" Unix-FTP-Group-Names := "serialgroup2" c. Save and close the users file. Digi Connect IT® Mini User Guide...
Page 449 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Digi Connect IT® Mini User Guide...
Page 450: Firewall Configuration
IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the Connect IT Mini to be forwarded to other servers by translating the destination address.
Page 451 Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 452: Configure The Firewall Zone For A Network Interface
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 453: Delete A Custom Firewall Zone
Type quit to disconnect from the device. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 454 Firewall Firewall configuration 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Zones.
Page 455: Port Forwarding Rules
Port forwarding rules Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 456 To configure a port forwarding rule: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 457 13. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 458 (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)> 9. Set the public-facing port number that network connections must use for their traffic to be forwarded. (config firewall dnat 0)> to_port port (config firewall dnat 0)> Digi Connect IT® Mini User Guide...
Page 459 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------------------ dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> 11. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® Mini User Guide...
Page 460: Delete A Port Forwarding Rule
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 461 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 462: Packet Filtering
By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the Connect IT Mini device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
Page 463 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 464 3. (Optional) Set the label for the rule. (config firewall filter 1)> label "My filter rule" (config firewall filter 1)> 4. Set the action to be performed by the filter rule. (config firewall filter 1)> action value (config firewall filter 1)> Digi Connect IT® Mini User Guide...
Page 465 (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® Mini User Guide...
Page 466: Enable Or Disable A Packet Filtering Rule
6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 467: Delete A Packet Filtering Rule
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a packet filtering rule To delete a packet filtering rule: É WebUI Digi Connect IT® Mini User Guide...
Page 468 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 469: Configure Custom Firewall Rules
To configure custom firewall rules: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
Page 470 Firewall Configure custom firewall rules 7. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 471: Configure Quality Of Service Options
(packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the Connect IT Mini device on the binding's interface. By default, the Connect IT Mini device has two preconfigured QoS bindings, Outbound and Inbound.
Page 472 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 473 Create a new binding É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
Page 474 10, each policy will be allocated one third of the total interface bandwidth. e. For Latency, type the maximum delay before the transmission of packets. A lower latency means that the packets will be scheduled more quickly for transmission. Digi Connect IT® Mini User Guide...
Page 475 MAC address: Only traffic from the MAC address typed in MAC address will be matched. ix. Click to expand Destination address and select the Type: Any: Traffic destined for anywhere will be matched. Interface: Only traffic destined for the selected Interface will be matched. Digi Connect IT® Mini User Guide...
Page 476 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 477 Configure Quality of Service options Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 478 If the policy is not a fall-back policy, you must configure at least one rule: Digi Connect IT® Mini User Guide...
Page 479 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. Digi Connect IT® Mini User Guide...
Page 480 (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Only traffic from the MAC address typed in MAC address will be matched. Set the MAC address to be matched: Digi Connect IT® Mini User Guide...
Page 481 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. Digi Connect IT® Mini User Guide...
Page 482 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 483: System Administration
This chapter contains the following topics: Review device status Configure system information Update system firmware Update cellular module firmware Reboot your Connect IT Mini device Reset the device to factory defaults Configuration files Schedule system maintenance tasks Digi Connect IT® Mini User Guide...
Page 484: Review Device Status
Show basic system information: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 485: Configure System Information
Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your Connect IT Mini device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
Page 486 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 487: Update System Firmware
The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The Connect IT Mini device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
Page 488 5. Click Update Firmware. Update firmware from a local file 1. Download the Connect IT Mini operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect IT Mini WebUI as a user with Admin access.
Page 489 Connect IT Mini device. local-path is the location on the Connect IT Mini device where the copied file will be placed.
Page 490: Dual Boot Behavior
System administration Update system firmware 7. Once the device has rebooted, log into the Connect IT Mini's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 491: Update Cellular Module Firmware
4. Click Duplicate Firmware. Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 492: Reboot Your Connect It Mini Device
Select the firmware. 7. Click Update. Reboot your Connect IT Mini device You can reboot the Connect IT Mini device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...
Page 493: Reboot Your Device Immediately
Schedule reboots of your device É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Select System > Scheduled tasks.
Page 494: Reset The Device To Factory Defaults
Reset the device to factory defaults Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 495 4. Click CONFIRM. 5. After resetting the device: a. Connect to the Connect IT Mini by using the serial port or by using an Ethernet cable to connect the Connect IT Mini ETH port to your PC. b. Log into the Connect IT Mini: User name: Use the default user name: admin.
Page 496 > system factory-erase 3. After resetting the device: a. Connect to the Connect IT Mini by using the serial port or by using an Ethernet cable to connect the Connect IT Mini ETH port to your PC. b. Log into the Connect IT Mini: User name: Use the default user name: admin.
Page 497 You can reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command: 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 498: Configuration Files
4. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 499: Save Configuration To A File
Type quit to disconnect from the device. Save configuration to a file You can save your Connect IT Mini device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
Page 500: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive- 0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your Connect IT Mini device by using a backup from the device, or a backup from a similar device. É...
Page 501 Connect IT Mini device. local-path is the location on the Connect IT Mini device where the copied file will be placed.
Page 502 System administration Configuration files path is the location of configuration backup file on the Connect IT Mini's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.
Page 503: Schedule System Maintenance Tasks
Custom scripts that should be run as part of the configuration check. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 504 If On boot is selected, select the action that will be taken when the script completes in Exit action. Available options are: None: Action taken when the script exits. Restart script: Runs the script repeatedly. Reboot: The device will reboot when the script completes. Digi Connect IT® Mini User Guide...
Page 505 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 506 If updated firmware is found, it will then be installed. The device will look for updated firmware both on the local device and over the network, using either a WAN or cellular connection. system schedule maintenance modem_fw_update value (config)> Digi Connect IT® Mini User Guide...
Page 507 If interval is selected: Set the interval: (config system schedule script 0)> on_interval value (config system schedule script 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi Connect IT® Mini User Guide...
Page 508 If syslog_stdout and syslog_stderr are not enabled, only the script's exit code is written to the system log. f. Set the maximum amount of memory available to be used by the script and its subprocesses: (config system schedule script 0)> max_memory value (config system schedule script 0)> Digi Connect IT® Mini User Guide...
Page 509 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 510 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect IT® Mini User Guide...
Page 511: Intelliflow
WebUI. To use intelliFlow, the Connect IT Mini must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
Page 512 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 513 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 514: Use Intelliflow To Display Average Cpu And Ram Usage
This procedure is only available from the WebUI. To display display average CPU and RAM usage: É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 515: Use Intelliflow To Display Top Data Usage Information
Top data usage by service To generate a top data usage chart: É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 516 Click the menu icon (É ). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect IT® Mini User Guide...
Page 517: Use Intelliflow To Display Data Usage By Host Over Time
To generate a chart displaying a host's data usage over time: É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 518: Configure Netflow Probe
To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the Connect IT Mini device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 519 Configure NetFlow Probe É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
Page 520 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 521 Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> c. (Optional) Set the port used by the collector: (config monitoring netflow collector 0)> port port (config monitoring netflow collector 0)> Digi Connect IT® Mini User Guide...
Page 522 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 523 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 524: Digi Remote Manager Support
Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your Connect IT Mini device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
Page 525 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the Connect IT Mini device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
Page 526 16. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 527 (config)> cloud drm retry_interval 600s (config)> 7. (Optional) Set the amount of time that the Connect IT Mini device should wait between sending keep-alive messages to the Digi Remote Manager when using a non-cellular interface. Allowed values are from 30 seconds to two hours. The default is 60 seconds.
Page 528 The minimum value is 30 minutes and the maximum is 48 hours. If not set, this option is disabled. The default is disabled. 12. (Optional) Determine whether to require a login and password to authenticate the user from the remote cloud services CLI: Digi Connect IT® Mini User Guide...
Page 529 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 13. (Optional) Configure the Connect IT Mini device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...
Page 530: Collect Device Health Data And Set The Sample Interval
Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
Page 531 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 532: Log Into Digi Remote Manager
8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Log into Digi Remote Manager To start Digi Remote Manager Digi Connect IT® Mini User Guide...
Page 533 1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 534: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.
Page 535: Add A Device To Digi Remote Manager
The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your Connect IT Mini device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: É...
Page 536: Use The Digi Remote Manager Mobile App
The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.
Page 537: Configure Multiple Devices Using Profiles
Mini routers. Typically, if you want to provision multiple Connect IT Mini routers: 1. Using the Connect IT Mini local WebUI, configure one Connect IT Mini router to use as the model configuration for all subsequent Connect IT Minis you need to manage.
Page 538 File system This chapter contains the following topics: The Connect IT Mini local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect IT®...
Page 539: File System
The Connect IT Mini local file system The Connect IT Mini local file system The Connect IT Mini local file system has approximately 30 MB of space available for storing files, such as alternative configuration files and firmware versions, and release files, such as cellular module images.
Page 540: Create A Directory
For example: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 541: Display File Contents
For example: Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 542: Move Or Rename A File Or Directory
Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 543: Delete A File Or Directory
Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 544: Upload And Download Files
Upload and download files by using the WebUI Upload files 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 545: Upload And Download Files By Using The Secure Copy Command
Connect IT Mini device. local-path is the location on the Connect IT Mini device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on...
Page 546: Upload And Download Files Using Sftp
Connect IT Mini device. For example: To copy a support report from the Connect IT Mini device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 547 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 254 0.3KB/s 00:00 sftp> exit Digi Connect IT® Mini User Guide...
Page 548 View system event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect IT® Mini User Guide...
Page 549: Generate A Support Report
Attach the support report to any support requests. Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 550: View System Event Logs
View System Logs É WebUI 1. Log into the Connect IT Mini WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
Page 551 Diagnostics View system event logs 5. Click to download the system log. Digi Connect IT® Mini User Guide...
Page 552 View system event logs Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 553: View Event Logs
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 554 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 555: Configure Syslog Servers
You can configure remote syslog servers for storing event and system logs. É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 556 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 557: Configure Options For The Event And System Logs
To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. Digi Connect IT® Mini User Guide...
Page 558 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the Connect IT Mini device erases system logs each time the device is powered off or rebooted.
Page 559 Configure options for the event and system logs Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 560 Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver ii. To disable informational messages for the DHCP server: (config)> system log event dhcpserver info false (config)> Digi Connect IT® Mini User Guide...
Page 561 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 562: Analyze Network Traffic
Analyze network traffic Analyze network traffic The Connect IT Mini device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
Page 563: Configure Packet Capture For The Network Analyzer
To configure a packet capture configuration: É WebUI 1. Log into the Connect IT Mini WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 564 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 8. Click Apply to save the configuration and apply the change. Digi Connect IT® Mini User Guide...
Page 565 Analyze network traffic Command line 1. Log into the Connect IT Mini command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 566 For example, to set save_interval to ten minutes, enter either 10m or 600s: (config network analyzer name)> save_interval 600s (config network analyzer name)> 7. Save the configuration and apply the change: Digi Connect IT® Mini User Guide...
Page 567: Example Filters For Capturing Data Traffic
Capture traffic from UDP port 53: ip proto udp and src port 53 Capture to and from IP host 10.0.0.1 but filter out ports 22 and 80: ip host 10.0.0.1 and not (port 22 or port 80) Digi Connect IT® Mini User Guide...
Page 568: Capture Packets From The Command Line
To start packet capture from the command line: Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 569: Stop Capturing Packets
To stop packet capture from the command line: Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 570 To show captured data traffic: Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 571: Save Captured Data Traffic To A File
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 572: Download Captured Data To Your Pc
4. Select the saved analyzer report you want to download and click (download). Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 573: Clear Captured Data
Command line 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 574: Use The Ping Command To Troubleshoot Network Connections
Ping to check internet connection To check your internet connection: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 575 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 576: Connect It Mini Hardware And Leds
Hardware Connect IT Mini hardware and LEDs This section includes details about the front and back panels. Top panel and LEDs Item Name Description POWER Indicates whether unit is powered up. This LED is hardwired to the power input. Indicates status of the cellular network connection.
Page 577: Left Side Of The Connect It
Hardware Connect IT Mini hardware and LEDs Item Name Description Indicates a 3G or LTE network connection. Blue: Indicates an LTE network connection. Green: Indicates a 3G network connection. Signal strength Indicates the cellular network signal strength. Two or more bars is preferred.
Page 578: Right Side Of The Connect It
USB 2.0 or higher port. Note This is only a power jack and is not an additional USB port. Signal strength The signal bars show the strength of the cellular network connection. Digi Connect IT® Mini User Guide...
Page 579: Exchange Power Tips
Exchange power tips Exchange power tips The Connect IT Mini may include four interchangeable plug tips that allow the Power Supply Unit (PSU) to operate in most countries. The PSU comes with the United States style plug installed. To change the plug tip: 1.
Page 580: Troubleshooting
If the signal strength LEDs or the signal quality for your device indicate Poor or No servcie, try the following things to improve signal strength: If available, connect a different set of antennas. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1 Digi Connect IT® Mini User Guide...
Page 581: Regulatory And Safety Information
Do not power on the unit in any aircraft. WARNING! CA Prop 65 warning: This product contains chemicals known to the state of California to cause cancer, birth defects or other reproductive harm. Digi Connect IT® Mini User Guide...
Page 582 WARNING! CAUTION! Do not use an antenna that wasn't supplied by the manufacturer. If a different antenna is required, first consult Digi International Inc. for recommendations that suit your circumstances. CAUTION! By pressing the ERASE button when powered up, the configuration of the Connect IT is erased and the unit reverts to factory default settings.
Page 583 Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi Connect IT® Mini User Guide...
Page 584: Access The Command Line Interface
Log in to the command line interface Command line 1. Connect to the Connect IT Mini device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See...
Page 585: Exit The Command Line Interface
2. At the main menu, click Terminal. The device console appears. Connect IT Mini login: 3. Log into the Connect IT Mini command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 586: Display Help For Commands And Parameters
Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the Connect IT Mini command line, and other keyboard shortcuts: > help...
Page 587: Display Help For Individual Commands
Show manufacturer information. modem Show modem statistics. network Show network interface statistics. openvpn Show OpenVPN statistics. route Show IP routing information. serial Show serial statistics. system Show system statistics. version Show firmware version. > show Digi Connect IT® Mini User Guide...
Page 588: Use The Tab Key Or The Space Bar To Display Abbreviated Help
(config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect IT® Mini User Guide...
Page 589: Available Commands
Reboots the Connect IT Mini device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the Connect IT Mini device and a remote host. Use the scp command for information about using the scp command.
Page 590: Use The Scp Command
The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the Connect IT Mini device from a remote host, or to the remote host from the Connect IT Mini device.
Page 591: Display Status And Statistics Using The Show Command
Connect IT Mini device. For example: To copy a support report from the Connect IT Mini device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 592: Show System
CPU usage. > show system Model : Digi Connect IT Mini Serial Number : Connect IT Mini-000065 : Connect IT Mini Hostname : Connect IT Mini...
Page 593: Execute Configuration Commands At The Root Admin Cli Prompt
For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The Connect IT Mini device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
Page 594 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true > config service ssh enable Digi Connect IT® Mini User Guide...
Page 595: Configuration Mode
To save changes that you have made to the configuration while in configuration mode, use save. The save command automatically validates the configuration changes; the configuration will not be saved if it is not valid. Note that you can also validate configuration changes at any time while in Digi Connect IT® Mini User Guide...
Page 596: Exit Configuration Mode Without Saving Changes
See Manage elements in lists for information about using the del command with lists. Moves elements in a list. See Manage move elements in lists for information about using the move command with lists. Digi Connect IT® Mini User Guide...
Page 597: Display Command Line Help In Configuration Mode
Enter service to move to the service node: (config)> service (config service)> b. Enter ? to display help for the service node: (config service)> ? Either of these methods will display the following information: config> service ? Services Additional Configuration -------------------------------------------------------------------------- Digi Connect IT® Mini User Guide...
Page 598 [private] Private key port Port Additional Configuration -------------------------------------------------------------------------- Access control list mdns (config)> service ssh 4. Lastly, to display allowed values and other information for the enable parameter, use one of the following methods: Digi Connect IT® Mini User Guide...
Page 599: Move Within The Configuration Schema
(config service)> 2. Type ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Type acl to move to the acl node: (config service ssh)> acl (config service ssh acl)> Digi Connect IT® Mini User Guide...
Page 600: Manage Elements In Lists
2. Add an authentication method by using the add index_item command. For example: To add the TACACS+ authentication method to the beginning of the list, use the index number 0: (config)> add auth method 0 tacacs+ (config)> show auth method 0 tacacs+ Digi Connect IT® Mini User Guide...
Page 601 (config)> 2. Delete one of the authentication methods by using the del index_number command. For example: a. To delete the local authentication method, use the index number 0: (config)> del auth method 0 (config)> Digi Connect IT® Mini User Guide...
Page 602: The Revert Command
(config)> The revert command The revert command is used to revert changes to the Connect IT Mini device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
Page 603 Move to the location in the configuration and enter the revert command without the path parameter. For example: 1. Change to the auth method node: (config)> auth method (config auth method)> 2. Enter the revert command: (config auth method)> revert (config auth method)> Digi Connect IT® Mini User Guide...
Page 604: Enter Strings In Configuration Commands
Example: Create a new user by using the command line In this example, you will use the Connect IT Mini command line to create a new user, provide a password for the user, and assign the user to authentication groups.
Page 605 (config auth user user1)> show ..group admin admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable false no ports shell enable false serial admin Digi Connect IT® Mini User Guide...
Page 606 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® Mini User Guide...
Page 607: Command Line Reference
Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] more ping reboot show system traceroute Digi Connect IT® Mini User Guide...
Page 608: Analyzer
Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING Digi Connect IT® Mini User Guide...
Page 609 Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® Mini User Guide...
Page 610: Help
Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None Digi Connect IT® Mini User Guide...
Page 611 [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® Mini User Guide...
Page 612: Mkdir
Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING Digi Connect IT® Mini User Guide...
Page 613: Modem
Syntax: STRING Optional: True modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Digi Connect IT® Mini User Guide...
Page 614 Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Digi Connect IT® Mini User Guide...
Page 615 SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi Connect IT® Mini User Guide...
Page 616: Modem Puk Status [Imei String] [Name String]
The PIN code to change to. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Digi Connect IT® Mini User Guide...
Page 617 Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi Connect IT® Mini User Guide...
Page 618: More
Command line interface Command line reference more path The file to view. Syntax: STRING Digi Connect IT® Mini User Guide...
Page 619 Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® Mini User Guide...
Page 620: Ping
If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 Digi Connect IT® Mini User Guide...
Page 621: Reboot
Command line interface Command line reference reboot Reboot the system. Parameters None Digi Connect IT® Mini User Guide...
Page 622 Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® Mini User Guide...
Page 623: Scp
Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING Digi Connect IT® Mini User Guide...
Page 624: Show
Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. Digi Connect IT® Mini User Guide...
Page 625 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True Digi Connect IT® Mini User Guide...
Page 626 (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True Digi Connect IT® Mini User Guide...
Page 627 Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show nemo [name STRING] Show NEMO status and statistics. Parameters name The name of a specific NEMO instance. Digi Connect IT® Mini User Guide...
Page 628 Display all clients including disabled clients. Syntax: BOOLEAN Default: False Optional: True name Display more details and config data for a specific OpenVPN client. Syntax: STRING Optional: True openvpn server [all] [name STRING] Show OpenVPN server status and statistics. Digi Connect IT® Mini User Guide...
Page 629 Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show scripts Show scheduled system scripts Parameters None show serial PORT Show serial status and statistics. Digi Connect IT® Mini User Guide...
Page 630 Display more information (build date) Syntax: BOOLEAN Default: False Optional: True show vrrp [all|verbose] [name STRING] Show VRRP status and statistics. Parameters Display all VRRP instances including disabled instances. Syntax: {True|False} Type: boolean Digi Connect IT® Mini User Guide...
Page 631 Display more details for a specific Wi-Fi access point. Syntax: STRING Optional: True wifi client [all] [name STRING] Display details for Wi-Fi client mode connections. Parameters Display all Wi-Fi clients including disabled Wi-Fi client mode connections. Syntax: BOOLEAN Default: False Optional: True Digi Connect IT® Mini User Guide...
Page 632 Command line reference name Display more details for a specific Wi-Fi client mode connection. Syntax: STRING Optional: True show wifi-scanner Show Wi-Fi scanner information. wifi-scanner log Show output log for the last update interval. Parameters None Digi Connect IT® Mini User Guide...
Page 633: System
Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Digi Connect IT® Mini User Guide...
Page 634 Script to stop. Syntax: STRING system support-report PATH Save a support report to a file and include with support requests. Parameters path The file path to save the support report to. Syntax: STRING Digi Connect IT® Mini User Guide...
Page 635: Traceroute
Minimum: 1 Default: 1 gateway Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True Digi Connect IT® Mini User Guide...
Page 636 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes Digi Connect IT® Mini User Guide...
Page 637 For IPv6, set the Traffic Control value. A value of -1 specifies that no value will be used. Syntax: INT Minimum: -1 Default: -1 waittime Determines how long to wait for a response to a probe. Syntax: INT Minimum: 1 Default: 5 Digi Connect IT® Mini User Guide...

Digi Connect IT Mini User Manual

Digi Connect IT® Mini User Guide

Get Started with the Connect IT Mini

Connect Equipment to the Connect IT

Configuration and Management

Configure Remote Power Management

Interfaces

Serial Port

Routing

Virtual Private Networks (VPN)

Services

Applications

User Authentication

Firewall

System Administration

Monitoring

Centralmanagement

File System

Diagnostics

Hardware

Troubleshooting

Regulatory and Safety Information

Command Line Interface

Quick Links

Related Manuals for Digi Connect IT Mini

Summary of Contents for Digi Connect IT Mini