Download Print this page

Digi AnywhereUSB Plus User Manual

Digi AnywhereUSB Plus User Manual

Hide thumbs Also See for AnywhereUSB Plus:

User manual (163 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

AnywhereUSB® Plus

User Guide

Firmware version 21.8

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the AnywhereUSB Plus and is the answer not in the manual?

Questions and answers

Summary of Contents for Digi AnywhereUSB Plus

Page 1 AnywhereUSB® Plus User Guide Firmware version 21.8...
Page 2 Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity. Wi-Fi enhancements: Removed requirement to set a Wi-Fi SSID and passphrase to initially configure the device.
Page 3 Added ability to override or edit SSH server options. Added options for filtering Wi-Fi scanner results based off of MAC addresses or RSSI signal strength. Added options for sending local device event logs to Digi Remote Manager. New system time CLI command for manually setting the local date and time.
Page 4 Cycle the power to a port on a Hub from the web UI Commands: power cycle powercycle port Additional power and cabling requirements: AnywhereUSB Plus 8 and 24 QR code definition Updated topics: Specify search, response, and keepalive intervals for a Hub.
Page 5 PLMN/network to use. Added commands for over-the-air (OTA) system firmware update to check, list, and update to new firmware from the Digi firmware server. Added a show dns command to the Admin CLI to display active DNS servers and their associated interface.
Page 6 Simple Certificate Enrollment Protocol (SCEP) supported added. Updated python to version 3.6.13. Added the default digi.device local domain. Release of Digi AnywhereUSB Plus firmware version 21.2: March 2020 Location services added, including: The ability to define a static latitude and longitude as a location for the device.
Page 7 ID length. Added Cannot uninstall the Manager from the Windows Apps screen. Release of Digi AnywhereUSB Plus firmware version 20.11: December 2020 Modem firmware update commands added to the Admin CLI. Network bridging enhanced to use the MAC address of the first active device listed in Network >...
Page 8 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners. © 2021 Digi International Inc. All rights reserved.
Page 9: Table Of Contents
Contents AnywhereUSB® Plus User Guide User roles Terminology Supported OS Get started with your AnywhereUSB Initial connection: Administrators only Next steps after initial connection Optional Step 1: Verify product components AnywhereUSB 2 Plus components AnywhereUSB 8 Plus components AnywhereUSB 24 Plus components Step 2: Determine how to run AnywhereUSB Manager: Service or stand-alone Mode interactions with AnywhereUSB features Warnings...
Page 10 Connect to a group Connect to a USB device Manage the Hubs using the AnywhereUSB Manager Launch the AnywhereUSB Manager Rename AnywhereUSB Hubs, groups, and USB devices Assign a local name to a Hub Assign a local name to a group Assign a local name to a USB device Change the admin password on the Hub Disconnect from a group or USB device...
Page 11 Open the web UI from a browser window Using Digi Remote Manager Access Digi Remote Manager Use the local REST API to configure the AnywhereUSB Plus device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and list arrays...
Page 12 Configure the device to reboot when a failure is detected Disable SureLink Example: Use a ping test for WAN failover from Ethernet to cellular Using Ethernet devices in a WAN Using cellular modems in a Wireless WAN (WWAN) Configure a Wide Area Network (WAN) Configure a Wireless Wide Area Network (WWAN) Show WAN and WWAN status and statistics Delete a WAN or WWAN...
Page 13 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your AnywhereUSB Plus device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
Page 14 Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the AnywhereUSB Plus device to use custom factory default settings Locate the device by using the Find Me feature Configuration files Save configuration changes...
Page 15 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems File system The AnywhereUSB Plus local file system Display directory contents Create a directory Display file contents Copy a file or directory...
Page 16 Virtual Private Networks (VPN) IPsec IPsec data protection IPsec modes Internet Key Exchange (IKE) settings Authentication Configure an IPsec tunnel Configure IPsec failover Configure SureLink active recovery for IPsec Show IPsec status and statistics Debug an IPsec configuration Configure a Simple Certificate Enrollment Protocol client Example: SCEP client configuration with Fortinet SCEP server OpenVPN Configure an OpenVPN server...
Page 17 Configuration mode Enable configuration mode Enter configuration commands in configuration mode Save changes and exit configuration mode Exit configuration mode without saving changes Configuration actions Display command line help in configuration mode Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands Example: Create a new user by using the command line...
Page 18 Cannot uninstall the Manager from the Windows Apps screen Hardware AnywhereUSB 2 Plus: Front panel AnywhereUSB 2 Plus: Back panel Attach a DIN rail clip (AnywhereUSB Plus 2-port ONLY) AnywhereUSB 8 Plus: Front panel WWAN Service and WWAN Signal LED descriptions AnywhereUSB 8 Plus: Back panel AnywhereUSB 24 Plus: Front Panel WWAN Service and WWAN Signal LED descriptions...
Page 19 Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi AnywhereUSB Plus regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) CE and UKCA OEM labeling requirements CE labeling requirements UK Conformity Assessed (UKCA) labeling requirements Innovation, Science, and Economic Development Canada (IC) certifications Product disposal instructions AnywhereUSB®...
Page 20: Anywhereusb® Plus User Guide
AnywhereUSB® Plus User Guide AnywhereUSB® Plus is a Remote USB 3.1 Hub that implements USB over IP® technology over Gigabit Ethernet networks. The Hub enables communication with USB-enabled devices from virtualized systems and from remote host computers. You can securely deploy AnywhereUSB® Plus Remote USB 3.1 Hubs in non-secure environments, making it ideal for point-of-sale, kiosks, surveillance, industrial automation, or any mission-critical enterprise application.
Page 21: Terminology
AnywhereUSB® Plus User Guide Terminology Terminology Role Description Computer The physical or virtual equipment (such as a PC, laptop, or virtual machine), which is used to remotely access the AnywhereUSB Plus Hub. Client ID The client ID is a unique identifier assigned to a user account the first time a user logs in to a computer and opens the AnywhereUSB Manager.
Page 22: Get Started With Your Anywhereusb
Get started with your AnywhereUSB This section explains what comes with each AnywhereUSB model, how to install the necessary software, and how to connect the hardware. After you have verified the AnywhereUSB Hub components, the software installation, hardware connection, and initial connection process must be done individually for each computer.
Page 23: Step 1: Verify Product Components
Get started with your AnywhereUSB Step 1: Verify product components Step 1: Verify product components All AnywhereUSB models include the AnywhereUSB device in the box. Additional equipment may be required or may be optional. AnywhereUSB 2 Plus components AnywhereUSB 8 Plus components AnywhereUSB 24 Plus components NEXT STEP: If you are performing the initial device set-up, proceed to the next step after verifying the components:...
Page 24: Anywhereusb 2 Plus Components
STP Cat 7 Ethernet cable. Step 5: Connect to the device using an Ethernet LAN connection. Power supply kit Recommended item: 1.8 amps per port. Digi PN 76000965. Step 4: Connect the power supply. Alternate power supply kits These may be used instead of the recommended power supply kit if USB port charging is not required: AC Power Supply: US plug to 5 VDC.
Page 25 Step 1: Verify product components Optional additional equipment DIN rail mounting kit Digi PN 7000682. Attach a DIN rail clip (AnywhereUSB Plus 2-port ONLY). Note Some kits may not have the required screws included. If this occurs, you will need to separately purchase two screws of the following type: 4-40 x .250 Flat head, Phillips head, zinc-plated...
Page 26: Anywhereusb 8 Plus Components
Get started with your AnywhereUSB Step 1: Verify product components AnywhereUSB 8 Plus components Verify that you have the following included and required additional equipment. A list of optional equipment is also included below. Included equipment Equipment Description AnywhereUSB 8-port device For information about the hardware, see: AnywhereUSB 8 Plus: Front panel AnywhereUSB 8 Plus: Back panel...
Page 27 Regional power cable For information about regional power cable requirements, see Additional power and cabling requirements: AnywhereUSB Plus 8 Optional additional equipment for connecting to a cellular network This equipment is required only if you want to connect to a cellular network. See OPTIONAL: Use the CORE module to connect to the cellular network (AnywhereUSB 8 and 24 port devices...
Page 28: Anywhereusb 24 Plus Components
Get started with your AnywhereUSB Step 1: Verify product components AnywhereUSB 24 Plus components Verify that you have the following included and required additional equipment. A list of optional equipment is also included below. Note The power supply for the AnywhereUSB 24 Plus is built into the device. Included equipment Equipment Description...
Page 29 **More power is needed if you use all 24 ports. **If you do not use all 24 ports, two power cords maintain redundancy if one power supply fails. Digi also recommends plugging each power cord into separate main power circuits.
Page 30 Get started with your AnywhereUSB Step 1: Verify product components Equipment Description Antennas (2) AnywhereUSB® Plus User Guide...
Page 31: Step 2: Determine How To Run Anywhereusb Manager: Service Or Stand-Alone
Get started with your Step 2: Determine how to run AnywhereUSB Manager: Service or stand- AnywhereUSB alone Step 2: Determine how to run AnywhereUSB Manager: Service or stand-alone You can choose to install the AnywhereUSB Manager in service or stand-alone mode. Each mode offers different features and may interact differently with the Manager.
Page 32: Warnings
Groups and devices remain connected when users log in or out. Stand-alone If you install the AnywhereUSB Manager as a stand-alone, Digi recommends that you select the Run AnywhereUSB Manager at Startup option during the installation process to automatically launch the Manager each time you log in to your Windows user account.
Page 33 Get started with your Step 2: Determine how to run AnywhereUSB Manager: Service or stand- AnywhereUSB alone NEXT STEP: If you are performing the initial device set-up, proceed to the next step: Step 3: Install the AnywhereUSB Manager. AnywhereUSB® Plus User Guide...
Page 34: Step 3: Install The Anywhereusb Manager
Step 3: Install the AnywhereUSB Manager Step 3: Install the AnywhereUSB Manager The Anywhere USB Manager software must be downloaded from the Digi support site and installed on your computer. After the manager software installs, the AnywhereUSB Manager launches. The AnywhereUSB Manager automatically discovers AnywhereUSB Hubs on the local subnet.
Page 35 Launch AnywhereUSB Manager: Launches the AnywhereUSB Manager when the installation completes. Run AnywhereUSB Manager at Logon: Automatically launch AnywhereUSB Manager each time you log in to your Windows user account. Digi recommends that you do not de-select this option. AnywhereUSB® Plus User Guide...
Page 36 Get started with your AnywhereUSB Step 3: Install the AnywhereUSB Manager Note If you have installed the Manager as a service, this option applies only to the current admin user. Each time this admin user logs in, the Manager launches so the user can administer the service.
Page 37: Step 4: Connect The Power Supply
Connect an Ethernet cable to your PC and Hub to create an Ethernet LAN network. This enables you to access the Hub's web UI and configure the Hub. WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub.
Page 38: Step 6: Verify Initial Connection
Get started with your AnywhereUSB Step 6: Verify initial connection network and an IP address assigned to the Hub. Note If you are not connected to your organization's network, you can manually configure the PC and assign an IP address to the Hub. NEXT STEP: If you are performing the initial device set-up, proceed to the next step: Step 6: Verify initial...
Page 39 Get started with your AnywhereUSB Step 6: Verify initial connection 8. Before you can register the client ID with the Hub, you must add the client ID to the Hub from the web UI. a. Right-click on the Hub and select Open Web UI. b.
Page 40: Step 7: Update The Firmware On The Anywhereusb
Get started with your AnywhereUSB Step 7: Update the firmware on the AnywhereUSB 12. Right-click on Group 1 and select Connect to Group. The USB flash drive is available in Windows. NEXT STEP: If you are performing the initial device set-up, proceed to the next step: Step 7: Update the firmware on the AnywhereUSB.
Page 41: Step 9: Configure The Hub
Get started with your AnywhereUSB Step 9: Configure the Hub Stand-alone: Any user (an Administrator or a non-Administrator) can run the AnywhereUSB Manager. Service: Only an Administrator can run the AnywhereUSB Manager. NEXT STEP: If you are performing the initial device set-up, proceed to the next step after initial connection: Step 9: Configure the Hub.
Page 42: Connect The Hardware And Connect To The Cellular Network
This section explains how to connect the CORE module and cellular antennas to the AnywhereUSB hardware. You can then connect to a cellular network to connect to a support management tool, such as Digi Remote Manager. You must have purchased a CORE module to be able to connect to the cellular network.
Page 43 5. Plug the power supply to an outlet. Note For an AnywhereUSB 24 Plus Hub, plug both power supplies into an outlet, if you are using both power supplies. Digi recommends plugging each power cord into separate main power circuits. AnywhereUSB® Plus User Guide...
Page 44: Create Groups And Assign To Client Ids
Create groups and assign to client IDs For each Hub, the Hub administrator can assign a number of USB ports to a group. The Hub administrator can also assign groups to client IDs. When the client ID connects to a Hub, the computer is allowed to access the ports in the groups assigned to the client ID.
Page 45: Assign A Group To A Client Id
Create groups and assign to client IDs Assign a group to a client ID Assign a group to a client ID You can assign the groups to a client ID. When the client ID connects to the Hub, the computer can access all of the ports in the specified groups.
Page 46: Connect To A Group Or Usb Device In The Anywhereusb Manager
Connect to a group or USB device in the AnywhereUSB Manager When you connect to a group, you are given exclusive access to all of the USB ports in the group to which you are allowed access. All other users are blocked from access to the ports in that group until you disconnect from the group.
Page 47: Connect To A Group
Connect to a group or USB device in the AnywhereUSB Manager Connect to a group Connect to a group You can connect to a group so that you have access to the ports in the group. Once you have connected to a group, no one else can connect to that group. You cannot connect to a group that is already is use.
Page 48 Connect to a group or USB device in the AnywhereUSB Manager Connect to a USB device AnywhereUSB® Plus User Guide...
Page 49 Manage the Hubs using the AnywhereUSB Manager You can use the AnywhereUSB Manager to view the AnywhereUSB Plus Hubs that are allowed to connect to your computer. You can also connect to groups of USB ports on the Hubs. By default, the AnywhereUSB Manager is configured to automatically discover Hubs that are connected to the same network as your computer.
Page 50: Manage The Hubs Using The Anywhereusb Manager
Launch the AnywhereUSB Manager Note The AnywhereUSB Manager supports the AnywhereUSB Plus family of products: AnywhereUSB 2 Plus, AnywhereUSB 8 Plus, AnywhereUSB 24 Plus. The earlier AnywhereUSB products (AnywhereUSB 2, AnywhereUSB 5, and AnywhereUSB 14) use a different driver package. For more information, please...
Page 51: Assign A Local Name To A Group
Manage the Hubs using the AnywhereUSB Manager Change the admin password on the Hub Open the AnywhereUSB Manager. 2. Expand AnywhereUSB Hubs to display the Hubs. 3. Right-click on the Hub that you want to give a local name. 4. Select the Assign Local Name menu option. A dialog appears. 5.
Page 52: Disconnect From A Group Or Usb Device
Manage the Hubs using the AnywhereUSB Manager Disconnect from a group or USB device 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration.
Page 53: Disconnect From A Usb Device
Manage the Hubs using the AnywhereUSB Manager Disconnect from a group or USB device Open AnywhereUSB Manager. 2. Expand AnywhereUSB Hubs to display the Hubs. 3. Expand a Hub to display the groups in the Hub. 4. Right-click on the AnywhereUSB group from which you want to disconnect. 5.
Page 54: Manage The List Of Known Hubs
Manage the Hubs using the AnywhereUSB Manager Manage the list of known Hubs For example, you can enable auto connect for a group that has a camera connected to a port in the group. Every time the computer starts, the AnywhereUSB Manager starts and automatically connects the camera to your computer.
Page 55: Remove A Hub From The Known Hub List
Manage the Hubs using the AnywhereUSB Manager Manage the list of known Hubs Right-click Hub menu option When you use this method, a duplicate connection for this Hub is made until you disable the Autofind Hubs feature in the Preferences dialog. Open the AnywhereUSB Manager.
Page 56: Hide An Individual Hub
Manage the Hubs using the AnywhereUSB Manager Hide an individual Hub If you have the Autofind Hubs option selected for the Hub, when you open the AnywhereUSB Manager, all Hubs connected to the same network as your computer are automatically found and appear in the AnywhereUSB Manager. In addition, any Hubs you have added to the known Hubs list are found and also appear.
Page 57: Hide A Hub That Displays In The Anywhereusb Manager
Manage the Hubs using the AnywhereUSB Manager Hide an individual Hub Note You can choose to automatically hide all unauthorized Hubs, which is a Hub that has failed to connect to your computer. See Hide all unauthorized Hubs. Hide a Hub that displays in the AnywhereUSB Manager Note After you have hidden a Hub, you can choose to re-display it.
Page 58: Hide All Unauthorized Hubs
Manage the Hubs using the AnywhereUSB Manager Hide all unauthorized Hubs Hide all unauthorized Hubs You can choose to automatically hide all unauthorized Hubs, so they do not display in the AnywhereUSB Manager. An unauthorized Hub is a Hub that has failed to connect to your computer. A red X appears next to the Hub name.
Page 59: Minimize The Anywhereusb Manager When Launched
Manage the Hubs using the AnywhereUSB Manager Minimize the AnywhereUSB Manager when launched 3. Determine your connection option: Not selected: When Use All Hub Addresses is not selected, the AnywhereUSB Manager does not attempt to connect to the extra IP addresses. This is the default. Selected: When Use All Hub Addresses is selected, the AnywhereUSB Manager attempts to connect to the extra IP addresses.
Page 60: Cycle The Power To A Usb Device Connected To The Hub From The Anywhereusb Manager
Manage the Hubs using the Cycle the power to a USB device connected to the Hub from the AnywhereUSB Manager AnywhereUSB Manager 4. Enter the following: Search for Hubs every ..sec: Specifies how often the AnywhereUSB Manager searches the local network to discover AnywhereUSB Hubs and refresh the AnywhereUSB Manager display.
Page 61: Manage Hub Credentials
Manage the Hubs using the AnywhereUSB Manager Manage Hub credentials By default, the power cycle (powered off and then powered on) lasts 3 seconds. For more information, Specify search, response, and keepalive intervals for a Hub. Note In addition, you can power cycle a port on a Hub from the web UI. Any USB device connected to that port is powered off and then powered on.
Page 62: Remove A Hub Certificate
Manage the Hubs using the AnywhereUSB Manager View latency graph 6. An update message displays in the Manage Hub Credentials dialog. 7. Click Close. Remove a Hub certificate You can choose to remove a Hub to which you no longer want the AnyhwereUSB Manager to connect.
Page 63: Create Support Log File
4. Make a note of the file location. 5. Click OK to close the dialog. 6. Navigate to the file location and copy it. You can then email the copy to Digi Technical Support. Note If you installed the AnywhereUSB Manager in service mode, you must have...
Page 64: View The Anywhereusb Manager System Messages
Manage the Hubs using the AnywhereUSB Manager View the AnywhereUSB Manager system messages Open the AnywhereUSB Manager. 2. Select Help > Always on top. This option toggles between disabled and enabled, and is disabled by default. When it is enabled, a check mark displays next to the option. View the AnywhereUSB Manager system messages You can view the system message log of the AnywhereUSB Manager events.
Page 65: Keep The Current Client Id
Manage the Hubs using the AnywhereUSB Manager Access the online help from the AnywhereUSB Manager Keep the current client ID To restore the Hub's default settings and keep your currently configured client ID and identity certificate: Open the AnywhereUSB Manager. 2. Select File > Preferences. The Preferences dialog appears. 3.
Page 66: Anywhereusb Manager Icons And Toolbar
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window AnywhereUSB Manager Status pane AnywhereUSB Manager Hub Status pane AnywhereUSB Manager Group Status pane AnywhereUSB Manager USB Device Status pane AnywhereUSB Manager icons and toolbar This section explains how to use the icons in the AnywhereUSB Manager and what they represent. The icons in the AnywhereUSB Manager show the status of a Hub or a USB device.
Page 67: Anywhereusb Manager Hub Menu Options
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Configure > Manage Hub Credentials Help > System Messages Help > Latency graph Help > Always on Top Help > Create Support File Help > Online Manual Help > About AnywhereUSB Manager Hub menu options Right-click on a Hub name in the AnywhereUSB Manager to configure and maintain the Hub.
Page 68: Anywhereusb Manager Status Pane
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window AnywhereUSB Manager Status pane When you select the top node the AnywhereUSB Manager, information about the Manager displays in the Manager Status pane. The information displayed depends on whether the Manager was installed in service mode or stand-alone mode.
Page 69: Anywhereusb Manager Hub Status Pane
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Label Description Mode The AnywhereUSB Manager mode that was selected during installation: stand-alone or service mode. See Step 2: Determine how to run AnywhereUSB Manager: Service or stand-alone. Service mode: AnywhereUSB SERVICE MODE Stand-alone mode: AnywhereUSB ...
Page 70: Anywhereusb Manager Group Status Pane
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Label Description Name The name of the Hub supplied by the Hub. The default value for the Hub name is the serial number assigned to the Hub. You can change the Hub name in the Ethernet Network section of the web UI.
Page 71: Anywhereusb Manager Usb Device Status Pane
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Label Description Local Name A descriptive local name for the group. The local name also displays in the tree view in the left-hand pane in the AnywhereUSB Manager. The local name is local to the computer on which the AnywhereUSB Manager is running.
Page 72: Anywhereusb Manager Connection Status Messages
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Label Description Product Name of the USB product, if supplied by the device. Local Name A descriptive local name for the USB device. The local name also displays in the tree view in the left-hand pane in the AnywhereUSB Manager.
Page 73 Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Duplicate Connection The "Duplicate Connection" message displays if a Hub is found twice and appears twice in the AnywhereUSB Manager. This occurs if you have added a Hub to the known Hub list that is on same network as your computer, and you have the Autofind Hubs feature enabled.
Page 74 Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window 1. Remove the client ID from the Hub. See Remove a Hub certificate. 2. Add the client ID to the Hub. See Add a Hub certificate. AnywhereUSB Manager created a new certificate The AnywhereUSB Manager created a new certificate for some other reason, such as a factory reset of the Manager.
Page 75 Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window or other network issue could be blocking access from the Manager to the Hub. TCP port is not configured correctly The Hub cannot be reached via the TCP port (18574 by default) that is used by the AnywhereUSB Manager and is listened to by the Hub.
Page 76 Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Duplicate Hub If you have added a Hub to the known Hub list that is on same network as your computer, and you have the Autofind Hubs feature enabled, the Hub is found twice. The AnywhereUSB Manager attempts both connections, and the first one to connect will connect as expected.
Page 77: Set Hub Preferences
Manage the Hubs using the AnywhereUSB Manager AnywhereUSB Manager window Set Hub preferences In the AnywhereUSB Manager, you can set preferences for keepalive time messages and responses and how often the AnywhereUSB Manager searches for a Hub and the Hub response time. Click File >...
Page 78: Exit The Anywhereusb Manager
Manage the Hubs using the AnywhereUSB Manager Exit the AnywhereUSB Manager Exit the AnywhereUSB Manager You can log out of the AnywhereUSB Manager close the dialog. Open the AnywhereUSB Manager. 2. Click File > Exit to disconnect all USB devices connected to your computer, close all connections, and close the AnywhereUSB Manager.
Page 79 Configuration methods Open the web user interface Using Digi Remote Manager Access Digi Remote Manager Use the local REST API to configure the AnywhereUSB Plus device Using the command line Access the command line interface Log in to the command line interface Exit the command line interface AnywhereUSB®...
Page 80: Configuration And Management
Configuration and management Review AnywhereUSB Plus default settings Review AnywhereUSB Plus default settings You can review the default settings for your AnywhereUSB Plus device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. See...
Page 81: Other Default Configuration Settings
É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 82: Configuration Methods
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 83: Open The Web User Interface
A robust command line allows you to perform all configuration and management tasks from within a command shell. Both the Remote Manager and the local web interface also have the option to open a terminal emulator for executing commands on your AnywhereUSB Plus device. See...
Page 84 Configuration and management Open the web user interface 1. Open a browser window. 2. Enter the IP address for the Hub. A login screen displays. 3. Enter the user name and password. 4. Click Login. The web UI Dashboard displays by default. AnywhereUSB®...
Page 85: Using Digi Remote Manager
Using Digi Remote Manager Using Digi Remote Manager By default, your AnywhereUSB Plus device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your AnywhereUSB Plus device, see Central management.
Page 86 Configuration and management Use the local REST API to configure the AnywhereUSB Plus device 3. At the config prompt, type ? (question mark): (config)> ? auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System (config)>...
Page 87: Use The Post Method To Modify Device Configuration Parameters And List Arrays
Configuration and management Use the local REST API to configure the AnywhereUSB Plus device "acl.zone.1": "edge" "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" "mdns.name": "" "mdns.type": "_ssh._tcp." "port": "22" "protocol.0": "tcp" You can also use the GET method to return the configuration parameters associated with an item: curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/keys/service/ssh -X...
Page 88: Use The Delete Method To Remove Items From A List Array
Configuration and management Use the local REST API to configure the AnywhereUSB Plus device Use the POST method to add items to a list array To add items to a list array, use the POST method with the path and append parameters. For example, to add the external firewall zone to the ssh service: $ curl -k -u admin "https://192.168.210.1/cgi-...
Page 89 Configuration and management Use the local REST API to configure the AnywhereUSB Plus device 2. Use the DELETE method to remove the external zone (list item 4). $ curl -k -u admin https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.acl.zone.4 -X DELETE Enter host password for user 'admin': { "ok": true }...
Page 90: Using The Command Line
You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 91: Exit The Command Line Interface
1: Serial: port1 (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type a or admin to access the AnywhereUSB Plus command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...
Page 92 Configure the AnywhereUSB in the web user interface You can configure the AnywhereUSB Hub from the web user interface. You can access the web UI from the AnywhereUSB Manager or from a browser window. For instructions, see Open the web user interface.
Page 93: Configure The Anywhereusb In The Web User Interface
Enable USB debug logging Select this option to enable USB debug logging. This feature should only be used when working with Digi Technical Support to debug an issue. Group Settings Click Group Settings to expand this section. In this section you can name groups and assign USB ports to the groups.
Page 94: Anywhereusb Status Page
Configure the AnywhereUSB in the web user interface AnywhereUSB Status page Item Description Select a client to configure Select the existing client that you want to update or remove. Edit: Click Edit to update the selected client. Remove: Click Remove to remove the selected client.
Page 95: Rename A Hub And The Groups In A Hub
Configure the AnywhereUSB in the web user interface Rename a Hub and the groups in a Hub Item Description Click the (configuration) icon in the upper right corner of the page configuration icon to access the AnywhereUSB Configuration page. See AnywhereUSB Configuration page for more information.
Page 96: Rename The Hub
Configure the AnywhereUSB in the web user interface Configure and manage client IDs The default Hub name and group name can be seen by every user that connects to the Hub. You can also give a Hub and groups a local name that can be see only by the user that assigns the name. See Assign a local name to a Hub Assign a local name to a group.
Page 97: Configure A Client Id
Configure the AnywhereUSB in the web user interface Configure and manage client IDs Note You can have up to 255 client IDs in the client list. Assign client IDs to USB ports on the Hub The client IDs are assigned to groups of USB ports on the Hub. When a computer connects to a group in the AnywhereUSB Manager, the computer has access to all of the ports in the group and the devices connected to those ports.
Page 98: Remove A Client Id
ID is not unique. WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub. The first time that a client ID on a computer connects to the Hub, the unique credentials for this known user are stored in your Hub.
Page 99: View Hub System Information
Configure the AnywhereUSB in the web user interface View Hub system information If a USB device is connected to the port, the USB device is powered off and then powered back on, which has the same effect as removing the USB device from the Hub and then reconnecting it. Note If an externally powered USB device (one that is not powered by the Hub) is connected to the Hub, the power cycle feature may have no effect on the USB device.
Page 100: Configure Device Identity Settings
Configure the AnywhereUSB in the web user interface Configure device identity settings Item Description Click the (configuration) icon in the upper right corner of the page configuration icon to access the AnywhereUSB Configuration page. See AnywhereUSB Configuration page for more information. Port The number of the USB port to which the USB device is connected.
Page 101: View Current Connections To The Hub
Configure the AnywhereUSB in the web user interface View current connections to the Hub View current connections to the Hub You can view information about current connections to the Hub in the AnywhereUSB Status page. For more information, see AnywhereUSB Status page. Open the web 2.
Page 102 Configure the AnywhereUSB in the web user Manually configure the PC and assign an IP address to a interface Note IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process. 5.
Page 103: Interfaces
Interfaces AnywhereUSB devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Define a static IP address Wide Area Networks (WANs) Local Area Networks (LANs) Bridging AnywhereUSB®...
Page 104: Define A Static Ip Address
Define a static IP address You can configure a static IP address for the AnywhereUSB. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 105: Wide Area Networks (Wans)
Wide Area Networks (WANs) Wide Area Networks (WANs) The AnywhereUSB Plus device is preconfigured with one Wide Area Network (WAN), named ETH1, and one Wireless Wide Area Network (WWAN), named Modem. You can modify configuration settings for the existing WAN and WWANs, and you can create new WANs and WWANs.
Page 106: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)
Wireless Wide Area Network (WWAN), named Modem. You can also create additional WANs and WWANs. When a WAN is initialized, the AnywhereUSB Plus device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
Page 107 Wide Area Networks (WANs) É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Set the metrics for Modem: a.
Page 108 Wide Area Networks (WANs) 5. Click Apply to save the configuration and apply the change. The AnywhereUSB Plus device is now configured to use the cellular modem WWAN, Modem, as its highest priority WAN, and its Ethernet WAN, ETH1, as its secondary WAN.
Page 109: Wan/Wwan Failover
WAN, and its Ethernet WAN, ETH1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the AnywhereUSB Plus device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
Page 110: Configure Surelink Active Recovery To Detect Wan/Wwan Failures
Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the AnywhereUSB Plus device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 111 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 112 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address. See...
Page 113 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 114 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address. See...
Page 115 Interfaces Wide Area Networks (WANs) (config network interface my_wan ipv4 surelink target 0)> ping_ size [num] (config network interface my_wan ipv4 surelink target 0)> dns: Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)>...
Page 116 Interfaces Wide Area Networks (WANs) where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)>...
Page 117 Interfaces Wide Area Networks (WANs) Set the expected status of the alternate interface: (config network interface my_wan ipv4 surelink target 0)> other_status value (config network interface my_wan ipv4 surelink target 0)> where value is either up or down. For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail.
Page 118: Configure The Device To Reboot When A Failure Is Detected
Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the AnywhereUSB Plus device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
Page 119 Interfaces Wide Area Networks (WANs) The type of probe test to be performed, either: Ping: Requires the hostname or IP address of the host to be pinged. DNS query: You can perform a DNS query to a named DNS server, or to the DNS servers configured for the WAN.
Page 120 WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 121 Interfaces Wide Area Networks (WANs) 10. For Add Test Target, click g . 11. Select the Test type: Test another interface's status: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces. If Test another interface's status is selected: For Test Interface, select the alternate interface to be tested.
Page 122 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 123 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address. See...
Page 124 Interfaces Wide Area Networks (WANs) (config network interface my_wan ipv4 surelink target 0)> ping_ size [num] (config network interface my_wan ipv4 surelink target 0)> dns: Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)>...
Page 125 Interfaces Wide Area Networks (WANs) where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)>...
Page 126 Interfaces Wide Area Networks (WANs) Set the expected status of the alternate interface: (config network interface my_wan ipv4 surelink target 0)> other_status value (config network interface my_wan ipv4 surelink target 0)> where value is either up or down. For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail.
Page 127: Disable Surelink
SureLink interface test. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 128 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 129 Interfaces Wide Area Networks (WANs) 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 130: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular
Interfaces Wide Area Networks (WANs) 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 131 Interfaces Wide Area Networks (WANs) 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Configure active recovery on ETH1: a.
Page 132 Wide Area Networks (WANs) Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 133: Using Ethernet Devices In A Wan
Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the AnywhereUSB Plus device cannot connect to the network using SIM1, it automatically fails over to SIM2. AnywhereUSB Plus devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 134 To configure the modem: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Modems > Modem.
Page 135 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 136 Interfaces Wide Area Networks (WANs) (config)> network modem modem max_intfs int (config)> 7. Carrier switching allows the modem to automatically match the carrier for the active SIM. Carrier switching is enabled by default. To disable: (config)> network modem modem carrier_switch false (config)>...
Page 137 To configure the APN: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces > Modem > APN list > APN.
Page 138 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 139 Interfaces Wide Area Networks (WANs) (config)> network interface modem modem apn 0 ip_version version (config)> where version is one of the following: auto: Requests both IPv4 and IPv6 address. ipv4: Requests only an IPv4 address. ipv6: Requests only an IPv6 address. The default is auto.
Page 140 1002-CM04 CORE modem. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 141 Interfaces Wide Area Networks (WANs) d. For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the AnywhereUSB Plus will attempt to determine the APN. i. Click to expand APN list > APN. ii.
Page 142 Interfaces Wide Area Networks (WANs) m. For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: a.
Page 143 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 144 (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the AnywhereUSB Plus will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
Page 145 Interfaces Wide Area Networks (WANs) i. Enable APN list only: (config network interface WWANPrivate)> apn_lock true (config network interface WWANPrivate)> j. Set the private APN: (config network interface WWANPublic)> modem apn private_apn (config network interface WWANPublic)> 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: a.
Page 146 Interfaces Wide Area Networks (WANs) f. Use to periods (..) to move back one level in the configuration: (config nnetwork route policy 0)> .. (config nnetwork route policy)> g. Add a new routing policy: (config network route policy )> add end (config network route policy 1)>...
Page 147 The Network PLMN ID. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces > Modem.
Page 148 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 149 Admin CLI. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. croll to the Connection Status section and click SCAN. The Carrier Scan window opens.
Page 150 Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 151 The modem status window is displayed Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 152 Command line To unlock a SIM card: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 153 Try connecting a different set of antennas, if available. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1m Antenna Extender Kit, 3m AT command access To run AT commands from the AnywhereUSB Plus command line: Command line AnywhereUSB® Plus User Guide...
Page 154 Interfaces Wide Area Networks (WANs) 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 155: Configure A Wide Area Network (Wan)
When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the AnywhereUSB Plus device's hostname in DHCP requests. SureLink active recovery configuration. See...
Page 156 Interfaces Wide Area Networks (WANs) 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 157 Never: Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the AnywhereUSB Plus device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 158 13. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 159 Interfaces Wide Area Networks (WANs) 3. Create a new WAN or edit an existing one: To create a new WAN named my_wan: (config)> add network interface my_wan (config network interface my_wan)> To edit an existing WAN named my_wan, change to the my_wan node in the configuration schema: (config)>...
Page 160 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the AnywhereUSB Plus device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 161 Interfaces Wide Area Networks (WANs) b. Set the IPv6 type to DHCP: (config network interface my_wan)> ipv6 type dhcpv6 (config network interface my_wan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): (config network interface my_wan)>...
Page 162: Configure A Wireless Wide Area Network (Wwan)
Interfaces Wide Area Networks (WANs) If there allowlist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Add a MAC address to the allowlist: (config network interface my_wan)> add mac_allowlist end mac_address (config network interface my_wan)> where mac_address is a hyphen-separated MAC address, for example, 32-A6-84-2E-81-58.
Page 163 É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 164 Interfaces Wide Area Networks (WANs) 5. For Interface type, select Modem. 6. The WWAN is enabled by default. Click Enable to disable, or to enable if it has been disabled. 7. Interface type defaults to Modem. 8. For Zone, select External. 9.
Page 165 Reboot device: The device will reboot if automatic SIM switching is unavailable. 16. For APN list and APN list only, the AnywhereUSB Plus device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time.
Page 166 SureLink. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 167 Interfaces Wide Area Networks (WANs) 3. Create a new WWAN or edit an existing one: To create a new WWAN named my_wwan: (config)> add network interface my_wwan (config network interface my_wwan)> To edit an existing WWAN named my_wwan, change to the my_wwan node in the configuration schema: (config)>...
Page 168 Interfaces Wide Area Networks (WANs) provisioned from the carrier. Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T (config network interface my_wwan)> b. Set the carrier: (config network interface my_wwan)> modem carrier value (config network interface my_wwan)> iccid Set the unique SIM card ICCID that must be in active for this WWAN to be used: (config network interface my_wwan)>...
Page 169 Interfaces Wide Area Networks (WANs) 8. Set the phone number for the SIM, for SMS connections: (config network interface my_wwan)> modem phone num (config network interface my_wwan)> Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect.
Page 170 The device will reboot if automatic SIM switching is unavailable. 12. The AnywhereUSB Plus device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 171 Interfaces Wide Area Networks (WANs) b. Set the metric: (config network interface my_wwan)> ipv4 metric num (config network interface my_wwan)> Configure WAN/WWAN priority and default route metrics for further information about metrics. c. Set the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, the weight is used to load balance traffic to the interfaces.
Page 172: Show Wan And Wwan Status And Statistics
3. Under Networking, click Interfaces. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 173 Interfaces Wide Area Networks (WANs) 2. Enter the show network command at the Admin CLI prompt: > show network Interface Proto Status Address ---------------- ----- ------- ------------------------------- defaultip IPv4 192.168.210.1/24 defaultlinklocal IPv4 169.254.100.100/16 eth1 IPv4 10.10.10.10/24 eth1 IPv6 fe00:2404::240:f4ff:fe80:120/64 eth2 IPv4 192.168.2.1/24 eth2...
Page 174: Delete A Wan Or Wwan
WAN, ETH1, or the preconfigured WWAN, Modem. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 175: Default Outbound Wan/Wwan Ports
Wide Area Networks (WANs) Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 176: Local Area Networks (Lans)
Local Area Networks (LANs) Local Area Networks (LANs) The AnywhereUSB Plus device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for ETH2, and you can create new LANs. This section contains the following topics:...
Page 177: About Local Area Networks (Lans)
Interfaces Local Area Networks (LANs) About Local Area Networks (LANs) A Local Area Network (LAN) connects network devices together in a logical Layer-2 network. The following diagram shows a LAN connected to the ETH2 Ethernet device. Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
Page 178 To create a new LAN or edit an existing LAN: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 179 Interfaces Local Area Networks (LANs) c. For Address, type the IP address and subnet of the LAN interface. Use the format IPv4_ address/netmask, for example, 192.168.2.1/24. d. Optional IPv4 configuration items: i. Set the Metric. ii. For Weight, type the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, Weight is used to load balance traffic to the interfaces.
Page 180 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 181 Interfaces Local Area Networks (LANs) b. Set the device for the LAN: (config network interface my_lan)> device device (config network interface my_lan)> 6. Configure IPv4 settings: IPv4 support is enabled by default. To disable: (config network interface my_lan)> ipv4 enable false (config network interface my_lan)>...
Page 182 Interfaces Local Area Networks (LANs) DHCP servers for information about configuring the DHCP server. 7. (Optional) Configure IPv6 settings: a. Enable IPv6 support: (config network interface my_lan)> ipv6 enable true (config network interface my_lan)> b. Set the IPv6 type to DHCP: (config network interface my_lan)>...
Page 183: Show Lan Status And Statistics
Type quit to disconnect from the device. Show LAN status and statistics É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Networking, click Interfaces. Command line...
Page 184 Interfaces Local Area Networks (LANs) 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 185: Delete A Lan
LAN, LAN1. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 186 Interfaces Local Area Networks (LANs) 5. Click Apply to save the configuration and apply the change. AnywhereUSB® Plus User Guide...
Page 187: Dhcp Servers
Type quit to disconnect from the device. DHCP servers You can enable DHCP on your AnywhereUSB Plus device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
Page 188 É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 189 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 190 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the AnywhereUSB Plus device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
Page 191 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the AnywhereUSB Plus device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
Page 192 To map static IP addresses: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
Page 193 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 194 3. Under Networking, click DHCP Leases. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 195 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 196 Interfaces Local Area Networks (LANs) 2. At the command line, type config to enter configuration mode: > config (config)> 3. Show the static lease configuration. For example, to show the static leases for a lan named my_lan: (config)> show network interface my_lan ipv4 dhcp_server advanced static_ lease ip 192.168.2.10 mac BF:C3:46:24:0E:D9...
Page 197 Interfaces Local Area Networks (LANs) Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. AnywhereUSB® Plus User Guide...
Page 198 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 199 Interfaces Local Area Networks (LANs) 4. Custom options are enabled by default. To disable: (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> enable false (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 5. Set the option number for the DHCP option: (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)>...
Page 200 LAN. For the AnywhereUSB Plus device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
Page 201 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 202 3. Under Networking, click DHCP Leases. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 203: Create A Virtual Lan (Vlan) Route
Interfaces Local Area Networks (LANs) 192.168.2.194 MTK-ENG-USER1 May 19 08:25:11 UTC 2021 Dynamic ba:ba:2c:13:8c:71 192.168.2.195 MTK-ENG-USER2 May 20 11:32:12 UTC 2021 Dynamic 09:eb:10:f0:bc:16 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 204 To create a VLAN: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
Page 205 Local Area Networks (LANs) Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 206: Default Services Listening On Lan Ports
Interfaces Local Area Networks (LANs) Default services listening on LAN ports The following table lists the default services listening on the specified ports on the AnywhereUSB Plus LAN interfaces: Description TCP/UDP Port numbers DNS server DHCP server 67 and 68 SSH server...
Page 207: Bridging
Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. By default, the AnywhereUSB Plus has the following preconfigured bridges: You can modify configuration settings for the existing bridge, and you can create new bridges.
Page 208: Edit The Preconfigured Eth2 Bridge
To edit the preconfigured LAN1 bridge: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges > LAN1.
Page 209 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 210 Bridging 1 /network/wireless/ap/digi_ap (config)> ii. Use the index number to delete the appropriate device. For example, to delete the Digi AP Wi-Fi access point from the bridge: (config)> del network bridge lan device (config)> Note If you are deleting multiple devices from the bridge, the device index may be reordered after each deletion.
Page 211: Configure A Bridge
To create a bridge: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges.
Page 212 Interfaces Bridging AnywhereUSB® Plus User Guide...
Page 213 Bridging Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 214 Interfaces Bridging (config network bridge my_bridge)> stp forward_delay num (config)> The default is 2 seconds. 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 215: Console Port
AnywhereUSB Plus devices have a single serial port that provides access to the command-line interface. Use an RS232 DB9 console cable to establish a serial connection from your AnywhereUSB Plus to your local laptop or PC. You can then use a terminal emulator program to establish the serial connection.
Page 216 Services This chapter contains the following topics: Allow remote access for web administration and SSH Configure the web administration service Configure SSH access Use SSH with key authentication Configure DNS Simple Network Management Protocol (SNMP) Location information System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS)
Page 217: Allow Remote Access For Web Administration And Ssh
Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the AnywhereUSB Plus's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The AnywhereUSB Plus device must have a publicly reachable IP address.
Page 218 Allow remote access for web administration and SSH Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 219 Services Allow remote access for web administration and SSH 4. For Add Zone, click g . 5. Select External. 6. Click Apply to save the configuration and apply the change. AnywhereUSB® Plus User Guide...
Page 220: Configure The Web Administration Service
Configure the web administration service Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 221 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 222 Configure the service É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
Page 223 Services Configure the web administration service To limit access based on firewall zones: a. Click Zones. b. For Add Zone, click g . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d.
Page 224 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 225 Services Configure the web administration service (config)> add service web_admin acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration -------------------------------------------...
Page 226 Services Configure the web administration service (config)> Repeat this step to list additional firewall zones. 4. (Optional) If you have your own signed SSL certificate, if you have your own signed SSL certificate, set the certificate and private key by pasting their contents into the service web_ admin cert command.
Page 227 Services Configure the web administration service /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs+ml1PlepXgveKpKrWwORsdDBd+OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y/5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgYBgBnpfFU1JoC+L7m+lIPPZykWbPT/qBeYBBki5+0lhzebR9Stn VicrmROjojQk/sRGxR7fDixaGZolUwcRg7N7SH/y3zA7SDp4WvhjFeKFR8b6O1d4 PFnWO2envUUiE/50ZoPFWsv1o8eK2XT67Qbn56t9NB5a7QPvzSSR7jG77QKBgD/w BrqTT9wl4DBrsxEiLK+1g0/iMKCm8dkaJbHBMgsuw1m7/K+fAzwBwtpWk21alGX+ Ly3eX2j9zNGwMYfXjgO1hViRxQEgNdqJyk9fA2gsMtYltTbymVYHyzMweMD88fRC Ey2FlHfxIfPeE7MaHNCeXnN5N56/MCtSUJcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi+4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ 0siGswIauBd8BrZMIWf8JBUIC5EGkMiIyNpLJqPbGEImMUXk4Zane/cL7e06U8ft BUtOtMefbBDDxpP+E+iIiuM= -----END PRIVATE KEY-----"...
Page 228 Services Configure the web administration service The default setting of 443 normally should not be changed. (config)> service web_admin port 444 (config)> 7. (Optional) Configure the device to allow legacy encryption protocols. Legacy encryption protocols allow clients to connect to the HTTPS session by using encryption protocols older than TLS 1.2, in addition to TLS 1.2 and later protocols.
Page 229: Configure Ssh Access
The SSH service is enabled by default. To disable the service, or enable it if it has been disabled: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 230 Services Configure SSH access 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 231 Services Configure SSH access c. For Address, enter the IPv4 address or network that can access the device's SSH service. Allowed values are: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the SSH service. d.
Page 232 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 233 Services Configure SSH access To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device: (config)> add service ssh acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 234 Services Configure SSH access loopback setup (config)> Repeat this step to list additional firewall zones. 4. (Optional) Set the private key in PEM format. If not set, the device will use an automatically- generated key. (config)> service ssh key key.pem (config)> 5.
Page 235 Services Configure SSH access c. Set the configuration settings: (config)> service ssh custom config_file value (config)> where value is one or more entires in the form of an OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1"...
Page 236: Use Ssh With Key Authentication
SSH service to allow SSH access for the External firewall zone. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 237: Configure Dns
These instructions assume an existing user named temp_user. 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 238 To configure the DNS server: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS.
Page 239 Services Configure DNS A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the DNS service. d. Click g again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device: a.
Page 240 Configure DNS Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 241 Services Configure DNS Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP defaultlinklocal Default Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem (config)> Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)>...
Page 242 Services Configure DNS may have positive results. To disable: (config)> service dns cache_negative_responses false (config> 5. (Optional) Query all servers By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results.
Page 243: Show Dns Server
Command line Show DNS information 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 244 Services Configure DNS 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB® Plus User Guide...
Page 245: Simple Network Management Protocol (Snmp)
By default, the AnywhereUSB Plus device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a AnywhereUSB Plus device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets.
Page 246 Services Simple Network Management Protocol (SNMP) To limit access to specified IPv4 addresses and networks: a. Click IPv4 Addresses. b. For Add Address, click g . c. For Address, enter the IPv4 address or network that can access the device's SNMP agent.
Page 247 Simple Network Management Protocol (SNMP) Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 248 Services Simple Network Management Protocol (SNMP) Display a list of available interfaces: Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP defaultlinklocal Default Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback...
Page 249: Download Mibs
Services Simple Network Management Protocol (SNMP) 5. Set the name of the user that will be used to connect to the SNMP agent. (config)> service snmp username name (config)> 6. Set the password for the user that will be used to connect to the SNMP agent: (config)>...
Page 250 To download a .zip archive of the SNMP MIBs supported by this device: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the AnywhereUSB Plus device.
Page 251: Location Information
You can also configure your AnywhereUSB Plus device to forward location messages, either from the AnywhereUSB Plus device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
Page 252: Configure The Location Service
The location service is enabled by default. You can disable it, or you can enable it if it has been disabled. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location.
Page 253: Configure The Device To Use A User-Defined Static Location
Location information Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 254 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 255: Configure The Device To Accept Location Messages From External Sources
AnywhereUSB Plus device to forward location messages. This procedure configures a UDP port on the AnywhereUSB Plus device that will be used to listen for incoming messages. Required configuration items The location server must be enabled.
Page 256 Location information É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Location sources.
Page 257 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 258 Services Location information A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)>...
Page 259: Forward Location Information To A Remote Host
Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the AnywhereUSB Plus device that forward location messages in either NMEA or TAIP format to a remote host. Required configuration items Enable the location service.
Page 260 Configure the AnywhereUSB device to forward location information: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 261 15. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 262 Services Location information 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a remote host to which location messages will be sent: (config)> add service location forward end (config service location forward 0)> 4.
Page 263 Services Location information (config service location forward 0)> label "Remote host 1" (config service location forward 0)> 12. (Optional) Specify types of messages that will be forwarded. Allowed values vary depending on the message protocol type. By default, all message types are forwarded. If the message protocol type is NMEA: Allowed values are: gga: Reports time, position, and fix related data.
Page 264 Services Location information id: Reports the vehicle ID. ln: Long navigation: reports the latitude, longitude, and altitude, the horizontal and vertical speed, and heading. pv: Position/velocity: reports the latitude, longitude, and heading. To remove a message type: a. Use the show command to determine the index number of the message type to be deleted: (config service location forward 0)>...
Page 265: Configure Geofencing
Services Location information Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your AnywhereUSB Plus device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
Page 266 Services Location information 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Geofence.
Page 267 Click g again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
Page 268 Services Location information c. For Number of intervals, type or select the number of Update Intervals that must take place prior to performing the On entry actions. For example, if the Update interval is 1m (one minute) and the Number of intervals is 3, the On entry actions will not be performed until the device has been inside the geofence for three minutes.
Page 269 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 270 Services Location information 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a geofence: (config)> add service location geofence name (config service location geofence name)> where name is a name for the geofence. For example: (config)>...
Page 271 Services Location information For latitude, any integer between -90 and 90, with up to six decimal places. For longitude, any integer between -180 and 180, with up to six decimal places. b. Set the radius of the circle: (config service location geofence test_geofence)> radius radius (config service location geofence test_geofence)>...
Page 272 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
Page 273 Services Location information 6. Define actions to be taken when the device's location triggers a geofence event: To define actions that will be taken when the device enters the geofence, or is inside the geofence when it boots: a. (Optional) Configure the device to preform the actions if the device is inside the geofence when it boots: (config)>...
Page 274 Services Location information (config service location geofence test_geofence on_entry action 0)> where value is either: factory_erase—Erases the device configuration when the action is triggered. script—Executes a custom script when the action is triggered. factory_erase or script. If type is set to script: i.
Page 275 Services Location information v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: (config service location geofence test_geofence on_entry action 0)> sandbox false (config service location geofence test_geofence on_entry action 0)> If you disable the sandbox, the script may render the system unusable.
Page 276 Services Location information where value is either: factory_erase—Erases the device configuration when the action is triggered. script—Executes a custom script when the action is triggered. factory_erase or script. If type is set to script: i. Type or paste the script, closed in quote marks: (config service location geofence test_geofence on_exit action 0)>...
Page 277: Show Location Information
Command line Show location information 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 278 Type quit to disconnect from the device. Show geofence information 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 279: System Time
Configure the system time for details about changing the default configuration. The AnywhereUSB Plus device can also be configured to serve as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
Page 280 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 281 Services System time messages. It also affects actions that occur at a specific time of day. Format: Africa/Abidjan Africa/Accra Africa/Addis_Ababa (config)> 4. (Optional) Add an upstream NTP server that the device will use to synchronize its time to the appropriate location in the list of NTP servers. The default setting is time.devicecloud.com. To delete the default NTP server, time.devicecloud.com: (config)>...
Page 282: Manually Set The System Date And Time
Services System time 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Test the configured NTP servers for connectivity: ...
Page 283: Network Time Protocol
Services Network Time Protocol 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Set the device's local date and time: >...
Page 284 Services Network Time Protocol 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > NTP.
Page 285 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 286 Services Network Time Protocol To delete the default NTP server, time.devicecloud.com: (config)> del service ntp server 0 To add the NTP server to the beginning of the list, use the index value of 0 to indicate that it should be added as the first server: (config)>...
Page 287 Services Network Time Protocol (config)> add service ntp acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration -------------------------------------------...
Page 288: Show Status And Statistics Of The Ntp Server
By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the AnywhereUSB Plus device can use the NTP service. 6. (Optional) Set the timezone for the location of your AnywhereUSB Plus device. The default is UTC.
Page 289: Configure A Multicast Route
To configure a multicast route: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Multicast.
Page 290 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 291 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 8. Set a destination interface that the AnywhereUSB Plus device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
Page 292 Services Configure a multicast route 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB® Plus User Guide...
Page 293: Ethernet Network Bonding
Ethernet network bonding Ethernet network bonding The AnywhereUSB Plus device supports bonding mode for the Ethernet network. This allows you to configure the device so that Ethernet ports share one IP address. When both ports are being used, they act as one Ethernet network port.
Page 294 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 295: Enable Service Discovery (Mdns)
You can enable the AnywhereUSB Plus device to use mDNS. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 296 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 297 Services Enable service discovery (mDNS) 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable the mDNS service: (config)> service mdns enable true (config)> 4. Configure access control: To limit access to specified IPv4 addresses and networks: (config)>...
Page 298 Services Enable service discovery (mDNS) defaultlinklocal Default Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem (config)> Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)> add service mdns acl zone end value Where value is a firewall zone defined on your device, or the any keyword.
Page 299: Use The Iperf Service
Use the iPerf service Use the iPerf service Your AnywhereUSB Plus device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 300 To enable the iPerf3 server: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > iPerf.
Page 301 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 302 Services Use the iPerf service Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device: (config)>...
Page 303: Example Performance Test Using Iperf3
Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the AnywhereUSB Plus device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 304: Configure The Ping Responder Service
To enable the iPerf3 server: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Ping responder.
Page 305 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 306 Services Configure the ping responder service To limit access to specified IPv6 addresses and networks: (config)> add service iperf acl address6 end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type.
Page 307: Example Performance Test Using Iperf3
Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the AnywhereUSB Plus device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 308 Services Configure the ping responder service iperf Done. AnywhereUSB® Plus User Guide...
Page 309: User Authentication
User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for AnywhereUSB Plus users Example user configuration AnywhereUSB® Plus User Guide...
Page 310: Anywhereusb Plus User Authentication
User authentication AnywhereUSB Plus user authentication AnywhereUSB Plus user authentication User authentication on the AnywhereUSB Plus has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
Page 311 User authentication User authentication methods Local users: User are authenticated on the local device. RADIUS: Users authenticated by using a remote RADIUS server for authentication. Remote Authentication Dial-In User Service (RADIUS) for information about configuring RADIUS authentication. TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication.
Page 312: Add A New Authentication Method
To add an authentication method: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
Page 313 This procedure describes how to add methods to various places in the list. 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 314: Delete An Authentication Method
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 315: Rearrange The Position Of Authentication Methods
User authentication User authentication methods 2. At the command line, type config to enter configuration mode: > config (config)> 3. Use the show auth method command to determine the index number of the authentication method to be deleted: (config)> show auth method 0 local 1 radius 2 tacacs+...
Page 316 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 317: Authentication Groups
Admin access: Users with Admin access can be configured to have either: The ability to manage the AnywhereUSB Plus device by using the WebUI or the Admin CLI. Read-only access to the WebUI and Admin CLI.
Page 318: Change The Access Rights For A Predefined Group
É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
Page 319 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 320: Add An Authentication Group
User authentication Authentication groups To disable Admin access for the admin group: (config)> auth group admin acl admin enable false (config)> Shell access: To enable Shell access for the serial group: (config)> auth group serial acl shell enable true (config)> Shell access is not available if the Allow shell parameter has been disabled.
Page 321 User authentication Authentication groups 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
Page 322 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 323 User authentication Authentication groups read-only: provides users of this group with read-only access to the WebUI and Admin CLI. The default is full. Shell access: (config auth group test)> acl shell enable true (config)> Shell access is not available if the Allow shell parameter has been disabled. See Disable shell access for more information about the Allow shell parameter.
Page 324: Delete An Authentication Group
To delete an authentication group that you have created: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 325 User authentication Authentication groups 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 326: Local Users
TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each AnywhereUSB Plus device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 327: Change A Local User's Password
To change a user's password: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 328 User authentication Local users 6. Click Apply to save the configuration and apply the change. AnywhereUSB® Plus User Guide...
Page 329: Configure A Local User
Local users Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 330 To configure a local user: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 331 User authentication Local users a. For Lockout tries, type the number of unsuccessful login attempts before the user is locked out of the device. The default is 5. b. For Lockout duration, type the amount of time that the user is locked out after the number of unsuccessful login attempts defined in Lockout tries.
Page 332 User authentication Local users d. Generate a Secret key: i. Click ... next to the field label and select Generate secret key. ii. Copy the secret key for use with an application or mobile device to generate passcodes. e. For time-based verification only, select Disallow code reuse to prevent a code from being used more than once during the time that it is valid.
Page 333 User authentication Local users 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 334 User authentication Local users a. Add a group to the user. For example, to add the admin group to the user: (config auth user new_user> add group end admin (config auth user new_user)> Note Every user must be configured with at least one group. b.
Page 335 User authentication Local users b. Enable two-factor authentication for this user: (config auth user new_user 2fa)> enable true (config auth user new_user 2fa)> c. Configure the verification type. Allowed values are: totp: Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password.
Page 336: Delete A Local User
10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your AnywhereUSB Plus: É WebUI AnywhereUSB® Plus User Guide...
Page 337 User authentication Local users 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
Page 338 Local users Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 339: Terminal Access Controller Access-Control System Plus (Tacacs+)
To use TACACS+ authentication, you must set up a TACACS+ server that is accessible by the AnywhereUSB Plus device prior to configuration. The process of setting up a TACACS+ server varies by the server environment.
Page 340: Tacacs+ User Configuration
The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your AnywhereUSB Plus. Alternatively, if the user is also configured as a local user on the AnywhereUSB Plus device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 341: Tacacs+ Server Failover And Fallback To Local Authentication
$ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your AnywhereUSB Plus device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 342 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 343 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 344 TACACS+ server's configuration. For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the AnywhereUSB Plus configuration. (config)> auth tacacs+ service service-name (config)> 6. Add a TACACS+ server: a.
Page 345: Remote Authentication Dial-In User Service (Radius)
With RADIUS support, the AnywhereUSB Plus device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP.
Page 346: Radius User Configuration
$ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your AnywhereUSB Plus device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.
Page 347: Configure Your Anywhereusb Plus Device To Use A Radius Server
Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the AnywhereUSB Plus device by using the WebUI, the default value is for NAS ID is httpd.
Page 348 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the AnywhereUSB Plus device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the AnywhereUSB Plus device by using ssh, the default value is sshd.
Page 349 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 350: Ldap
Plus device for centralized authentication and authorization management for users who connect to the device. With LDAP support, the AnywhereUSB Plus device acts as an LDAP client, which sends user credentials and connection parameters to an LDAP server. The LDAP server then authenticates the LDAP client requests and sends back a response message to the device.
Page 351 User authentication LDAP This section contains the following topics: LDAP user configuration LDAP server failover and fallback to local configuration Configure your AnywhereUSB Plus device to use an LDAP server AnywhereUSB® Plus User Guide...
Page 352: Ldap User Configuration
LDAP LDAP user configuration When configured to use LDAP support, the AnywhereUSB Plus device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.
Page 353: Ldap Server Failover And Fallback To Local Configuration
LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your AnywhereUSB Plus device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 354 LDAP É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
Page 355 15. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 356 User authentication LDAP 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Prevent other authentication methods from being used if LDAP authentication fails. Other authentication methods will only be used if the LDAP server is unavailable. (config)>...
Page 357 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of AnywhereUSB Plus authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 358: Configure Serial Authentication
This section describes how to configure authentication for serial access. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 359 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 360: Disable Shell Access
If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication.
Page 361: Set The Idle Timeout For Anywhereusb Plus Users
User authentication Set the idle timeout for AnywhereUSB Plus users 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 362 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 363: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 364 7. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 365: Example 2: Radius, Tacacs+, And Local Authentication For One User
Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the AnywhereUSB Plus device, user authentication will occur in the following order: 1.
Page 366 Save and close the tac_plus.conf file. 3. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. AnywhereUSB® Plus User Guide...
Page 367 User authentication Example user configuration The Configuration window is displayed. 5. Configure the authentication methods: a. Click Authentication > Methods. b. For Method, select RADIUS. c. For Add Method, click g to add a new method. d. For the new method, select TACACS+. e.
Page 368 In this example: The user's username is admin1. The user's password is password1. The authentication group on the AnywhereUSB Plus device, admin, is identified in the Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
Page 369 Save and close the tac_plus.conf file. 3. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 370 User authentication Example user configuration If admin > level is set to read-only: (config)> auth group admin acl admin level full (config)> 7. Configure the local user: a. Create a local user with the username admin1: (config)> add auth user admin1 (config auth user admin1)>...
Page 371: Firewall
Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options AnywhereUSB® Plus User Guide...
Page 372: Firewall Configuration
IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the AnywhereUSB Plus to be forwarded to other servers by translating the destination address.
Page 373 Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 374: Configure The Firewall Zone For A Network Interface
You cannot delete preconfigured firewall zones. To delete a custom firewall zone: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 375: Port Forwarding Rules
Port forwarding rules Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 376 To configure a port forwarding rule: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
Page 377 13. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 378 Firewall Port forwarding rules a. Use the ? to determine available interfaces: (config firewall dnat 0)> interface ? Interface: Network connections will only be forwarded if their destination address matches the IP address of this network interface. Format: defaultip defaultlinklocal eth1 eth2 loopback...
Page 379 Firewall Port forwarding rules (config firewall dnat 0)> to_port value (config firewall dnat 0)> where value is the port number, comma-separated list of port numbers, or range of port numbers on the server to which traffic should be forwarded. For example, to forward traffic to ports one, three, and five through ten, enter 1, 3, 5-10.
Page 380: Delete A Port Forwarding Rule
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 381 Firewall Port forwarding rules 3. Determine the index number of the port forwarding rule you want to delete: (config)> show firewall dnat no address no zone enable true interface ip_version ipv4 label IPv4 port forwarding rule port 10000 protocol tcp to_address6 10.10.10.10 to_port 10001 no address6...
Page 382: Packet Filtering
By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the AnywhereUSB Plus device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
Page 383 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 384 Firewall Packet filtering 2. At the command line, type config to enter configuration mode: > config (config)> To edit the default packet filtering rule or another existing packet filtering rule: a. Determine the index number of the appropriate packet filtering rule: (config)>...
Page 385 Firewall Packet filtering where value is one of: accept: Allows matching network connections. reject: Blocks matching network connections, and sends an ICMP error if appropriate. drop: Blocks matching network connections, and does not send a reply. 5. Set the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone: Firewall configuration for more information about firewall zones.
Page 386: Enable Or Disable A Packet Filtering Rule
6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 387: Delete A Packet Filtering Rule
Firewall Packet filtering 3. Determine the index number of the appropriate port forwarding rule: (config)> show firewall filter action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal action drop dst_zone internal enable true ip_version any label My packet filter protocol any...
Page 388 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 389: Configure Custom Firewall Rules
To configure custom firewall rules: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
Page 390 Firewall Configure custom firewall rules 7. Click Apply to save the configuration and apply the change. AnywhereUSB® Plus User Guide...
Page 391: Configure Quality Of Service Options
Configure Quality of Service options Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 392 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 393 Create a new binding É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
Page 394 Firewall Configure Quality of Service options 4. For Add Binding, click g . The quality of service binding configuration window is displayed. 5. Enable the binding. 6. (Optional) Type a Label for the binding. 7. Select an Interface to queue egress packets on. The binding will only match traffic that is being sent out on this interface.
Page 395 Firewall Configure Quality of Service options d. For Weight, type a value for the amount of available bandwidth allocated to the policy, relative to other policies for this binding. The larger the weight, with respect to the other policy weights, the larger portion of the maximum bandwidth is available for this policy.
Page 396 Firewall Configure Quality of Service options IPv6 address: Only traffic from the IP address typed in IPv6 address will be matched. Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. MAC address: Only traffic from the MAC address typed in MAC address will be matched.
Page 397 Configure Quality of Service options Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 398 Firewall Configure Quality of Service options where int is an integer between 1 and 1000. Typically, this should be 95% of the available bandwidth. The default is 95. 7. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. a.
Page 399 Firewall Configure Quality of Service options i. Change to the rule node of the configuration: (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)> ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)>...
Page 400 Firewall Configure Quality of Service options viii. Set the source address type: (config network qos 2 policy 0 rule 0)> src type value (config network qos 2 policy 0 rule 0)> where value is one of: any: Source traffic from any address will be matched. Firewall configuration for more information about firewall zones.
Page 401 Firewall Configure Quality of Service options (config network qos 2 policy 0 rule 0)> src mac MAC_address (config network qos 2 policy 0 rule 0)> ix. Set the destination address type: (config network qos 2 policy 0 rule 0)> dst type value (config network qos 2 policy 0 rule 0)>...
Page 402 Firewall Configure Quality of Service options where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 8. Save the configuration and apply the change: (config)>...
Page 403: System Administration
Review device status Configure system information Update system firmware Update cellular module firmware Reboot your AnywhereUSB Plus device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks...
Page 404: Review Device Status
Show basic system information: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 405: Configure System Information
Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your AnywhereUSB Plus device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
Page 406 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 407: Update System Firmware
For example, AnywhereUSB Plus-21.8.24.120.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 408 5. Click Update Firmware. Command line 1. 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 409 Update firmware from a local file É WebUI 1. Download the AnywhereUSB Plus operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the AnywhereUSB Plus WebUI as a user with Admin access. AnywhereUSB® Plus User Guide...
Page 410 5. Browse to the location of the firmware on your local file system and select the file. 6. Click Update Firmware. Command line 1. Download the AnywhereUSB Plus operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the AnywhereUSB Plus command line as a user with Admin access.
Page 411: Dual Boot Behavior
> reboot Rebooting system > 7. Once the device has rebooted, log into the AnywhereUSB Plus's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 412: Update Cellular Module Firmware
4. Click Duplicate Firmware. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 413: Update Modem Firmware Over The Air (Ota)
Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the AnywhereUSB Plus command line as a user with Admin access.
Page 414 Retrieving download location for modem firmware '25.20.666_CUST_067_ 1' ... > To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined by using modem firmware ota list command. For example:: >...
Page 415: Update Modem Firmware By Using A Local Firmware File
Newest firmware version available in flash is '05.05.58.00_ATT_005.026_ 000' Modem firmware up to date 05.05.58.00_ATT_005.026_000 > modem firmware check 3. Use the modem firmware list command to list available firmware on the AnywhereUSB Plus device. > modem firmware list ATT, 24.01.544_ATT, current Generic, 24.01.514_Generic, image...
Page 416: Reboot Your Anywhereusb Plus Device
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Reboot your AnywhereUSB Plus device You can reboot the AnywhereUSB Plus device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting.
Page 417 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 418: Erase Device Configuration And Reset To Factory Defaults
System administration Erase device configuration and reset to factory defaults If reboot_time is set, but the device is unable to synchronize its time with an NTP server, the device will reboot after it has been up for 24 hours. See System time for information about configuring NTP servers.
Page 419 4. Click CONFIRM. 5. After resetting the device: a. Connect to the AnywhereUSB Plus by using the serial port or by using an Ethernet cable to connect the AnywhereUSB Plus ETH2 port to your PC. b. Log into the AnywhereUSB Plus: User name: Use the default user name: admin.
Page 420 Erase device configuration and reset to factory defaults 3. After resetting the device: a. Connect to the AnywhereUSB Plus by using the serial port or by using an Ethernet cable to connect the AnywhereUSB Plus ETH2 port to your PC.
Page 421: Configure The Anywhereusb Plus Device To Use Custom Factory Default Settings
Configure the AnywhereUSB Plus device to use custom factory default settings You can configure your AnywhereUSB Plus device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
Page 422 Select the file from your local file system. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 423: Locate The Device By Using The Find Me Feature
Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 424 System administration Locate the device by using the Find Me feature 2. To activate the Find Me feature, at the prompt, type the following at the command prompt: > system find-me on > 3. To deactivate the Find Me feature, type the following at the command prompt: >...
Page 425: Configuration Files
4. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 426: Save Configuration To A File
Type quit to disconnect from the device. Save configuration to a file You can save your AnywhereUSB Plus device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
Page 427: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your AnywhereUSB Plus device by using a backup from the device, or a backup from a similar device. É...
Page 428 AnywhereUSB Plus device. local-path is the location on the AnywhereUSB Plus device where the copied file will be placed. > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-21.8.24.120-19.23.42.bin local /opt to local...
Page 429 Configuration files filepath is the the path and filename of the configuration backup file on the AnywhereUSB Plus's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.
Page 430: Schedule System Maintenance Tasks
The frequency (daily, weekly, or monthly) that checks for firmware updates will run. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 431 System administration Schedule system maintenance tasks 6. For Maintenance window trigger type, select one of the following: Check if interface is up, for Test Interface, select the interface. Time period for maintenance window: a. Click to expand Maintenance window. b. For Start time, type the time of day that the maintenance window should start, using the syntax HH:MM.
Page 432 Schedule system maintenance tasks Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 433 System administration Schedule system maintenance tasks (config system schedule maintenance trigger 0)> interface ii. Set the interface. For example: (config system schedule maintenance trigger 0)> interface /network/interface/eth1 (config system schedule maintenance trigger 0)> out_of_service: The maintenance window will only start if the Python Out-of- Service is set.
Page 434: Disable Device Encryption
Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your AnywhereUSB Plus device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
Page 435: Re-Enable Cryptography After It Has Been Disabled
Disabling device encryption is not available in the WebUI. It can only be performed from the Admin CLI. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 436 Gateway: 192.168.210.1 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your AnywhereUSB Plus device. 3. Open a telnet session and connect to the AnywhereUSB Plus device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
Page 437: Configure The Speed Of Your Ethernet Ports
6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 438 System administration Configure the speed of your Ethernet ports The default is auto. 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 439: Monitoring
Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe AnywhereUSB® Plus User Guide...
Page 440: Intelliflow
To enable intelliFlow: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > intelliFlow.
Page 441 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 442 Monitoring intelliFlow setup Default value: internal Current value: internal (config)> b. Set the zone to be used by IntelliFlow: (config)> monitoring intelliflow zone my_zone 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 443: Use Intelliflow To Display Average Cpu And Ram Usage
This procedure is only available from the WebUI. To display display average CPU and RAM usage: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 444: Use Intelliflow To Display Top Data Usage Information
Top data usage by service To generate a top data usage chart: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 445 Monitoring intelliFlow 4. Display a data usage chart: To display the Top Data Usage by Host chart, click Top Data Usage by Host. To display the Top Data Usage by Server chart, click Top Data Usage by Server. To display the Top Data Usage by Service chart, click Top Data Usage by Service. 5.
Page 446: Use Intelliflow To Display Data Usage By Host Over Time
Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 447: Configure Netflow Probe
To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the AnywhereUSB Plus device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 448 Configure NetFlow Probe É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
Page 449 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 450 Monitoring Configure NetFlow Probe where type is one of: none—No flow sampling method is used. Each flow is accounted. deterministic—Selects every nth flow, where n is the value of the flow sample population. random—Randomly selects one out of every n flows, where n is the value of the flow sample population.
Page 451 Monitoring Configure NetFlow Probe d. (Optional) Set a label for the collector: (config monitoring netflow collector 0)> label "This is a collector." (config monitoring netflow collector 0)> Repeat to add additional collectors. 10. Save the configuration and apply the change: (config monitoring netflow collector 0)>...
Page 452: Central Management
Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 453: Digi Remote Manager Support
Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required. You can also configure an alternate cloud-based central management application. Change the reconnection timer.
Page 454 Digi Remote Manager support is enabled by default. To disable, click Enable central management. 4. (Optional) For Service, select either Digi Remote Manager or Digi aView. The default is Digi Remote Manager. 5. (Optional) For Management server, type the URL for the central management server. The default is the Digi Remote Manager server, my.devicecloud.com.
Page 455 16. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 456 Digi Remote Manager aview: Digi aView The default is Digi Remote Manager. 5. (Optional) Set the URL for the central management server. The default is the Digi Remote Manager server, my.devicecloud.com. (config)> cloud drm drm_url url (config)>...
Page 457 Central management Configure Digi Remote Manager Allowed values are from 30 seconds to two hours. The default is 290 seconds. (config)> cloud drm cellular_keep_alive value (config)> where value is any number of hours, minutes, or seconds, and takes the format number{h|m|s}.
Page 458 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 13. (Optional) Configure the AnywhereUSB Plus device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...
Page 459: Collect Device Health Data And Set The Sample Interval
Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
Page 460 8. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 461 Central management Collect device health data and set the sample interval (config)> show monitoring devicehealth tuning cellular bytes enable true bytes enable true bytes enable true bytes enable true serial bytes enable true bytes enable true cellular bytes enable true packets enable true (config)>...
Page 462: Enable Event Log Upload To Digi Remote Manager
Enable event log upload to Digi Remote Manager Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval: É...
Page 463: Log Into Digi Remote Manager
1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 464: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.
Page 465: Add A Device To Digi Remote Manager
The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your AnywhereUSB Plus device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: É...
Page 466: Configure Multiple Devices Using Profiles
AnywhereUSB Plus routers. Typically, if you want to provision multiple AnywhereUSB Plus routers: 1. Using the AnywhereUSB Plus local WebUI, configure one AnywhereUSB Plus router to use as the model configuration for all subsequent AnywhereUSB Pluss you need to manage.
Page 467 Diagnostics This chapter contains the following topics: Perform a speedtest Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems AnywhereUSB®...
Page 468: Perform A Speedtest
To perform a speedtest: Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 469 Attach the support report to any support requests. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 470: View System And Event Logs
View System Logs É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
Page 471 5. Click to download the system log. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 472: View Event Logs
É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click × System Logs to collapse the system logs viewer, or scroll down to Events.
Page 473 Diagnostics View system and event logs 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 474: Configure Syslog Servers
You can configure remote syslog servers for storing event and system logs. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 475 5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 476: Configure Options For The Event And System Logs
Diagnostics Configure options for the event and system logs To disable status event messages: (config system log remote 0)> status false (config system log remote 0)> To disable informational event messages: (config system log remote 0)> error false (config system log remote 0)> 4.
Page 477 Diagnostics Configure options for the event and system logs 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 478 Configure options for the event and system logs Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 479 Diagnostics Configure options for the event and system logs --------------------------------------------------------------------- ---------- arping ARP ping config Configuration dhcpserver DHCP server firmware Firmware location Location modem Modem netmon Active recovery network Network interfaces openvpn OpenVPN portal Captive portal remote Remote control restart Restart serial Serial...
Page 480 Diagnostics Configure options for the event and system logs ii. To disable informational messages for the DHCP server: (config)> system log event dhcpserver info false (config)> iii. To change the status interval: (config)> system log event dhcpserver status_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}.
Page 481: Analyze Network Traffic
Analyze network traffic Analyze network traffic The AnywhereUSB Plus device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
Page 482: Configure Packet Capture For The Network Analyzer
To configure a packet capture configuration: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
Page 483 Diagnostics Analyze network traffic 5. (Optional) Add a filter type: a. Click to expand Filter. You can select from preconfigured filters to determine which types of packets to capture or ignore, or you can create your own Berkeley packet filter expression. b.
Page 484 Diagnostics Analyze network traffic v. For Source or destination TCP/UDP port, select whether the filter should apply to packets when the port is the source, the destination, or both. vi. Click Ignore this TCP/UDP port if the filter should ignore packets that use this port. By default, is option is disabled, which means that the filter will capture packets that use this port.
Page 485 9. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 486 Diagnostics Analyze network traffic 4. Add an interface to the capture filter: (config network analyzer name)> add device end device (config network analyzer name)> Determine available devices and the proper syntax. To determine available devices and proper syntax, use the space bar autocomplete feature: (config network analyzer name)>...
Page 487 Diagnostics Analyze network traffic b. To create a filter that either captures or ignores packets that use a particular IP protocol: i. Add a new IP protocol filter: (config network analyzer name)> add filter protocol end (config network analyzer name filter protocol 0)> ii.
Page 488 Diagnostics Analyze network traffic i. Add a new port filter: (config network analyzer name)> add filter port end (config network analyzer name filter port 0)> ii. Set the transport protocol that should be filtered for the port: (config network analyzer name filter port 0)> protocol value (config network analyzer name filter port 0)>...
Page 489 Diagnostics Analyze network traffic source: The filter will apply to packets when the MAC address is the source. destination: The filter will apply to packets when the MAC address is the destination. either: The filter will apply to packets when the MAC address is either the source or the destination.
Page 490 Diagnostics Analyze network traffic b. Set the mode that will be used to run the capture filter: (config network analyzer name)> when mode (config network analyzer name)> where mode is one of the following: boot: The script will run once each time the device boots. interval: The script will start running at the specified interval, within 30 seconds after the configuration change is saved.
Page 491: Example Filters For Capturing Data Traffic
Diagnostics Analyze network traffic (config network analyzer name)> save_interval 600s (config network analyzer name)> 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 492: Capture Packets From The Command Line
To start packet capture from the command line: Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 493: Stop Capturing Packets
To stop packet capture from the command line: Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 494 To show captured data traffic: Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 495: Save Captured Data Traffic To A File
Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 496: Download Captured Data To Your Pc
4. Select the saved analyzer report you want to download and click (download). Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 497: Clear Captured Data
Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 498: Use The Ping Command To Troubleshoot Network Connections
Ping to check internet connection To check your internet connection: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 499 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 500 File system This chapter contains the following topics: The AnywhereUSB Plus local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files AnywhereUSB®...
Page 501: File System
The AnywhereUSB Plus local file system The AnywhereUSB Plus local file system The AnywhereUSB Plus local file system has approximately 150 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.
Page 502: Create A Directory
For example: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 503: Display File Contents
For example: Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 504: Move Or Rename A File Or Directory
Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 505: Delete A File Or Directory
Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 506: Upload And Download Files
FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.
Page 507: Upload And Download Files By Using The Secure Copy Command
AnywhereUSB Plus device. local-path is the location on the AnywhereUSB Plus device where the copied file will be placed. Transfer a file from the AnywhereUSB Plus device to a remote host...
Page 508: Upload And Download Files Using Sftp
AnywhereUSB Plus device. To copy a support report from the AnywhereUSB Plus device to a remote host at the IP address of 192.168.4.1: 1.
Page 509 File system Upload and download files sftp> exit AnywhereUSB® Plus User Guide...
Page 510: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) AnywhereUSB® Plus User Guide...
Page 511: Ip Routing
IP routing IP routing The AnywhereUSB Plus device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 512: Configure A Static Route
To configure a static route: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
Page 513 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the AnywhereUSB Plus device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
Page 514 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the AnywhereUSB Plus device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...
Page 515: Delete A Static Route
5. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 516: Policy-Based Routing
However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the AnywhereUSB Plus device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 517: Configure A Routing Policy
To configure a routing policy: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
Page 518 Routing IP routing 6. For Interface, select the interface on the AnywhereUSB Plus device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 519 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the AnywhereUSB Plus device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
Page 520 Routing IP routing Current value: (config network route policy 0)> interface b. Set the interface. For example: (config network route policy 0)> interface /network/interface/eth1 (config network route policy 0)> 6. (Optional) Enable exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces: (config network route policy 0)>...
Page 521 Routing IP routing b. Set the destination port: (config network route policy 0)> dst_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the destination port. icmp: The ICMP protocol is matched. Identify the ICMP type: (config network route policy 0)>...
Page 522 Routing IP routing a. Use the ? to determine available interfaces: (config network route policy 0)> src interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config network route policy 0)> src interface b. Set the interface. For example: (config network route policy 0)>...
Page 523 Routing IP routing where value is one of: zone: Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge...
Page 524 Routing IP routing address: Matches the destination IPv4 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> dst address value (config network route policy 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address.
Page 525: Routing Services
Routing IP routing Routing services Your AnywhereUSB Plus includes support for dynamic routing services and protocols. The following routing services are supported: Service or protocol Information RFC2453 The IPv4 Routing Information Protocol (RIP) service supports RIPv2 ( ) and RFC1058...
Page 526 6. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 527 Routing IP routing 3. Enable routing services: (config)> network route service enable true (config)> 4. Configure routing services that will be used: a. Use the ? to display available routing services: (config)> network route service ? Routing services: Settings for dynamic routing services and protocols. Parameters Current Value ---------------------------------------------------------------------...
Page 528: Show The Routing Table
To display the routing table: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > Routes.
Page 529: Dynamic Dns
DNS provider, the router can automatically update the remote nameserver whenever your WAN or public IP address changes. Your AnywhereUSB Plus device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
Page 530 Dynamic DNS É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
Page 531 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 532 Routing Dynamic DNS Format: defaultip defaultlinklocal eth1 eth2 loopback Current value: (config network ddns new_ddns_instance)> interface b. Set the interface. For example: (config network ddns new_ddns_instance)> interface eth1 (config network ddns new_ddns_instance)> 5. Set the Dynamic DNS provider service: a. Use the ? to determine available services: (config network ddns new_ddns_instance)>...
Page 533 Routing Dynamic DNS 8. Set the username to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> username name (config network ddns new_ddns_instance)> 9. Set the password to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> password pwd (config network ddns new_ddns_instance)> 10.
Page 534: Virtual Router Redundancy Protocol (Vrrp)
VRRP priority of the AnywhereUSB device connected to the failing link. This provides failover capabilities based on the status of connections behind the router, in addition to the basic VRRP device failover. For AnywhereUSB Plus devices, Surelink is used to probe network connections.
Page 535 VRRP priorty of devices based on the status of their network connectivity. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 536 12. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 537 Routing Virtual Router Redundancy Protocol (VRRP) Interface: The network interface to communicate with VRRP peers on and listen for traffic to virtual IP addresses. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config network vrrp VRRP_test)> interface b. Set the interface, for example: (config network vrrp VRRP_test)>...
Page 538: Configure Vrrp
VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a AnywhereUSB Plus device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
Page 539 Routing Virtual Router Redundancy Protocol (VRRP) 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
Page 540 Routing Virtual Router Redundancy Protocol (VRRP) fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: To configure the VRRP interface: a.
Page 541 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 542 Routing Virtual Router Redundancy Protocol (VRRP) 5. Add interfaces to monitor. Generally, this will be a cellular or WAN interface. a. Use the ? to determine available interfaces: (config)> network vrrp test interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2...
Page 543 Routing Virtual Router Redundancy Protocol (VRRP) i. Set the DHCP server gateway type to custom: (config)> network interface eth2 ipv4 dhcp_server advanced gateway custom (config)> ii. Determine the VRRP virtual IP addresses: (config)> show network vrrp VRRP_test virtual_address 0 192.168.3.3 1 10.10.10.1 (config)>...
Page 544 Routing Virtual Router Redundancy Protocol (VRRP) iv. Create a SureLink test target: (config)> add network interface eth2 ipv4 surelink target end (config network interface eth2 ipv4 surelink target 0)> v. Configure the type of test for the test target: (config network interface eth2 ipv4 surelink target 0)> test value (config network interface eth2 ipv4 surelink target 0)>...
Page 545: Example: Vrrp/Vrrp+ Configuration
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two AnywhereUSB Plus devices: AnywhereUSB® Plus User Guide...
Page 546: Configure Device One (Master Device)
É WebUI Task 1: Configure VRRP on device one 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 547 Routing Virtual Router Redundancy Protocol (VRRP) 5. Click Enable. 6. For Interface, select Interface: ETH2. 7. For Router ID, leave at the default setting of 50. 8. For Priority, leave at the default setting of 100. 9. Click to expand Virtual IP addresses. 10.
Page 548 Command line Task 1: Configure VRRP on device one 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 549 Routing Virtual Router Redundancy Protocol (VRRP) 6. Add the virtual IP address associated with this VRRP instance. (config network vrrp VRRP_test)> add virtual_address end 192.168.3.3 (config network vrrp VRRP_test)> Task 2: Configure VRRP+ on device one 1. Enable VRRP+: (config network vrrp VRRP_test)> vrrp_plus enable true (config network vrrp VRRP_test )>...
Page 550: Configure Device Two (Backup Device)
É WebUI Task 1: Configure VRRP on device two 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 551 Routing Virtual Router Redundancy Protocol (VRRP) 5. Click Enable. 6. For Interface, select Interface: ETH2. 7. For Router ID, leave at the default setting of 50. 8. For Priority, type 80. 9. Click to expand Virtual IP addresses. 10. Click g to add a virtual IP address. 11.
Page 552 Routing Virtual Router Redundancy Protocol (VRRP) Task 4: Configure SureLink for ETH2 on device two 1. Click Network > Interfaces > ETH2 > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5.
Page 553 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 554 Routing Virtual Router Redundancy Protocol (VRRP) Task 3: Configure the IP address for the VRRP interface, ETH2, on device two 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> 2. Set the IP address for ETH2: (config)>...
Page 555: Show Vrrp Status And Statistics
Web UI only. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 556 Virtual Router Redundancy Protocol (VRRP) Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 557 Virtual Private Networks (VPN) Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO L2TPv3 AnywhereUSB®...
Page 558: Virtual Private Networks (Vpn)
Virtual Private Networks (VPN) IPsec IPsec IPsec is a suite of protocols for creating a secure communication link—an IPsec tunnel—between a host and a remote IP network or between two IP networks across a public network such as the Internet. IPsec data protection IPsec protects the data being sent across a public network by providing the following: Data origin authentication...
Page 559: Authentication
Plus device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the AnywhereUSB Plus device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key.
Page 560 Virtual Private Networks (VPN) IPsec If SCEP certificates will be selected as the Authentication type, create the SCEP client prior to configuring the IPsec tunnel. See Configure a Simple Certificate Enrollment Protocol client for instructions. The local endpoint type and ID values, and the remote endpoint host and ID values. IKE configuration items The IKE version, either IKEv1 or IKEv2.
Page 561 Virtual Private Networks (VPN) IPsec The amount of time before the IKE phase 2 lifetime expires The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated. Note if the remote networks for an IPsec tunnel overlap with the networks for a WAN internet connection (wired, cellular, or otherwise), you must configure a static route to direct the traffic either through the IPsec tunnel, or through the WAN (outside of the IPsec tunnel).
Page 562 Virtual Private Networks (VPN) IPsec É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 563 Virtual Private Networks (VPN) IPsec Note Depending on your network configuration, you may need to add a packet filtering rule to allow incoming traffic. For example, for the IPsec zone: a. Click to expand Firewall > Packet filtering. b. For Add packet filter, click g . c.
Page 564 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the AnywhereUSB Plus device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
Page 565 Virtual Private Networks (VPN) IPsec 17. Click to expand Local endpoint. a. For Type, select either: Default route: Uses the same network interface as the default route. Interface: Select the Interface to be used as the local endpoint. b. Click to expand ID. i.
Page 566 Virtual Private Networks (VPN) IPsec i. Click g next to Add Hostname. ii. For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown.
Page 567 Virtual Private Networks (VPN) IPsec b. Click to expand Local network. c. For Type, select one of the following: Address: The address of a local network interface. For Address, select the appropriate interface. Network: The subnet of a local network interface. For Address, select the appropriate interface.
Page 568 Virtual Private Networks (VPN) IPsec Never: Do not send oversized IKE messages in fragments. Accept: Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is Always. e. For Enable padding, click to disable the padding of IKE packets. This should normally not be disabled except for compatibility purposes.
Page 569 Virtual Private Networks (VPN) IPsec c. For Timeout, type the number of seconds to wait for a response from a dead peer packet before assuming the tunnel has failed. 22. (Optional) Click to expand NAT to create a list of destination networks that require source NAT. a.
Page 570 IPsec Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 571 Virtual Private Networks (VPN) IPsec Note Depending on your network configuration, you may need to add a packet filtering rule to allow incoming traffic. For example, for the IPsec zone: a. Type ... to move to the root of the configuration: (config vpn ipsec tunnel ipsec_example)>...
Page 572 Virtual Private Networks (VPN) IPsec esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. 9. (Optional) Set the management priority for this IPsec tunnel: (config vpn ipsec tunnel ipsec_example)> mgmt value (config vpn ipsec tunnel ipsec_example)>...
Page 573 Virtual Private Networks (VPN) IPsec c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key (config vpn ipsec tunnel ipsec_example)> x509: Uses private key and X.509 certificates to authenticate with the remote peer. a.
Page 574 Virtual Private Networks (VPN) IPsec a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> c.
Page 575 Virtual Private Networks (VPN) IPsec Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. (config vpn ipsec tunnel ipsec_example)> local id type ipv4_id (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity.
Page 576 Virtual Private Networks (VPN) IPsec b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: round_robin: Attempts to connect to hostnames sequentially based on the list order.
Page 577 Virtual Private Networks (VPN) IPsec rfc822: The ID will be interpreted as an RFC822 (email address). Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity.
Page 578 Virtual Private Networks (VPN) IPsec never: Do not send oversized IKE messages in fragments. accept: Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes.
Page 579 Virtual Private Networks (VPN) IPsec The default is nine minutes. i. Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ii.
Page 580 Virtual Private Networks (VPN) IPsec j. Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 2: i. Move back two levels in the schema: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> .. (config vpn ipsec tunnel ipsec_example ike)> ii.
Page 581 Virtual Private Networks (VPN) IPsec 16. (Optional) Configure dead peer detection: Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically restarted when failure occurs. a.
Page 582 Virtual Private Networks (VPN) IPsec (config vpn ipsec tunnel ipsec_example policy 0)> local type value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: address: The address of a local network interface. Set the address: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)>...
Page 583 Virtual Private Networks (VPN) IPsec ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example policy 0)> local network eth1 (config vpn ipsec tunnel ipsec_example policy 0)> custom: A user-defined network. Set the custom network: (config vpn ipsec tunnel ipsec_example policy 0)> local custom value (config vpn ipsec tunnel ipsec_example policy 0)>...
Page 584 Virtual Private Networks (VPN) IPsec 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB®...
Page 585: Configure Ipsec Failover
Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the AnywhereUSB Plus device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
Page 586 Virtual Private Networks (VPN) IPsec Metric: 20 Local endpoint > Interface: ETH2 Remote endpoint > Hostname: 192.168.10.1 In this configuration: 1. Tunnel_1 will normally be used for traffic destined for the 192.168.10.1 endpoint. 2. If pings to 192.168.10.2 fail, SureLink will shut down the tunnel and renegotiate its IPsec connection.
Page 587 Virtual Private Networks (VPN) IPsec 1. Configure the primary IPsec tunnel. See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a low value (for example, 10): (config vpn ipsec tunnel IPsecFailoverPrimaryTunnel)> metric 10 (config vpn ipsec tunnel IPsecFailoverPrimaryTunnel)>...
Page 588: Configure Surelink Active Recovery For Ipsec
(config vpn ipsec tunnel backup_ipsec_tunnel)> Configure SureLink active recovery for IPsec You can configure the AnywhereUSB Plus device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
Page 589 Virtual Private Networks (VPN) IPsec 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
Page 590 Virtual Private Networks (VPN) IPsec 12. For Response timeout, type the amount of time that the device should wait for a response to a probe attempt before considering it to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}.
Page 591 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 592 Virtual Private Networks (VPN) IPsec 7. Set the Interval between connectivity tests: (config vpn ipsec tunnel ipsec_example)> connection_monitor interval value (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}.
Page 593 Virtual Private Networks (VPN) IPsec b. Set the test type: (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> test value (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is one of: ping (IPv4) or ping6 (IPv6): Tests connectivity by sending an ICMP echo request to a specified hostname or IP address.
Page 594: Show Ipsec Status And Statistics
Virtual Private Networks (VPN) IPsec (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> interface_down_time value (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example connection_monitor...
Page 595: Debug An Ipsec Configuration
Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 596 Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level, you can enable the AnywhereUSB Plus device to write additional debug messages to the system log. The command accepts the following values to set the debug level: -1 —...
Page 597: Configure A Simple Certificate Enrollment Protocol Client
Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509 certificate deployment. You can configure AnywhereUSB Plus device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
Page 598 Virtual Private Networks (VPN) IPsec 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > SCEP Client.
Page 599 13. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 600 8. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the AnywhereUSB Plus device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
Page 601: Example: Scep Client Configuration With Fortinet Scep Server
Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the AnywhereUSB Plus device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
Page 602 On the AnywhereUSB Plus device: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > SCEP Client.
Page 603 Virtual Private Networks (VPN) IPsec 5. Click Enable to enable the SCEP client. 6. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortinet server.
Page 604 Virtual Private Networks (VPN) IPsec AnywhereUSB® Plus User Guide...
Page 605 IPsec Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 606 (config network scep_client Fortinet_SCEP_client)> renewable_time integer (config network scep_client Fortinet_SCEP_client)> 9. (Optional) Set the filename of the Certificate Revocation List (CRL) from the CA. The CRL is stored on the AnywhereUSB Plus device in the /etc/config/scep_client/client_name directory. (config network scep_client Fortinet_SCEP_client)> crl_name name (config network scep_client Fortinet_SCEP_client)>...
Page 607: Openvpn
OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The AnywhereUSB Plus device supports two mechanisms for configuring an OpenVPN server in TAP mode:...
Page 608: Configure An Openvpn Server
Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The AnywhereUSB Plus device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
Page 609 Additional OpenVPN parameters. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
Page 610 Virtual Private Networks (VPN) OpenVPN The OpenVPN server is enabled by default. To disable, click Enable. 5. For Device type, select the mode used by the OpenVPN server, either: TUN (OpenVPN managed) TAP - OpenVPN managed TAP - Device only OpenVPN for information about OpenVPN server modes.
Page 611 Virtual Private Networks (VPN) OpenVPN b. Paste the contents of the CA certificate (usually in a ca.crt file), the Public key (for example, server.crt), the Private key (for example, server.key), and the Diffie Hellman key (usually in dh2048.pem) into their respective fields. The contents will be hidden when the configuration is saved.
Page 612 OpenVPN Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 613 Virtual Private Networks (VPN) OpenVPN 5. If tap or tun are set for device_type: a. Set the IP address and subnet mask of the OpenVPN server. (config vpn openvpn server name)> address ip_address/netmask (config vpn openvpn server name)> b. Set the firewall zone for the OpenVPN server. For TUN device types, this should be set to internal to treat clients as LAN devices.
Page 614 Virtual Private Networks (VPN) OpenVPN ii. Set the last address in the range limit: (config vpn openvpn server name)> server_last_ip value (config vpn openvpn server name)> where value is a number between 1 and 255. The number entered here will represent the last client IP address.
Page 615 Virtual Private Networks (VPN) OpenVPN iii. Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> iv. Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: (config vpn openvpn server name)>...
Page 616 Virtual Private Networks (VPN) OpenVPN Use ... network interface ? to display interface information: (config vpn openvpn server name)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP defaultlinklocal Default Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem (config vpn openvpn server name)>...
Page 617: Configure An Openvpn Authentication Group And User
É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 618 Virtual Private Networks (VPN) OpenVPN 3. Add an OpenVPN authentication group: a. Click Authentication > Groups. b. For Add Group, type a name for the group (for example, OpenVPN_Group) and click g . The new authentication group configuration is displayed. c.
Page 619 Virtual Private Networks (VPN) OpenVPN 4. Add an OpenVPN authentication user: a. Click Authentication > Users. b. For Add, type a name for the user (for example, OpenVPN_User) and click g . c. Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods.
Page 620 OpenVPN Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 621: Configure An Openvpn Client By Using An .Ovpn File
OpenVPN active recovery. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 622 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 623: Configure An Openvpn Client Without Using An .Ovpn File
Virtual Private Networks (VPN) OpenVPN dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn openvpn client name)> 5. (Optional) Set the route metric for the OpenVPN server. If multiple active routes match a destination, the route with the lowest metric will be used. (config vpn openvpn client name)>...
Page 624 OpenVPN active recovery. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 625 Virtual Private Networks (VPN) OpenVPN 5. The OpenVPN client is enabled by default. To disable, click Enable. 6. The default behavior is to use an OVPN file for client configuration. To disable this behavior and configure the client manually, click Use .ovpn file to disable. 7.
Page 626 Virtual Private Networks (VPN) OpenVPN 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 627 Virtual Private Networks (VPN) OpenVPN (config vpn openvpn client name)> 7. (Optional) Set the route metric for the OpenVPN server. If multiple active routes match a destination, the route with the lowest metric will be used. (config vpn openvpn client name)> metric value (config vpn openvpn client name)>...
Page 628: Configure Surelink Active Recovery For Openvpn
Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the AnywhereUSB Plus device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
Page 629 Virtual Private Networks (VPN) OpenVPN 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
Page 630 Virtual Private Networks (VPN) OpenVPN 11. For Attempts, type the number of probe attempts before the WAN is considered to have failed. 12. For Response timeout, type the amount of time that the device should wait for a response to a probe attempt before considering it to have failed.
Page 631 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 632 Virtual Private Networks (VPN) OpenVPN 6. To configure the device to reboot when the interface is considered to have failed: (config vpn openvpn client openvpn_client1)> connection_monitor reboot enable (config vpn openvpn client openvpn_client1)> 7. Set the Interval between connectivity tests: (config vpn openvpn client openvpn_client1)>...
Page 633 Virtual Private Networks (VPN) OpenVPN 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add connection_monitor target end (config vpn openvpn client openvpn_client1 connection_monitor target 0)> b. Set the test type: (config vpn openvpn client openvpn_client1 connection_monitor target 0)>...
Page 634 Virtual Private Networks (VPN) OpenVPN (config vpn openvpn client openvpn_client1 connection_monitor target 0)> interface_up (IPv4) or interface_up6 (IPv6): : The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this test is considered to have failed. (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: (config vpn openvpn client openvpn_client1 connection_monitor...
Page 635: Show Openvpn Server Status And Statistics
OpenVPN server's status pane. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 636: Show Openvpn Client Status And Statistics
OpenVPN client's status pane. Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 637 Virtual Private Networks (VPN) OpenVPN Use File : true Metric Protocol : udp Port : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.
Page 638: Generic Routing Encapsulation (Gre)
Task One: Create a GRE loopback endpoint interface É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 639 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 640 10. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 641 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) GRE tunnels are enabled by default. To disable: (config vpn iptunnel gre_example)> enable false (config vpn iptunnel gre_example)> 4. Set the local endpoint to the GRE endpoint interface created in Task One, for example: (config vpn iptunnel gre_example)>...
Page 642: Show Gre Tunnels
To view information about currently configured GRE tunnels: É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the (configuration) icon in the upper right of the tunnel's status pane.
Page 643: Example: Gre Tunnel Over An Ipsec Tunnel
Generic Routing Encapsulation (GRE) Example: GRE tunnel over an IPSec tunnel The AnywhereUSB Plus device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 644 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on AnywhereUSB Plus-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
Page 645 15. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 646 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 6. Add a policy: (config vpn ipsec tunnel ipsec_gre1)> add policy end (config vpn ipsec tunnel ipsec_gre1 policy 0)> 7. Set the local network policy type to custom: (config vpn ipsec tunnel ipsec_gre1 policy 0)> local type custom (config vpn ipsec tunnel ipsec_gre1 policy 0)>...
Page 647 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) Task two: Create an IPsec endpoint interface É WebUI 1. Click Network > Interface. 2. For Add Interface, type ipsec_endpoint1 and click g . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5.
Page 648 2. For Add IP Tunnel, type gre_tunnel1 and click g . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). 4. For Remote endpoint, type the IP address of the GRE tunnel on AnywhereUSB Plus-2, 172.30.0.2. AnywhereUSB® Plus User Guide...
Page 649 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
Page 650 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) Task four: Create an interface for the GRE tunnel device É WebUI 1. Click Network > Interfaces. 2. For Add Interface, type gre_interface1 and click g . 3. For Zone, select Internal. 4.
Page 651 Task one: Create an IPsec tunnel É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec > Tunnels.
Page 652 6. For Pre-shared key, type the same pre-shared key that was configured for the AnywhereUSB Plus-1 (testkey). 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the AnywhereUSB Plus-1 device. 9. Click to expand Policies. 10. For Add Policy, click g to add a new policy.
Page 653 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 654 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) É WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click g . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6.
Page 655 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on AnywhereUSB Plus-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. AnywhereUSB® Plus User Guide...
Page 656 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
Page 657 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 3. For Zone, select Internal. 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel2). 5. Click to expand IPv4. 6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel. 7.
Page 658: Nemo
Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the AnywhereUSB Plus device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 659 If the local network is set to Interface, identify the local interface to be used. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
Page 660 14. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 661 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the AnywhereUSB Plus device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 662 Virtual Private Networks (VPN) NEMO 10. Set the firewall zone for the NEMO tunnel: (config vpn nemo nemo_example)> zone zone (config vpn nemo nemo_example)> To view a list of available zones: (config vpn nemo nemo_example)> zone ? Zone: The firewall zone assigned to this network interface. This can be used by packet filtering rules and access control lists to restrict network traffic on...
Page 663 Virtual Private Networks (VPN) NEMO (config vpn nemo nemo_example)> coaddress interface ii. Set the interface. For example: (config vpn nemo nemo_example)> coaddress interface eth1 (config vpn nemo nemo_example)> If ip is used, set the IP address: (config vpn nemo nemo_example)> coaddress address IP_address (config vpn nemo nemo_example)>...
Page 664: Show Nemo Status
Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 665: L2Tpv3
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Your AnywhereUSB Plus device supports Layer 2 Tunnelling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your AnywhereUSB Plus device supports Layer 2 Tunnelling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
Page 666 The Sequence numbering control. É WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > L2TPv3 ethernet.
Page 667 11. Click Apply to save the configuration and apply the change. Command line 1. Log into the AnywhereUSB Plus command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 668 Virtual Private Networks (VPN) L2TPv3 ii. Set the interface. For example: (config vpn l2tpeth L2TPv3_example)> local /network/interface/eth1 (config vpn l2tpeth L2TPv3_example)> 6. Set the tunnel identifier for this tunnel. This must match the value for peer tunnel ID on the remote peer.
Page 669: Show L2Tpv3 Tunnel Status
Virtual Private Networks (VPN) L2TPv3 11. Set the session ID of the remote peer: (config vpn l2tpeth L2TPv3_example session_example)> peer_session_id value (config vpn l2tpeth L2TPv3_example session_example)> where value is any integer between 1 and 4294967295. 12. (Optional) Set the cookie value to be assigned to the session. (config vpn l2tpeth L2TPv3_example session_example)>...
Page 670 Command line 1. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
Page 671 Command line interface This chapter contains the following topics: Access the command line interface Log in to the command line interface Exit the command line interface Execute a command from the web interface Display help for commands and parameters Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command...
Page 672: Command Line Interface
You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 673: Exit The Command Line Interface
2. At the main menu, click Terminal. The device console appears. AnywhereUSB Plus login: 3. Log into the AnywhereUSB Plus command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 674: Display Help For Commands And Parameters
Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the AnywhereUSB Plus command line, and other keyboard shortcuts: > help Commands...
Page 675: Display Help For Individual Commands
Command line interface Display help for commands and parameters traceroute Print the route packets trace to network host. update Update firmware. > Display help for individual commands When included with a command name, both ? and help provide further information about the command.
Page 676: Use The Tab Key Or The Space Bar To Display Abbreviated Help
Command line interface Auto-complete commands and parameters Use the Tab key or the space bar to display abbreviated help When executed from the root command prompt, pressing the Tab key or the space bar displays an abbreviated list of available commands: Similar behavior is available with any command name: >...
Page 677: Available Commands
Reboots the AnywhereUSB Plus device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the AnywhereUSB Plus device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.
Page 678: Use The Scp Command
The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the AnywhereUSB Plus device from a remote host, or to the remote host from the AnywhereUSB Plus device.
Page 679: Display Status And Statistics Using The Show Command
AnywhereUSB Plus device. To copy a support report from the AnywhereUSB Plus device to a remote host at the IP address of 192.168.4.1: 1.
Page 680: Show System
Device configuration using the command line interface show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi AnywhereUSB Plus Serial Number : AnywhereUSB Plus-000065 : AnywhereUSB Plus Hostname : AnywhereUSB Plus MAC Address...
Page 681: Execute Configuration Commands At The Root Admin Cli Prompt
For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The AnywhereUSB Plus device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
Page 682: Configuration Mode
Command line interface Configuration mode > config service ? Services Additional Configuration ------------------------------------------------------------------------- mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP web_admin Web administration > config service 3. Next, display help for the config service ssh command: >...
Page 683: Enable Configuration Mode
Command line interface Configuration mode do not take effect until the configuration is saved. Enable configuration mode To enable configuration mode, at the root prompt, enter the config command without any parameters: > config (config)> When the command line is in configuration mode, the prompt will change to include (config), to indicate that you are currently in configuration mode.
Page 684: Exit Configuration Mode Without Saving Changes
Command line interface Configuration mode (config)> save Configuration saved. > After using save to save changes to the configuration, you will automatically exit configuration mode. To return to configuration mode, type config again. Exit configuration mode without saving changes You can discard any unsaved configuration changes and exit configuration mode by using the cancel command: (config)>...
Page 685: Display Command Line Help In Configuration Mode
Command line interface Configuration mode Display command line help in configuration mode Display additional configuration commands, as well as available parameters and values, by entering the question mark (?) character at the config prompt. For example: 1. Enter ? at the config prompt: (config)>...
Page 686 Command line interface Configuration mode mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP web_admin Web administration (config)> service 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)>...
Page 687: Move Within The Configuration Schema
Command line interface Configuration mode (config)> service ssh 4. Lastly, to display allowed values and other information for the enable parameter, use one of the following methods: At the config prompt, enter service ssh enable ?: (config)> service ssh enable ? At the config prompt: a.
Page 688: Manage Elements In Lists
Command line interface Configuration mode 3. Type acl to move to the acl node: (config service ssh)> acl (config service ssh acl)> 4. Type zone to move to the zone node: (config service ssh acl)> zone (config service ssh acl zone)> You can also enter multiple nodes at once to move multiple steps in the configuration: (config)>...
Page 689 Command line interface Configuration mode (config)> add auth method 0 tacacs+ (config)> show auth method 0 tacacs+ 1 local (config)> To add the TACACS+ authentication method to the end of the list, use the end keyword: (config)> add auth method end tacacs+ (config)>...
Page 690: The Revert Command
(config)> The revert command The revert command is used to revert changes to the AnywhereUSB Plus device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
Page 691 Command line interface Configuration mode Revert all configuration changes to default settings To discard all configuration changes and revert to default settings, use the revert command at the config prompt without the optional path parameter: 1. At the config prompt, enter revert: (config)>...
Page 692: Enter Strings In Configuration Commands
(config)> system description "Digi AnywhereUSB Plus" Example: Create a new user by using the command line In this example, you will use the AnywhereUSB Plus command line to create a new user, provide a password for the user, and assign the user to authentication groups.
Page 693 Command line interface Configuration mode 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, create a new user with the username user1: Method one: Create a user at the root of the config prompt: (config)>...
Page 694 Command line interface Configuration mode enable false serial admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable true ports 0 port1 shell enable false (config auth user user1)> 6. Add the user to the admin group: (config auth user user1)>...
Page 695: Command Line Reference
Command line interface Command line reference Command line reference analyzer clear help mkdir modem monitoring more ping reboot show speedtest system traceroute config service anywhereusb enable config service anywhereusb port config service anywhereusb groups config service anywhereusb clients USEALLHUBADDRS AnywhereUSB® Plus User Guide...
Page 696: Analyzer
Command line interface Command line reference analyzer Analyzer commands. analyzer clear name STRING Clears the traffic captured by the analyzer. Parameters name Name of the capture filter to use. Syntax: STRING analyzer save filename STRING name STRING Saves the current captured traffic to a file. Parameters filename The filename to save captured traffic to.
Page 697 Command line interface Command line reference clear dhcp-lease Clear one or more DHCP leases. ip-address ADDRESS Clear the DHCP lease for an IP address. Parameters ADDRESS An IPv4 or IPv6 address (Required). clear dhcp-lease mac ADDRESS Clear the DHCP lease for a MAC address. Parameters ADDRESS 12-digit, colon-delimited MAC address [00:11:22:AA:BB:CC] (Required).
Page 698 Command line interface Command line reference cp commands. [force] SOURCE DESTINATION Copy a file or directory. Parameters source The source file or directory to copy. Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists.
Page 699: Help
Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None AnywhereUSB® Plus User Guide...
Page 700 Command line interface Command line reference Directory listing command. ls [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True AnywhereUSB®...
Page 701: Mkdir
Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING AnywhereUSB® Plus User Guide...
Page 702: Modem
Command line interface Command line reference modem Modem commands. modem at [imei STRING] [name STRING] CMD Send an AT command to the modem and display the response. Parameters The AT command string. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name...
Page 703 Commands for performing FOTA (firmware-over-the-air) interactions with cellular modem. ota check [imei STRING] [name STRING] Query the Digi firmware server for the latest remote modem firmware version. Parameters imei The IMEI of the modem to execute this CLI command on...
Page 704 Command line interface Command line reference ota list [imei STRING] [name STRING] Query the Digi firmware server for a list of modem firmware versions. Parameters imei The IMEI of the modem to execute this CLI command on Optional: True Type: string...
Page 705 Command line interface Command line reference Optional: True Type: string name The configured name of the modem to execute this CLI command on Optional: True Ref: /network/modem Type: string version Firmware version name Optional: True Type: string modem pin PIN commands. pin change [imei STRING] [name STRING] OLD-PIN NEW-PIN Change the SIM's PIN code.
Page 706 Command line interface Command line reference Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True pin enable [imei STRING] [name STRING] PIN Enable the PIN lock on the SIM card that is active in the modem.
Page 707 Command line interface Command line reference pin unlock [imei STRING] [name STRING] PIN Temporarily unlock the SIM card with a PIN code. Set the PIN field in the modem interface's configuration to unlock the SIM card automatically before use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM.
Page 708 Command line interface Command line reference new-pin The PIN code to change to. Syntax: STRING imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True modem reset [imei STRING] [name STRING]...
Page 709: Monitoring
Command line interface Command line reference Parameters slot The SIM slot to change to. Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True monitoring...
Page 710: More
Command line interface Command line reference more path The file to view. Syntax: STRING AnywhereUSB® Plus User Guide...
Page 711 Command line interface Command line reference Move a file or directory. mv [force] SOURCE DESTINATION Parameters source The source file or directory to move. Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists.
Page 712: Ping
Command line interface Command line reference ping Ping a host using ICMP echo. ping [broadcast|ipv6] [count INTEGER] [interface STRING] [size INTEGER] [source STRING] HOST Parameters host The name or address of the remote host to send ICMP ping requests to. If broadcast is enabled, can be the broadcast address.
Page 713 Command line interface Command line reference source The ping command will send a packet with the source address set to the IP address of this interface, rather than the address of the interface the packet is sent from. Syntax: STRING Optional: True AnywhereUSB®...
Page 714: Reboot
Command line interface Command line reference reboot Reboot the system. Parameters None AnywhereUSB® Plus User Guide...
Page 715 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True AnywhereUSB® Plus User Guide...
Page 716: Scp
Command line interface Command line reference Copy a file or directory over SSH. scp host STRING local STRING [port INTEGER] remote STRING to STRING user STRING Parameters host The name or address of the remote host. Syntax: STRING local The file to copy to or from on the local device. Syntax: STRING port The SSH port to use to connect to the remote host.
Page 717: Show
Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. AnywhereUSB® Plus User Guide...
Page 718 Command line interface Command line reference Parameters None show dhcp-lease [all|verbose] Show DHCP leases. Parameters Show all leases (active and inactive (not in etc/config/dhcp.*lease)). Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show dns...
Page 719 Command line interface Command line reference Syntax: STRING Optional: True name The configured instance name of the hotspot. Syntax: STRING Optional: True show ipsec [all] [tunnel STRING] Show IPsec status statistics. Parameters Display all tunnels including disabled tunnels. Syntax: BOOLEAN Default: False Optional: True tunnel...
Page 720 Command line interface Command line reference Syntax: (critical|warning|debug|info) Optional: True number Number of lines to retrieve from log. Syntax: INT Minimum: 1 Default: 20 show manufacture [verbose] Show manufacturer information. Parameters verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show modem [verbose] [imei STRING] [name STRING]...
Page 721 Command line interface Command line reference Parameters name The name of a specific NEMO instance. show network [all|verbose] [interface STRING] Show network interface status and statistics. Parameters Display all interfaces including disabled interfaces. Syntax: BOOLEAN Default: False Optional: True interface Display more details and config data for a specific network interface.
Page 722 Command line interface Command line reference Syntax: STRING Optional: True openvpn server [all] [name STRING] Show OpenVPN server status and statistics. Parameters Display all servers including disabled servers. Syntax: BOOLEAN Default: False Optional: True name Display more details and config data for a specific OpenVPN server. Syntax: STRING Optional: True show route [ipv4|ipv6|verbose]...
Page 723 Command line interface Command line reference show serial PORT Show serial status and statistics. Parameters port Display more details and config data for a specific serial port. Syntax: STRING Optional: True show system [verbose] Show system status and statistics. Parameters verbose Display more information (disk usage, etc) Syntax: BOOLEAN...
Page 724: Speedtest
Command line interface Command line reference Type: boolean name Display more details and configuration data for a specific VRRP instance. Optional: True Type: string verbose Display all VRRP status and statistics including disabled instances. Syntax: {True|False} Type: boolean show web-filter Show web filter status and statistics.
Page 725 Command line interface Command line reference host The hostname or IP address of the remote host Syntax: {hostname|IPv4_address|IPv6_address} Type: string port The SSH port to use to connect to the remote host. Default: 22 Maximum: 65535 Minimum: 1 Syntax: {Integer} Type: integer user The username to use when connecting to the remote host.
Page 726: System
Command line interface Command line reference system System commands. system backup Save the device's configuration to a file. Archives are full backups including generated SSH keys and dynamic DHCP lease information. Command backups are a list of CLI commands required to build the device's configuration.
Page 727 Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update.
Page 728 Command line interface Command line reference Syntax system firmware update [version STRING] Parameters version: Firmware version name system restore Restore the device's configuration from a backup archive or CLI commands file. Syntax system restore PATH [passphrase STRING] Parameters PATH: The path to the backup file. (Required) passphrase: Decrypt the archive with a passphrase.
Page 729 Command line interface Command line reference system serial save Saves the current serial log to a file. Syntax system serial save PORT FILENAME Parameters PORT: Serial port (Required). FILENAME: The filename to save the serial log. The file will be saved to the device's /etc/config/serial directory.
Page 730 Command line interface Command line reference Syntax system support-report path Parameters path: The file path to save the support report to. (Default: /var/log/) system time set Set the local date and time using the timezone set in the system.time.timezone config setting. Syntax system time set DATETIME Parameters...
Page 731: Traceroute
Command line interface Command line reference traceroute Print the route packets trace to network host. traceroute [bypass|debug|dontfragment|icmp|ipv6|nomap] [first_ttl INTEGER] [gateway STRING] [interface STRING] [max_ttl INTEGER] [nqueries INTEGER] [packetlen INTEGER] [pausemsecs INTEGER] [port INTEGER] [src_addr STRING] [tos INTEGER] [waittime INTEGER] HOST Parameters bypass Bypass the normal routing tables and send directly to a host on an attached network.
Page 732 Command line interface Command line reference Optional: True interface Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table. Syntax: STRING Optional: True ipv6 If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True...
Page 733 Command line interface Command line reference port Specifies the destination port base traceroute will use (the destination port number will be incremented by each probe). A value of -1 specifies that no specific port will be used. Syntax: INT Minimum: -1 Default: -1 src_addr Chooses an alternative source address.
Page 734: Config Service Anywhereusb Enable
Command line interface Command line reference config service anywhereusb enable config service anywhereusb enable true|false Allow remote access to USB devices connected to this server. The default TCP Port value is 18574. AnywhereUSB® Plus User Guide...
Page 735: Config Service Anywhereusb Port
Command line interface Command line reference config service anywhereusb port config service anywhereusb port {1-65535} Specify the port number that is used to access the Hub. The default value is 18574. If you change the port number you must also change the corresponding port number on your computer. AnywhereUSB®...
Page 736: Config Service Anywhereusb Groups
Command line interface Command line reference config service anywhereusb groups Assign a name to each group and specify the ports in each group. When a client connects to a group the AnywhereUSB Manager, the user has access to all of the ports in the group. You can change the name for a group in the Group Description field.
Page 737 Command line interface Command line reference Delete a port from a group In the previous example, there are three assigned ports in group 1: port 1 (occupying index position 0), port 2 (index position 1) and port 3 (index position 2). This example shows how to delete ports 2 and 3, leaving only port 1 in this group.
Page 738: Config Service Anywhereusb Clients
Command line interface Command line reference config service anywhereusb clients Add a client ID to the client list. When a computer searches for Hubs, any computer with a client ID on the client list can connect to the Hub. You can also add client IDs in the web UI. See Manually add a client Syntax...
Page 739: Useallhubaddrs
Command line interface Command line reference Replace a group This example replaces the group at index 0 with group 2. The client must have at least one group already assigned. config service anywhereusb clients 0 groups 0 group02 Delete a client You must specify the index of the client (0-254) to delete it.
Page 740: Configure The Anywhereusb Manager From The Command Line
You can create a new client ID from the CLI by adding a new client, assigning a client ID, and then giving permission for this client to use the specified groups. Note Digi recommends that you create new client IDs and assign groups from the web UI. See Manually add a client Example: Create a client ID This example explains how to create a client ID named "client1"...
Page 741 Configure the AnywhereUSB Manager from the command line Create a new client ID from the CLI > config (config)> service anywhereusb clients (config service anywhereusb clients)> add end (config service anywhereusb clients 0)> id client1 (config service anywhereusb clients 0)> descripton "lab computer" (config service anywhereusb clients 0)>...
Page 742: Autoconnect Clear All
Configure the AnywhereUSB Manager from the command line autoconnect clear all autoconnect clear all Purpose Disables the auto connect feature for all Hubs, groups, and devices. When complete no asterisks or plus signs display next to Hub, group, or device names. Syntax >awusbmanager autoconnect clear all Examples...
Page 743: Autoconnect Clear Group
Configure the AnywhereUSB Manager from the command line autoconnect clear group autoconnect clear group Purpose Disable the auto connect feature for a specified group. When you disable auto connect for a group, an asterisk no longer displays next to the group name. In addition, any devices in the group no longer inherit the auto connect feature, and the plus sign no longer displays next to the device names.
Page 744 Configure the AnywhereUSB Manager from the command line autoconnect clear group AW02-000001 (AW02-000001.local.:18574) Group 2 (AW02-000001.2) Group 1 (AW02-000001.1) (In-use by you) U3 Cruzer Micro (AW02-000001.1101) (In-use by you) * means Autoconnect enabled, + means Autoconnect inherited Auto-Find: enabled Autoconnect All: disabled AnywhereUSB Manager not running as a service AnywhereUSB®...
Page 745: Autoconnect Group
Configure the AnywhereUSB Manager from the command line autoconnect group autoconnect group Purpose Enable the auto connect feature for a specified group. This feature ensures that when you start the AnywhereUSB Manager as a stand-alone or when it starts at Windows startup if installed as a service, you are automatically connected to all of the groups to which you are allowed access that have auto connect enabled.
Page 746 Configure the AnywhereUSB Manager from the command line autoconnect group AnywhereUSB Manager, below are the available devices: AW02-000001 (AW02-000001.local.:18574) Group 2 (AW02-000001.2) (In-use by you) Group 1 (AW02-000001.1) (In-use by you) U3 Cruzer Micro (AW02-000001.1101( (In-use by you) * means Autoconnect enabled, + means Autoconnect inherited Auto-Find: enabled Autoconnect All: disabled AnywhereUSB Manager not running as a service...
Page 747: Autofind
Configure the AnywhereUSB Manager from the command line autofind autofind Purpose Enables and disables the autofind feature. When enabled, all Hubs connected to the network when AnywhereUSB Manager launches are automatically found. This command works as a toggle, or you can can specify "on" or "off." Before you used the command, you should verify the status of the autofind feature.
Page 748 Configure the AnywhereUSB Manager from the command line autofind Group 1 (AW02-000001.1) (In-use by you) U3 Cruzer Micro (AW02-000001.1101) * means Autoconnect enabled, + means Autoconnect inherited Auto-Find: disabled Autoconnect All: disabled AnywhereUSB Manager not running as a service You can run the autofind command again to enable the feature. You can specify the "on" option, but it is not required.
Page 749: Connect Device
Configure the AnywhereUSB Manager from the command line connect device connect device Purpose Connect to a USB device in a group to which you have access. You cannot connect to a device in a group that is already in use. You must be connected to the group before you can connect to a device in that group.
Page 750 Configure the AnywhereUSB Manager from the command line connect device Auto-Find: enabled Autoconnect All: disabled AnywhereUSB Manager not running as a service AnywhereUSB® Plus User Guide...
Page 751: Connect Group
Configure the AnywhereUSB Manager from the command line connect group connect group Purpose You can connect to a group so that you have access to the ports in the group. Once you have connected to a group, no one else can connect to that group. You cannot connect to a group that is already is use.
Page 752: Device Info
Configure the AnywhereUSB Manager from the command line device info device info Purpose Displays information about a device. For more information, see AnywhereUSB Manager USB Device Status pane. Syntax >awusbmanager device info,<address> The [address] is the address of the device for which you want to display information. The address is required.
Page 753: Device Name
Configure the AnywhereUSB Manager from the command line device name device name Purpose Change or assign the local name of a device. Syntax >awusbmanager device name,<address>,<new name> The <device name> is the device's address. The <new name> is the new local name for the device. Examples Run the list...
Page 754: Disconnect Device
Configure the AnywhereUSB Manager from the command line disconnect device disconnect device Purpose Disconnect from a USB device to which you no longer need access. You will remain connected to the group that the device is in. Other users cannot connect the USB device, since you still own the group that the USB device is in.
Page 755: Disconnect Group
Configure the AnywhereUSB Manager from the command line disconnect group disconnect group Purpose You can disconnect from a group that has ports you no longer need access to. You are disconnected from all USB devices and ports in that group. Any other user can then connect to that group. Note If the group has auto connect enabled, and you want to disconnect from the group, note that when you disconnect from the group you will be automatically reconnected.
Page 756 Configure the AnywhereUSB Manager from the command line disconnect group Autoconnect All: disabled AnywhereUSB Manager not running as a service AnywhereUSB® Plus User Guide...
Page 757: Exit
Configure the AnywhereUSB Manager from the command line exit exit Purpose Shuts down the service. If the AnywhereUS Manager is open, it is shut down as well. Syntax >awusbmanager exit AnywhereUSB® Plus User Guide...
Page 758: Group Info
Configure the AnywhereUSB Manager from the command line group info group info Purpose Displays information about a group. For more information, see AnywhereUSB Manager Group Status pane. Syntax >awusbmanager group info,[address] The [address] is the address of the group for which you want to display information. The address is required.
Page 759: Group Name
Configure the AnywhereUSB Manager from the command line group name group name Purpose Change or assign the local name of the group. Syntax >awusbmanager group name,<address,<new name> The <group name> is the group's address. The <new name> is the new local name for the group. Examples Run the list...
Page 760: Hidden Hub Add
Configure the AnywhereUSB Manager from the command line hidden hub add hidden hub add Purpose Hide a Hub by adding it to the hidden Hubs list. Note For information on hiding Hubs in the AnywhereUSB Manager, see Hide an individual Hub Hide all unauthorized Hubs.
Page 761: Hidden Hub List
Configure the AnywhereUSB Manager from the command line hidden hub list hidden hub list Purpose Displays a list of Hubs that have been added to the hidden Hubs list. You can choose to hide Hubs that currently display in the AnywhereUSB Manager, such as an unauthorized Hub (which displays with a red X next to the Hub name), or a Hub which users shouldn't access.
Page 762: Hidden Hub Remove
Configure the AnywhereUSB Manager from the command line hidden hub remove hidden hub remove Purpose Remove a Hub from the hidden Hubs list. Syntax >awusbmanager hidden hub remove,<address>[:port] The <address> is the address of the hub that you want to remove from the hidden Hub list. This is required.
Page 763: Hidden Hub Remove All
Configure the AnywhereUSB Manager from the command line hidden hub remove all hidden hub remove all Purpose Remove all the Hubs in the hidden Hubs list. Syntax >awusbmanager hidden hub remove all Examples Run the command to view the list of hidden Hubs. hidden hub list 10.10.10.12:18574 10.10.10.14:18574...
Page 764: Help
Configure the AnywhereUSB Manager from the command line help help Purpose Displays a list of the CLI commands for the AnywhereUSB Manager. Syntax >awusbmanager help AnywhereUSB® Plus User Guide...
Page 765: Hub Info
Information about the Hub displays. NAME: AW02-000001 LOCALNAME: HUB-000001 MODEL: AnywhereUSB 2 Plus VERSION: 3.0.0.54 awusb dby-3.0.0.54 01/03/2019 16:44:25 CST 20190103224522 STATE: Active (secure) ADDRESS: AW02-000001.local. (SSL Subject:/C=US/ST=Minnesota/O=Digi International Inc/CN=unknown ,Issuer:/C=US/ST=Minnesota/O=Digi International Inc/CN=unknown) (10.10.74.xxx) PORT: 18574 CONNECTED FOR: 22115 sec CONNECTION ID: 1...
Page 766: Hub Name
Configure the AnywhereUSB Manager from the command line hub name hub name Purpose Change or assign the local name of the Hub. Syntax >awusbmanager hub name,<address[:port]>,<new name> The <address> is the Hub's address. The <port> is the TCP port number for the Hub you want to rename. This is required if the TCP port number is not the default (18574).
Page 767: Known Hub Add
Configure the AnywhereUSB Manager from the command line known hub add known hub add Purpose Add a Hub to the known Hubs list. The Hubs in this list can be on the same network as your computer, or on a different network. If you add Hubs to the known Hubs list that are on the same network as our computer AND the autofind feature is enabled, duplicate entries display in the Hubs list.
Page 768: Known Hub List
Configure the AnywhereUSB Manager from the command line known hub list known hub list Purpose Displays a list of Hubs that have been added to the known Hubs list. Note For more information about known Hubs, see Manage the list of known Hubs.
Page 769: Known Hub Remove
Configure the AnywhereUSB Manager from the command line known hub remove known hub remove Purpose Remove a Hub from the known Hubs list. Note For information about using this feature in the AnywhereUSB Manager, see Manage the list of known Hubs. Syntax >awusbmanager known hub remove,<address>[:port] The <address>...
Page 770: Known Hub Remove All
Configure the AnywhereUSB Manager from the command line known hub remove all known hub remove all Purpose Remove all the Hubs in the known Hubs list. Syntax >awusbmanager known hub remove all Examples Run the command to view the list of known Hubs. known hub list 10.10.01.12:18574 10.10.01.14:18574...
Page 771: List
Configure the AnywhereUSB Manager from the command line list list Purpose Displays a list of Hubs, groups, and devices on the network as well as any Hubs the AnywhereUSB Manager knows about. Note This information is similar to what displays in the AnywhereUSB Manager. See AnywhereUSB Manager window.
Page 772: List Full
Configure the AnywhereUSB Manager from the command line list full list full Purpose Displays a list of all Hubs, groups, and devices on the network and includes all information about each Hub, group, or device. This command displays the same information retrieved by running these commands: list, info, group...
Page 773 Configure the AnywhereUSB Manager from the command line list full VENDOR: SanDisk VENDOR ID: 0x0781 PRODUCT: Cruzer PRODUCT ID: 0x5530 SERIAL: 20040000920A1C707B00 AUTOCONNECT: disabled IN USE BY: NO ONE Group 1 (AW08-D00001.1) (In-use by you) ADDRESS: AW08-D00001.1 GROUP: 1 NAME: Group PORTS: 1 2 3 4 AUTOCONNECT: enabled IN USE BY: YOU...
Page 774: Power Cycle
Configure the AnywhereUSB Manager from the command line power cycle power cycle Purpose This command enables you to power cycle a selected USB device. The USB device can be connected directly to the AnywhereUSB Hub or to a downstream USB hub. This resets the USB device and has the same effect as removing the USB device from the Hub and then reconnecting it.
Page 775 Configure the AnywhereUSB Manager from the command line power cycle AnywhereUSB® Plus User Guide...
Page 776: Powercycle Port
Configure the AnywhereUSB Manager from the command line powercycle port powercycle port Purpose This command enables you to power cycle a port on an AnywhereUSB Hub. When you power cycle the port, the port is powered off for 3 seconds and then powered on. If a USB device is connected to the port, the USB device is powered off and then powered back on, which has the same effect as removing the USB device from the Hub and then reconnecting it.
Page 777: Client Id
Security Security-related features in AnywhereUSB include: Unique password for each Hub. See Change the Hub password. Configurable network service port numbers. Secure access and authentication to the web UI and CLI. One password, one permission level. Selectively enable and disable network services such as mDNS, HTTP/HTTPS, and SSH. Encrypted access to AnywhereUSB®...
Page 778 Security Client ID WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub. The first time that a client ID on a computer connects to the Hub, the unique credentials for this known user are stored in your Hub.
Page 779: Troubleshooting
Troubleshooting The following information provides troubleshooting steps for the most common issues. To find information on other issues, visit our Knowledge Base at knowledge.digi.com. If you need to gather log files and other information, you can use the Create Support File feature.
Page 780: Anywhereusb Manager Client Id Is Not Unique
Troubleshooting AnywhereUSB Manager client ID is not unique AnywhereUSB Manager client ID is not unique During the initial installation of the Anywhere USB Manager, you are required to assign a unique client ID. When you launch the Manager for the first time and log in, the Manager creates a secure identity certificate that is associated with the client ID.
Page 781: Services Turned Off And Locked Out Of The Hub
Troubleshooting Services turned off and locked out of the Hub AnywhereUSB Manager, you can reassign all of the ports in a group to a different group. Once the group does not have any ports assigned to it, that group will not display. Open the web UI from your selected Hub.
Page 782: Hub Connection Is Taking Too Long
Verify that your firewall is not blocking the TCP port 18574. Ensure that Hub is configured correctly and the IP address is in the correct zone, which is generally the Edge option. See Review AnywhereUSB Plus default settings. Collect a...
Page 783 1. Open the Control Panel and select Progams and Features. 2. Select Digi AnywhererUSB Manager from the list. 3. Click Change. You may have to right-click on Digi AnywhererUSB Manager to see the option. The AnywhereUSB Manager installation wizard appears. 4. Click Next. The Program Maintenance window appears.
Page 784 AnywhereUSB 2 Plus: Front panel AnywhereUSB 2 Plus: Back panel AnywhereUSB 8 Plus: Front panel AnywhereUSB 8 Plus: Back panel AnywhereUSB 24 Plus: Front Panel AnywhereUSB 24 Plus: Back panel Additional power and cabling requirements: AnywhereUSB Plus 8 and 24 AnywhereUSB® Plus User Guide...
Page 785: Anywhereusb 2 Plus: Front Panel
Hardware AnywhereUSB 2 Plus: Front panel AnywhereUSB 2 Plus: Front panel Item Name Description WAN/ETH1 Ethernet connector. Connect the STP Cat 7 Ethernet cable. USB1 USB ports and LEDS. The USB port supports 1.1, 2.0, and 3.1 USB2 USB devices. The LED illuminates as follows, based on the speed of the USB device:...
Page 786 Hardware AnywhereUSB 2 Plus: Front panel Item Name Description Power connector Connect the power supply: 5 Volt DC center positive. The Hub draws 5 Amp maximum when both USB ports are drawing 1.8 Amps each. AnywhereUSB® Plus User Guide...
Page 787: Anywhereusb 2 Plus: Back Panel
ONLY). Attach a DIN rail clip (AnywhereUSB Plus 2-port ONLY) Note You can attach a DIN rail clip only to a AnywhereUSB Plus 2-port device. Before you begin You must purchase a DIN rail mounting kit: Digi PN 7000682. Note Some kits may not have the required screws included.
Page 788: Anywhereusb 8 Plus: Front Panel
Step 5: Connect to the device using an Ethernet LAN connection. Note Digi recommends that you use either the Ethernet cable or the SFP+ module. If both the Ethernet cable and the SFP+ module are connected, the SFP+ module will have priority. SFP+ Connect an SFP transceiver module for fiber connection, such as Finisar Network FTLX8574D3BCL SFP+.
Page 789: Wwan Service And Wwan Signal Led Descriptions
Hardware AnywhereUSB 8 Plus: Front panel Item Name Description Wi-Fi Service Reserved for future use. User LED LED used for the Find Me feature. When this feature is activated, the LED blinks orange and then green. Power LED Solid blue The Hub is powered on.
Page 790: Anywhereusb 8 Plus: Back Panel
Hardware AnywhereUSB 8 Plus: Back panel AnywhereUSB 8 Plus: Back panel Item Name Description Reserved for future use. Wi-Fi1 Reserved for future use. Wi-Fi2 Reserved for future use. Wi-Fi3 Reserved for future use. Wi-Fi4 Reserved for future use. WWAN2 Attach a cellular module antenna.
Page 791: Anywhereusb 24 Plus: Front Panel
ETH2 is the secondary network interface. This is optional and used for redundancy. Note Digi recommends that you use either the Ethernet cable or the SFP+ module. If both the Ethernet cable and the SFP+ module are connected, the SFP+ module will have priority.
Page 792: Wwan Service And Wwan Signal Led Descriptions
Hardware AnywhereUSB 24 Plus: Front Panel Item Name Description Fan2 LED The LED shows the status of Fan 2: Solid green The fan is running within normal range of use. Solid red The fan slows down or the Hub is overheating. User LED LED used for the Find Me...
Page 793 Hardware AnywhereUSB 24 Plus: Front Panel WWAN Signal LED WWAN Service LED Description Solid green Modem is connected Solid red No SIM card present Fast flash green Connecting Solid green Modem signal strength: 5 bars Fast flash green Modem signal strength: 3-4 bars Slow flash green Modem signal strength: 1-2 bars Slow flash red...
Page 794: Anywhereusb 24 Plus: Back Panel
Hardware AnywhereUSB 24 Plus: Back panel AnywhereUSB 24 Plus: Back panel Item Name Description Reserved for future use. Wi-Fi1 Reserved for future use. Wi-Fi2 Reserved for future use. Wi-Fi3 Reserved for future use. Wi-Fi4 Reserved for future use. WWAN2 Attach a cellular module antenna.
Page 795: Additional Power And Cabling Requirements: Anywhereusb Plus 8 And 24
NEMA locking connector, 18 AWG. The male cable connector to the device is a 2ESDVM-02P (Dinkle). The product is certified and intended for use only with the Digi provided power supply. Use with 3rd party supplies is not covered by the Digi warranty.
Page 796 Software and reference Uninstall the AnywhereUSB Manager using Windows 3. Click Next. The Program Maintenance screen appears. 4. Select Remove. 5. Click Next. The Remove the Program screen appears. 6. Determine whether you want to remove the AnywhereUSB configuration settings that you have selected.
Page 797 Software and reference Install and uninstall the AnywhereUSB Manager using Linux retained and removed with the program. 7. Click Remove. If the AnywhereUSB Manager is open, the following dialog displays. Do not change the default settings. 8. Click OK. A progress bar appears. 9.
Page 798 Install/uninstall process Details about the installation and remove processes are found in the release notes. 1. Navigate to the AnywhereUSB Plus support page. Note This link navigates to the AnywhereUSB 8 Plus support page, but you can also navigate to the AnywhereUSB 2 Plus support page.
Page 799 Safety warnings English Bulgarian--български Croatian--Hrvatski French--Français Greek--Ελληνικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español AnywhereUSB® Plus User Guide...
Page 800 English This equipment is not suitable for use in locations where children are likely to be present. Ensure that the power cord is connected to a socket-outlet with earthing connection. Disconnect all energy sources. This appliance does not contain any user-serviceable parts. Never open the equipment. For safety reasons, the equipment should be opened only by qualified personnel.
Page 801 Bulgarian--български Това оборудване не е подходящо за използване на места, където има вероятност да присъстват деца. Уверете се, че захранващият кабел е свързан към контакт със заземителна връзка. Изключете всички енергийни източници. Този уред не съдържа части, които обслужват потребителя. Никога не отваряйте оборудването.
Page 802 Croatian--Hrvatski Ova oprema nije prikladna za upotrebu na mjestima gdje će djeca vjerojatno biti prisutna. Provjerite je li kabel za napajanje spojen na utičnicu s uzemljenjem. Isključite sve izvore energije. Ovaj uređaj ne sadrži dijelove koje korisnik može servisirati. Nikada ne otvarajte opremu. Iz sigurnosnih razloga opremu bi trebalo otvarati samo kvalificirano osoblje.
Page 803 French--Français Cet équipement n'est pas adapté à une utilisation dans des endroits où des enfants sont susceptibles d'être présents. Assurez-vous que le cordon d'alimentation est connecté à une prise de courant avec mise à la terre. Déconnectez toutes les sources d'énergie. Cet appareil ne contient aucune pièce réparable par l'utilisateur.
Page 804 Greek--Ελληνικά Αυτός ο εξοπλισμός δεν είναι κατάλληλος για χρήση σε τοποθεσίες όπου τα παιδιά είναι πιθανό να είναι παρόντα. Βεβαιωθείτε ότι το καλώδιο τροφ οδοσίας είναι συνδεδεμένο σε πρίζα με σύνδεση γείωσης. Αποσυνδέστε όλες τις πηγές ενέργειας. Αυτή η συσκευή δεν περιέχει εξαρτήματα που μπορούν να επισκευαστούν από το χρήστη. Μην...
Page 805 Hungarian--Magyar Ez a berendezés nem alkalmas olyan helyeken történő használatra, ahol valószínűleg gyermekek tartózkodnak. Győződjön meg arról, hogy a tápkábel csatlakozik egy földelő csatlakozóaljzathoz. Válasszon le minden energiaforrást. Ez a készülék nem tartalmaz a felhasználó által javítható alkatrészeket. Soha ne nyissa ki a berendezést.
Page 806 Italian--Italiano Questa apparecchiatura non è adatta per l'uso in luoghi in cui è probabile la presenza di bambini. Assicurarsi che il cavo di alimentazione sia collegato ad una presa con messa a terra. Scollegare tutte le fonti di energia. Questo apparecchio non contiene parti riparabili dall'utente. Non aprire mai l'apparecchiatura.
Page 807 Latvian--Latvietis Šis aprīkojums nav piemērots lietošanai vietās, kur, iespējams, atrodas bērni. Pārliecinieties, ka strāvas vads ir pievienots kontaktligzdai ar zemējuma savienojumu. Atvienojiet visus enerģijas avotus. Šajā ierīcē nav nevienas lietotāja apkalpojamas daļas. Nekad neatveriet aprīkojumu. Drošības apsvērumu dēļ aprīkojumu drīkst atvērt tikai kvalificēts personāls. Eksplozijas risks, ja akumulatoru aizstāj ar nepareizu akumulatora tipu vai nepareizi ievietots akumulators.
Page 808 Lithuanian--Lietuvis Ši įranga nėra tinkama naudoti vietose, kur gali būti vaikai. Įsitikinkite, kad maitinimo laidas yra prijungtas prie lizdo su įžeminimu. Atjunkite visus energijos šaltinius. Šiame prietaise nėra naudotojui prižiūrimų dalių. Niekada neatidarykite įrangos. Saugumo sumetimais įrangą turėtų atidaryti tik kvalifikuotas personalas. Sprogimo pavojus, jei baterija pakeičiama netinkamu akumuliatoriaus tipu arba neteisingai įdėta.
Page 809 Polish--Polskie Este equipamento não é adequado para uso em locais onde haja crianças. Upewnij się, że przewód zasilający jest podłączony do gniazdka z uziemieniem. Odłącz wszystkie źródła energii. To urządzenie nie zawiera żadnych części, które mogą być naprawiane przez użytkownika. Nigdy nie otwieraj urządzenia.
Page 810 Portuguese--Português Este equipamento não é adequado para uso em locais onde haja crianças. Certifique-se de que o cabo de alimentação esteja conectado a uma tomada com conexão de aterramento. Desconecte todas as fontes de energia. Este aparelho não contém peças cuja manutenção possa ser feita pelo usuário. Nunca abra o equipamento.
Page 811 Slovak--Slovák Toto zariadenie nie je vhodné na použitie na miestach, kde môžu byť deti. Uistite sa, že je napájací kábel pripojený k zásuvke so zemniacim pripojením. Odpojte všetky zdroje energie. Toto zariadenie neobsahuje žiadne diely opraviteľné používateľom. Nikdy neotvárajte zariadenie. Z bezpečnostných dôvodov by malo zariadenie otvárať iba kvalifikovaný personál.
Page 812 Slovenian--Esloveno Ta oprema ni primerna za uporabo na lokacijah, kjer so verjetno prisotni otroci. Prepričajte se, da je napajalni kabel priključen v vtičnico z ozemljitvenim priključkom. Odklopite vse vire energije. Ta naprava ne vsebuje nobenih delov, ki bi jih lahko uporabljal uporabnik. Nikoli ne odpirajte opreme.
Page 813 Spanish--Español Este equipo no es adecuado para su uso en lugares donde es probable que haya niños presentes. Asegúrese de que el cable de alimentación esté conectado a una toma de corriente con conexión a tierra. Desconecte todas las fuentes de energía. Este aparato no contiene ninguna pieza que pueda reparar el usuario.
Page 814 Digi AnywhereUSB Plus regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) Digi has issued Declarations of Conformity for the AnywhereUSB Plus concerning emissions, EMC, and safety. For more information, see www.digi.com/resources/certifications. Important note Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market.
Page 815 Digi AnywhereUSB Plus regulatory and safety Innovation, Science, and Economic Development Canada (IC) statements certifications If the CE marking is reduced or enlarged, the proportions given in the above graduated drawing must be respected. The CE marking must have a height of at least 5 mm except where this is not possible on account of the nature of the apparatus.

Save PDF