Digi TX54 User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Network Router
  5. TX54
  6. User manual

Digi TX54 User Manual

Hide thumbs Also See for TX54:
1
2
3
4
5
6
7
8
9
Table Of Contents
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
TX54
User Guide
Firmware version 21.8

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the TX54 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi TX54

Summary of Contents for Digi TX54

  • Page 1 TX54 User Guide Firmware version 21.8...

  • Page 2: Revision History-90002357

    Digi Remote Manager. Added the ability to select Digi aView as the cloud service. Added the ability to duplicate firmware to copy the active firmware to the secondary firmware partition.
  • Page 3 Added the system scripts stop command to the Admin CLI to stop a custom script or application. Release of Digi TX54 firmware version 20.11: December 2020 Modem firmware update commands added to the Admin CLI.
  • Page 4 Added a link to User Guide under the User menu in the Web UI. Release of Digi TX54 firmware version 21.2: March 2021 Enhancements to the location service: The ability to define a static latitude and longitude as a location for the device.
  • Page 5 Wi-Fi background scanning. Local REST API for automated configuration of the device. Support for remote CLI commands through Digi Remote Manager. Support for automatically checking for device and modem firmware updates. Release of Digi TX54 firmware version 21.5:...
  • Page 6 Added the default digi.device local domain. Release of Digi TX54 firmware version 21.8: September 2021 Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote TX54 User Guide...
  • Page 7 New section on the File System page of the Web UI for loading a configuration backup file as the custom default config New persistent files folder accessible through Digi Remote Manager where users can upload a configuration backup. Added ability to clear a custom default...
  • Page 8 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 9 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (TX54 User Guide, 90002357 H) in the subject line of your email. TX54 User Guide...

  • Page 10: Table Of Contents

    What's new in Digi TX54 version 21.8 Digi TX54 Quick Start Step 1: Connect your device Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager Step 4: Register your device Step 5: Complete setup Step 6: Configure cellular APN...
  • Page 11 Mount the TX54 to a mounting surface Connect power Mount and ground chassis TX54 electrical rating TX54 power connector Battery power management Configuration and management Review TX54 default settings Local WebUI Digi Remote Manager Default interface configuration Other default configuration settings...
  • Page 12 Configure the hotspot to use RADIUS users authentication Configure the hotspot to use HotspotSystem authentication Show hotspot status and statistics Customize the hotspot login page Edit sample hotspot HTML pages Upload custom hotspot HTML pages Restore hotspot default sample pages Hotspot RADIUS attributes TX54 User Guide...
  • Page 13 Show OpenVPN server status and statistics Show OpenVPN client status and statistics Generic Routing Encapsulation (GRE) Configuring a GRE tunnel Show GRE tunnels Example: GRE tunnel over an IPSec tunnel NEMO Configure a NEMO tunnel Show NEMO status L2TPv3 Configure an L2TPv3 tunnel TX54 User Guide...
  • Page 14 Configure scripts to run manually Task one: Upload the application Task two: Configure the application to run automatically Start a manual script Stop a script that is currently running Show script information Run a Python application at the shell prompt TX54 User Guide...
  • Page 15 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window...
  • Page 16 Update modem firmware by using a local firmware file Reboot your TX54 device Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the TX54 device to use custom factory default settings TX54 User Guide...
  • Page 17 Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 18 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi TX54 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
  • Page 19 Example: Configure multiple WANs and LANs by using the command line 1000 Command line reference 1010 analyzer 1011 clear 1011 1013 help 1014 1015 mkdir 1016 modem 1017 monitoring 1024 more 1025 1026 ping 1027 reboot 1029 TX54 User Guide...
  • Page 20 1030 1031 show 1032 speedtest 1040 1040 system 1042 traceroute 1047 TX54 User Guide...

  • Page 21: What's New In Digi Tx54 Version 21.8

    What's new in Digi TX54 version 21.8 Release of Digi TX54 firmware version 21.8: Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity. Wi-Fi enhancements: Removed requirement to set a Wi-Fi SSID and passphrase to initially configure the device.
  • Page 22 What's new in Digi TX54 version 21.8 Added datapoint.upload_multiple function to digidevice python module for uploading multiple datapoints to DigiRM at once. Added clear dhcp-lease command to remove all dynamic DHCP leases or certain DHCP leases based on MAC address or IP address.

  • Page 23: Digi Tx54 Quick Start

    Digi TX54 Quick Start Step 1: Connect your device 1. Insert your activated SIM (2FF) card(s) provided by your cellular carrier into the device: a. Use a screw driver to remove the SIM slot cover. b. Insert the SIM card(s) into the SIM sockets. Insert the end of each SIM card with the chamfered corner positioned as indicated.

  • Page 24: Step 2: Connect Dc Power

    Digi TX54 Quick Start Step 2: Connect DC power 3. Use an Ethernet cable connect the TX54's WAN/ETH1 port to the internet, such as a home internet router or LAN Ethernet port in an office environment. Step 2: Connect DC power...

  • Page 25: Step 3: Set Up Access To Digi Remote Manager

    Digi TX54 Quick Start Step 3: Set up access to Digi Remote Manager Step 3: Set up access to Digi Remote Manager If you already have a Digi Remote Manager account, skip to Register your device. If you prefer to configure the device locally rather than using Remote Manager, see Configuration and management in the TX54 User Guide.
  • Page 26 Digi TX54 Quick Start Step 6: Configure cellular APN 5. Click Apply. 6. Navigate back to the Details tab and watch for confirmation of cellular connectivity. TX54 User Guide...

  • Page 27: Digi Tx54 Hardware Reference

    Note For installations up to +74° C, use TRACO Power TPP-30-112J, TPP-30-115J, TPP-30-124J, and TEX120-112. TX54 front view The following figure shows the front view of the TX54 dual cellular model. Other models will look slightly different. TX54 User Guide...

  • Page 28: Tx54 Leds

    Power sensor and button behavior TX54 LEDs The TX54 LEDs are located on the top front panel. The number of LEDs varies by model. During bootup, the front-panel LEDs light up in sequence to indicate boot progress. Single cellular models...

  • Page 29: Gnss Service

    Digi TX54 hardware reference TX54 LEDs GNSS Service Solid Green: GNSS is enabled and has a valid fix. Blinking Green: GNSS is enabled but does not have a valid fix. Off: GNSS is not enabled. Wi-Fi Service (single Wi-Fi models) Solid Green: Wi-Fi access points or Wi-Fi clients are enabled.

  • Page 30: Power Sensor And Button Behavior

    Power sensor and button behavior The TX54 has an ignition sensor that can automatically power on the device when the ignition line is You can also power on the TX54 using the Power button. If the TX54 does not automatically restart when the power ignition sense is on, press the Power button to restore power.
  • Page 31 Digi TX54 hardware reference Digi TX54 serial connector pinout Direction RS232 Signal name signal DB9 pin number Ready To Send Clear to Send Data Set Ready Ground Data Carrier Detect Data Terminal Ready Ring Indicate TX54 User Guide...

  • Page 32: Hardware Setup

    Hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Connect antennas Mount the TX54 to a mounting surface Connect power TX54 User Guide...

  • Page 33: Install Sim Cards

    Install SIM cards Install SIM cards To install SIM cards: 1. On the TX54 front panel, use a Philips screwdriver to remove the SIM slot cover. 2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the TX54 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures.

  • Page 34: Mount The Tx54 To A Mounting Surface

    Connect the TX54 power cable to a power source. Vehicle installation The TX54 shall be powered from a 5 A fused circuit or shall be installed with an in-line Slow Blow fuse rated at 5 A. Maximum ambient operating temperature is limited to 74°C.

  • Page 35: Mount And Ground Chassis

    Installations up to +70° C: Digi part number 76002079 or 76002081 Installations up to +74° C: TRACO Power TPP-30-112J, TPP-30-115J, TPP-30-124J, and TEX120- Mount and ground chassis If you intend to install the TX54 in a vehicle, follow these directions for mounting and grounding the device. Note Always follow the vehicle manufacturer recommendations for electrical accessories connections.

  • Page 36: Tx54 Power Connector

    Battery power management When the TX54 device is used in a vehicle, Digi recommends that you use the ignition sense line. This allows the device to properly shutdown when the vehicle is turned off. By default, the TX54 device...
  • Page 37 Configuration and management This chapter contains the following topics: Review TX54 default settings Change the default password for the admin user Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access points Configuration methods Using Digi Remote Manager Access Digi Remote Manager...

  • Page 38: Review Tx54 Default Settings

    Configuration and management Review TX54 default settings Review TX54 default settings You can review the default settings for your TX54 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the TX54 WebUI as a user with Admin access. See Using the web interface for details.
  • Page 39 Configuration and management Review TX54 default settings Interface type Preconfigured interfaces Devices Default configuration Wireless Wide- Single-cellular models: WWAN or Single- Firewall zone: Area Networks WWAN1 cellular External (WWANs) Dual-cellular models: WWAN1 WAN priority: models: Metric=3 WWAN SIM failover after 5...
  • Page 40 Configuration and management Review TX54 default settings Interface type Preconfigured interfaces Devices Default configuration Default Link-local IP Bridge: Firewall zone: Setup IP address LAN1 169.254.100.100/16 Wi-Fi Wi-Fi access point: Single-Wi-Fi Enabled Single-Wi-Fi models: Digi AP SSID: Digi-TX54- models: Wi- (Wi-Fi)
  • Page 41 Configuration and management Review TX54 default settings Interface type Preconfigured interfaces Devices Default configuration Bridges Bridge: LAN1 Ethernet: Enabled Used by the LAN1 ETH2 Ethernet: interface ETH3 Ethernet: ETH4 Single-Wi-Fi models: Wi- Fi access point: Digi AP (Wi-Fi) Dual-Wi-Fi models: Wi-...

  • Page 42: Other Default Configuration Settings

    Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Login...
  • Page 43 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 44: Reset Default Ssids And Pre-Shared Keys For The Preconfigured Wi-Fi Access Points

    Pre-shared key: The unique password printed on the bottom label of the device.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 45 Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access management points 3. Click Network > Wi-Fi > Digi AP (Wi-Fi) (single-Wi-Fi models) or Digi AP (Wi-Fi) (dual-Wi-Fi models). 4. Enter a new SSID and Pre-shared key. 5. (Dual-Wi-Fi models only): Repeat the above steps for the Digi AP (Wi-Fi2) access point.

  • Page 46: Configuration Methods

    With the Remote Manager, you can configure your TX54 device and use the configuration as a basis for a profile which can be applied to other similar devices. See...
  • Page 47 Configuration and management Configuration methods the command line for more information about using the command line to manage and configure your TX54 device. In this guide, task topics show how to perform tasks:    WebUI Shows how to perform a task by using the local web interface.

  • Page 48: Using Digi Remote Manager

    Using Digi Remote Manager Using Digi Remote Manager By default, your TX54 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your TX54 device, see Central management.

  • Page 49: Log Out Of The Web Interface

    Using the web interface Dashboard area Description Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager. Device Displays the TX54 device's status, statistics, and identifying information.

  • Page 50: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the TX54 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 51: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the TX54 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...

  • Page 52: Interfaces

    Interfaces TX54 devices have several physical communications interfaces. The available interfaces vary by device model. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics:...

  • Page 53: Wide Area Networks (Wans)

    Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The TX54 device is preconfigured with one Wide Area Network (WAN), named WAN1, and one or two Wireless Wide Area Network (WWAN)s, named WWAN or WWAN1 and WWAN2. Default Interface type...
  • Page 54 Using cellular modems in a Wireless WAN (WWAN) Configure a Wide Area Network (WAN) Configure a Wireless Wide Area Network (WWAN) Show WAN and WWAN status and statistics Delete a WAN or WWAN Default outbound WAN/WWAN ports TX54 User Guide...

  • Page 55: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    WANs and WWANs. When a WAN is initialized, the TX54 device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
  • Page 56 Wide Area Networks (WANs)    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Set the metrics for WWAN or WWAN1: a.
  • Page 57 5. Click Apply to save the configuration and apply the change. The TX54 device is now configured to use the cellular modem WWAN, WWAN1 or WWAN, as its highest priority WAN, and its Ethernet WAN, WAN1, as its secondary WAN.

  • Page 58: Wan/Wwan Failover

    WAN, and its Ethernet WAN, WAN1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the TX54 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...

  • Page 59: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the TX54 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 60   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 61 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 62 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. TX54 User Guide...
  • Page 63 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 64 (config network interface my_wan ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: TX54 User Guide...
  • Page 65 Use the ? to determine available interfaces: (config network interface my_wan ipv4 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan1 /network/interface/wwan2 Current value: (config network interface my_wan ipv4 surelink target TX54 User Guide...
  • Page 66 To configure the device to reboot when the interface is considered to have failed: (config network interface my_wan ipv4 surelink)> reboot enable (config network interface my_wan ipv4 surelink> Note If both the restart and reboot parameters are enabled, the reboot parameter takes precedence. TX54 User Guide...
  • Page 67 (config network interface my_wan ipv4 surelink)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 68: Configure The Device To Reboot When A Failure Is Detected

    Interfaces Wide Area Networks (WANs) Configure the device to reboot when a failure is detected Using SureLink, you can configure the TX54 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink. SureLink can be enabled for both IPv4 and IPv6 configurations. By default, SureLink is enabled for IPv4 for the preconfigured WAN (WAN1) and WWANs (WWAN1 and, for dual-cellular models, WWAN2).
  • Page 69   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 70 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 71 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 72 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the TX54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 73 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink target 0)> interface_down_time 600s (config network interface my_wan ipv4 surelink target 0)> TX54 User Guide...
  • Page 74 Use the ? to determine available interfaces: (config network interface my_wan ipv4 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan1 /network/interface/wwan2 Current value: (config network interface my_wan ipv4 surelink target 0)> other_interface TX54 User Guide...
  • Page 75 (config network interface my_wan ipv4 surelink)> success_condition value (config network interface my_wan ipv4 surelink> Where value is either one or all. TX54 User Guide...

  • Page 76: Disable Surelink

    You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 77 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 78    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 79 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 80: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    TX54 device brings the WAN1 interface down and starts using the WWAN1 interface. If the TX54 device cannot get a connection on the WWAN1 interface, it attempts to use the WWAN2 interface. It continues to regularly test the connection to WAN1 and WWAN1, and when tests on one of those WANs succeeds, the device falls back to the successful highest priority WAN.
  • Page 81 Wide Area Networks (WANs)    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Configure active recovery on WAN1: a.
  • Page 82 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 83 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 84: Using Ethernet Devices In A Wan

    Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the TX54 device cannot connect to the network using SIM1, it automatically fails over to SIM2. TX54 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 85 To configure the modem:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. For single-cellular models, click Network > Modems > WWAN cellular modem or WWAN1 cellular modem.
  • Page 86 > config (config)> 3. Depending on the model of the TX54 device, there may be one cellular modem, named either wwan or wwan1, or there may be two cellular modems, wwan1 and wwan2, which correspond to each cellular modem. Use the appropriate cellular modem name to configure the modem.
  • Page 87 8. Set the type of cellular technology that this modem should use to access the cellular network: (config)> network modem wwan1 access_tech value (config)> Available options for value vary depending on the modem type. To determine available options: TX54 User Guide...
  • Page 88 Type quit to disconnect from the device. Configure cellular modem APNs The TX54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 89 Interfaces Wide Area Networks (WANs) 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. For single-cellular models, click Network > Interfaces > WWAN or WWAN1 > APN list.
  • Page 90 > config (config)> 3. Depending on the model of the TX54 device, there may be one WWAN, named either wwan or wwan1, or there may be two WWANs, wwan1 and wwan2, which correspond to each cellular modem. Use the appropriate WWAN name to set the APN for the modem used by that WWAN.
  • Page 91 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...
  • Page 92 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 93 For Device, select WWAN1 cellular modem (for certain models, this will be WWAN cellular modem). f. (Optional): Configure the public APN. If the public APN is not configured, the TX54 will attempt to determine the APN. i. Click to expand APN list > APN.
  • Page 94 Click Network > Routes > Policy-based routing. b. Click the  to add a new route policy. c. For Label, enter Route through public APN. d. For Interface, select Interface: WWAN_Public. e. Configure the source address: TX54 User Guide...
  • Page 95 For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. iii. For Interface, select Interface: WWAN_Private. 6. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 96 Set the modem device: (config network interface WWANPublic)> modem device wwan1 (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the TX54 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
  • Page 97 (config network route policy 0)> src interface LAN1 (config network route policy 0)> e. Configure the destination address: i. Set the type to interface: (config network route policy 0)> dst type interface (config network route policy 0)> TX54 User Guide...
  • Page 98 Set the type to interface: (config network route policy 1)> dst type interface (config network route policy 1)> ii. Set the interface to WWANPrivate : (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> TX54 User Guide...
  • Page 99 Type quit to disconnect from the device. Configure manual carrier selection By default, your TX54 automatically selects the most appropriate cellular carrier based on the SIM that is in use and the status of available carriers in your area. Alternately, you can configure the devices to manually select the carrier, based on the Network PLMN ID.
  • Page 100 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 101 > config (config)> 3. Depending on the model of the TX54 device, there may be one WWAN, named either wwan or wwan1, or there may be two WWANs, wwan1 and wwan2, which correspond to each cellular modem. Use the appropriate WWAN name. For example, to configure the carrier selection mode for wwan1: (config)>...
  • Page 102 If Manual is selected, your modem must support the Network technology or the modem will lose cellular connectivity. If you are using a cellular connection to perform this procedure, you may lose your connection and the device will no longer be accessible.    Command line TX54 User Guide...
  • Page 103 Interfaces Wide Area Networks (WANs) 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. If the device has more than one modem, identify the modem by using the name parameter, for example: >...
  • Page 104 : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 ICCID : 26587628655003992180 SIM Provider : AT&T TX54 User Guide...
  • Page 105   Command line To unlock a SIM card: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 106 To run AT commands from the TX54 command line:    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 107 IMEI: 359072060451693 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 108: Configure A Wide Area Network (Wan)

    When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the TX54 device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
  • Page 109 Interfaces Wide Area Networks (WANs) 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 110 Never: Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the TX54 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 111 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the TX54 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 112 Wide Area Networks (WANs)    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 113 (config network interface my_wan)> where value is one of: always: DNS will always be used for this WAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. TX54 User Guide...
  • Page 114 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the TX54 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.

  • Page 115: Configure A Wireless Wide Area Network (Wwan)

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure a Wireless Wide Area Network (WWAN) Configuring a Wireless Wide Area Network (WWAN) involves configuring the following items: TX54 User Guide...
  • Page 116 The IPv6 Maximum Transmission Unit (MTU) of the WAN. When to use DNS: always, never, or only when this interface is the primary default route. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.    WebUI TX54 User Guide...
  • Page 117 Interfaces Wide Area Networks (WANs) 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 118 For Connection attempts before SIM failover, type the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM. b. For SIM failover alternative, configure how SIM failover will function if automatic SIM switching is unavailable: TX54 User Guide...
  • Page 119 Reboot device: The device will reboot if automatic SIM switching is unavailable. 16. For APN list and APN list only, the TX54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 120 SureLink.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 121 Match SIM carrier: The SIM carrier match criteria. This interface is applied when the SIM card is provisioned from the carrier. Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T (config network interface my_wwan)> TX54 User Guide...
  • Page 122 Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. 9. Roaming is enabled by default. To disable: (config network interface my_wwan)> modem roaming false (config network interface my_wwan)> TX54 User Guide...
  • Page 123 (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> If enabled: a. Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: TX54 User Guide...
  • Page 124 The device will reboot if automatic SIM switching is unavailable. 12. The TX54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 125 (config network interface my_wwan)> ipv4 weight num (config network interface my_wwan)> d. Set the management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. TX54 User Guide...

  • Page 126: Show Wan And Wwan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 127 : wan1 Zone : external IPv4 Status : up IPv4 Type : dhcp IPv4 Address(es) : 10.10.10.10/24 IPv4 Gateway : 10.10.10.1 IPv4 MTU : 1500 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) : 10.10.10.2, 10.10.10.3 TX54 User Guide...

  • Page 128: Delete A Wan Or Wwan

    WWAN1 and WWAN2 (dual cellular models).    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 129: Default Outbound Wan/Wwan Ports

    5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 130: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The TX54 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area LAN1 Bridge: Firewall zone: Networks LAN1 Internal (LANs) IP address: 192.168.2.1/24...

  • Page 131: About Local Area Networks (Lans)

    The following diagram shows a LAN connected to the ETH2, ETH3, and ETH4 Ethernet devices and the Digi AP (Wi-Fi) access point. Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
  • Page 132 To create a new LAN or edit an existing LAN:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 133 DHCP server. 10. See Configure DHCP relay for information about configuring DHCP relay. 11. (Optional) Configure IPv6 settings: a. Click to expand IPv6. b. Enable IPv6 support. c. For Type, select IPv6 prefix delegration. TX54 User Guide...
  • Page 134 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 135 The LAN is configured by default to use a static IP address for its IPv4 configuration. To configure the LAN to be a DHCP client, rather than using a static IP addres: (config network interface my_lan)> ipv4 type dhcp (config network interface my_lan)> TX54 User Guide...
  • Page 136 Set the IPv6 type to DHCP: (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): TX54 User Guide...
  • Page 137 Configure WAN/WWAN priority and default route metrics for further information about metrics. (Optional) Configure the MAC address deny list. Incoming packets will be dropped from any devices whose MAC addresses is included in the MAC address denylist. TX54 User Guide...

  • Page 138: Example: Configure Two Lans

    Type quit to disconnect from the device. Example: Configure two LANs The default configuration of the TX54 consists of one LAN (LAN1), which is configured to use the LAN1 bridge. Its default IP address is 192.168.2.1, and it has its DHCP server enabled. The default...
  • Page 139 WWAN cellular modem for single-Wi-Fi models, or WWAN2 cellular modem for dual-Wi-Fi models. LAN2 bridge: ETH3 Digi AP (Wi-Fi2) (applicable to dual-WiFi models only ) In task two, we will assign the new LAN2 bridge to a LAN. TX54 User Guide...
  • Page 140 3. Click Configuration > Network > Bridges > LAN1 > Devices. 4. Delete the ETH3, ETH4, and Digi AP (Wi-Fi2) (dual-Wi-Fi models only) devices from the bridge: a. Click the menu icon (...) next to the ETH3 device and select Delete.
  • Page 141 Commands and output will vary slightly if your TX54 device is a single-WiFi model. 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 142 Add the ETH3 device to the bridge: (config network bridge LAN2)> add device end /network/device/eth3 (config network bridge LAN2)> c. If your device is a dual-WiFi model, add the Digi AP (Wi-Fi2) access point to the bridge: (config network bridge LAN2)> add device end /network/wireless/ap/digi_ap2 (config network bridge LAN2)>...
  • Page 143 (config network bridge LAN2)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...
  • Page 144 In this task, we will create a new LAN, named LAN2, to use the LAN2 bridge created in task one.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 145 6. Enable the access points and set the SSIDs: a. Configure Digi AP (Wi-Fi) (single-Wi-Fi models) or Digi AP (Wi-Fi1) (dual-Wi-Fi models): i. Click Network > Wi-Fi > Access points > Digi AP (Wi-Fi) (single-Wi-Fi models) or Digi AP (Wi-Fi1) (dual-Wi-Fi models).
  • Page 146 Commands and output will vary slightly if your TX54 device is a single-WiFi model. 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 147 Set the SSID for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 ssid Example1 (config)> d. Set the password for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 encryption key_psk2 password1 (config)> e. Enable the Digi AP (Wi-Fi2) access point: (config)>...

  • Page 148: Show Lan Status And Statistics

    WAN/ETH1 Ethernet port. 2. Verify that LAN1 is operating correctly: a. Connect a device to LAN1 through the ETH2 Ethernet port, or by connecting to the Digi AP (Wi-Fi) (single-WiFi models) or Digi AP (Wi-Fi1) (dual-WiFi models) access point. b. Verify that the device has been provided an IP address from the LAN1 DHCP server in the 192.168.2.* subnet.
  • Page 149 4. Enter show network interface name at the Admin CLI prompt to display additional information about a specific LAN. For example, to display information about LAN1, enter show network interface lan1: > show network interface lan1 lan1 Interface Status --------------------- Device : lan1 TX54 User Guide...

  • Page 150: Delete A Lan

    Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 151 Local Area Networks (LANs) 3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. TX54 User Guide...

  • Page 152: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your TX54 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 153    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 154 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 155 (config)> network interface my_lan ipv4 dhcp_server advanced gateway value (config)> where value is one of: none: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the TX54 device's gateway. TX54 User Guide...
  • Page 156 (config)> network interface my_lan ipv4 dhcp_server advanced primary_ wins value (config)> network interface my_lan ipv4 dhcp_server advanced secondary_wins value (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the TX54 device's server. TX54 User Guide...
  • Page 157 You can configure the DHCP server to assign static IP addresses to specific hosts. Required configuration items IP address that will be mapped to the device. MAC address of the device. Additional configuration items A label for this instance of the static lease. To map static IP addresses:    WebUI TX54 User Guide...
  • Page 158 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 159 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:    WebUI TX54 User Guide...
  • Page 160 3. Under Networking, click DHCP Leases.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 161 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 162 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your TX54 device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 163 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 164 0)> force true (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. TX54 User Guide...
  • Page 165 LAN. For the TX54 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 166 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 167 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the TX54 device and to diagnose DHCP issues. ...

  • Page 168: Create A Virtual Lan (Vlan) Route

    3. Under Networking, click DHCP Leases.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 169 To create a VLAN:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 170 Local Area Networks (LANs)    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 171: Default Services Listening On Lan Ports

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Default services listening on LAN ports The following table lists the default services listening on the specified ports on the TX54 LAN interfaces: Description...

  • Page 172: Bridging

    Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. By default, the TX54 has the following preconfigured bridges: Default Interface type Preconfigured interfaces Devices configuration...
  • Page 173 Wi-Fi access point: Digi Hotspot AP (Wi- Fi2) You can modify configuration settings for the existing bridge, and you can create new bridges. This section contains the following topics: Edit the preconfigured LAN1 bridge Configure a bridge TX54 User Guide...

  • Page 174: Edit The Preconfigured Lan1 Bridge

    To edit the preconfigured LAN1 bridge:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges > LAN1.
  • Page 175 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 176 Ethernet: ETH2 Ethernet: ETH3 Ethernet: ETH4 Wi-Fi access point: Digi AP (Wi-Fi) or Digi AP (Wi-Fi) Wi-Fi access point: Digi AP (Wi-Fi2) (Dual-Wi-Fi variants only) Note The MAC address of the bridge is taken from the first available device in the list.

  • Page 177: Configure A Bridge

    /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge my_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> 5. (Optional) Enable Spanning Tree Protocol (STP).
  • Page 178 Interfaces Bridging    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges. 4. For Add Bridge, type a name for the bridge and click .
  • Page 179 Interfaces Bridging TX54 User Guide...
  • Page 180 Bridging    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 181 Interfaces Bridging b. Add the appropriate device. For example, to add the Digi AP (Wi-Fi) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> Note The MAC address of the bridge is taken from the first available device in the list.

  • Page 182: Serial Port

    TX54 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your TX54 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the TX54 device's serial port.
  • Page 183 Serial port Configure the serial port 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 184 These bytes are redisplayed when a user connects to the serial port. The default is 4000 bytes. f. For Idle timeout, type the amount of time to wait before disconnecting due to user inactivity. 1. Click to expand Monitor Settings. TX54 User Guide...
  • Page 185    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 186 (config)> serial port1 databits bits (config)> c. Set the type of parity used by the device to which you want to connect: (config)> serial port1 parity parity (config)> Allowed values are: even none The default is none. TX54 User Guide...
  • Page 187 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)> serial port1 idle_timeout 600s (config) The default is 15m. TX54 User Guide...
  • Page 188 No limit to IPv4 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config serial USB_port)> add service tcp acl address6 end value (config serial USB_port)> Where value can be: TX54 User Guide...
  • Page 189 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service tcp acl interface end value (config serial USB_port)>...
  • Page 190 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. TX54 User Guide...
  • Page 191 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)>...
  • Page 192 (Optional) Configure the access control list to limit access to the ssh connection: To limit access to specified IPv4 addresses and networks: (config serial USB_port)> add service ssh acl address end value (config serial USB_port)> Where value can be: TX54 User Guide...
  • Page 193 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)>...

  • Page 194: Configure Udp Serial Mode

    The UDP serial mode option in the serial port configuration provides access to the serial port using UDP. To change the configuration to match the serial configuration of the device to which you want to connect:    WebUI TX54 User Guide...
  • Page 195 Serial port Configure UDP serial mode 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 196 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the TX54 send new data to the last hostname and port from which data was received. To add a destination: i.

  • Page 197: Add A Usb Serial Port

    Add a USB serial port Your TX54 can be configured to support USB-to-serial adapters for serial access to the device, remote serial out-of-band (OOB) access to other devices, or for use in python applications. The following USB-...
  • Page 198 Modbus: Allows you to use the serial port for Modbus. See Modbus gateway. UDP serial: Provides access to the device through a UDP serial port. See Configure UDP serial mode. 10. (Optional) For Label, type a descriptive label for this serial port. TX54 User Guide...
  • Page 199 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. TX54 User Guide...
  • Page 200 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: i. Click Interfaces.
  • Page 201 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: i. Click Interfaces.
  • Page 202 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 203 (config serial USB_port)> parity parity (config serial USB_port)> Allowed values are: even none The default is none. d. Set the stop bits used by the device to which you want to connect: (config serial USB_port)> stopbits bits (config serial USB_port)> TX54 User Guide...
  • Page 204 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config serial USB_port)> idle_timeout 600s (config serial USB_port) The default is 15m. e. (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config serial USB_port)> monitor cts true (config serial USB_port) TX54 User Guide...
  • Page 205 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks. TX54 User Guide...
  • Page 206 Serial port Add a USB serial port To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service tcp acl interface end value (config serial USB_port)> Where value is an interface defined on your device.
  • Page 207 No limit to IPv4 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config serial USB_port)> add service telnet acl address6 end value (config serial USB_port)> Where value can be: TX54 User Guide...
  • Page 208 No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)>...
  • Page 209 A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: TX54 User Guide...
  • Page 210 No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)>...

  • Page 211: Show Serial Status And Statistics

    Show serial status and statistics To show the status and statistics for the serial port:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Connections, click Serial. ...

  • Page 212: Log Serial Port Messages

    Serial port Log serial port messages 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 213 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics TX54 User Guide...

  • Page 214: Wi-Fi

    Wi-Fi configuration Wi-Fi configuration TX54 device has one or two Wi-Fi radios, depending on the model type. You can configure the Wi-Fi radios for Wi-Fi access point mode or Wi-Fi client mode. By default, the TX54 radios are configured to use access point mode.
  • Page 215 802.11b/g/n 802.11a/n/ac Channel Automatic Automatic Channel width 20/40 MHz 40 MHz Beacon interval Access points: Digi AP (Wi-Fi) (single-cellular and dual-cellular models) Digi AP (Wi-Fi1) (dual-Wi-Fi Digi AP (Wi-Fi2) (dual-Wi-Fi models) models only) : Enabled or disabled Enabled Enabled Radio...

  • Page 216: Configure The Wi-Fi Radio's Channel

    DFS support.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > WiFi.
  • Page 217 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 218: Configure The Wi-Fi Radio To Support Dfs Channels In Client Mode

    Dynamic Frequency Selection (DFS) is a mechanism for Wi-Fi connections to use 5 GHz frequencies that are normally reserved for non-Wi-Fi proposes. Your TX54 can be configured to have one or more Wi-Fi clients that can connect to external Wi-Fi access points that support DFS channels, in addition to the non-DFS channels 36, 40, 44, 48, 149, 153, 157, 161, and 165.
  • Page 219 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 220: Configure The Wi-Fi Radio's Band And Protocol

    For Wi-Fi radios that support both 2.4 GHz and 5 GHz modes, you can configure the band. . On TX54 models with only one Wi-Fi radio, the default protocol and band for the one radio is the 5 GHz ac.
  • Page 221 Wi-Fi Configure the Wi-Fi radio's band and protocol 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > WiFi.
  • Page 222 Wi-Fi Configure the Wi-Fi radio's band and protocol 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 223: Configure The Wi-Fi Radio's Transmit Power

    100 percent. You can configure the Wi-Fi radio to transmit at a lower power.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 224: Configure An Open Wi-Fi Access Point

    Configure an open Wi-Fi access point    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 225 To configure a Wi-Fi access point with no security:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 226 Allowed values are any number of days, hours, minutes, or seconds, and take the format number{d|h|m|s}. For example, to set Group rekey interval to ten minutes, enter 10m or 600s. TX54 User Guide...
  • Page 227   Command line Configure a new Access point 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 228 Wi-Fi radio is restarted. The default is 10 minutes. 1. Assign the Wi-Fi access point to a LAN interface or to a bridge. See Configure a LAN Configure a bridge for more information. TX54 User Guide...
  • Page 229 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 230 (config)> network wireless ap digi_ap1 encryption group_rekey 600s (config)> Increasing the time between rekeys can improve connectivity issues in noisy environments. To disable group rekeys, set to 0. This will allow any client that has previously connected see all TX54 User Guide...

  • Page 231: Configure A Wi-Fi Access Point With Personal Security

    The WPA and WPA2 personal security modes allow a Wi-Fi access point to authenticate clients by using a preshared key that the client enters when connecting to the access point. By default, the TX54 device comes with either one or two preconfigured access points: Single-Wi-Fi models: Digi AP (Wi-Fi).
  • Page 232 Wi-Fi Configure a Wi-Fi access point with personal security 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > WiFi > Access points.
  • Page 233 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 14. Click Apply to save the configuration and apply the change.    Command line Configure a new Access point TX54 User Guide...
  • Page 234 Wi-Fi Configure a Wi-Fi access point with personal security 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 235 (config network wifi ap new_AP)> where value is any number of days, hours, minutes, or seconds, and takes the format number {d|h|m|s}. For example, to set group rekey interval to ten minutes, enter either 10m or 600s: TX54 User Guide...
  • Page 236 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 237 (config)> network wifi ap digi_ap1 encryption key_psk2 password (config)> 9. (Optional) Change the Wi-Fi radio for the access point (dual-Wi-Fi models only): a. Show available radios: (config)> network wifi radio ? Additional Configuration --------------------------------------------------------------------- ---------- wifi1 Wi-Fi1 radio wifi2 Wi-Fi2 radio (config)> TX54 User Guide...

  • Page 238: Configure A Wi-Fi Access Point With Enterprise Security

    Using enterprise security modes allows each client to have different usernames and passwords configured in the RADIUS server, rather than using preshared key on the TX54 device. By default, the TX54 device comes with either one or two preconfigured access points: Single-Wi-Fi models: Digi AP (Wi-Fi).
  • Page 239 To configure a Wi-Fi access point with WPA2 enterprise security:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 240 11. Configure one or more RADIUS servers: a. Click to expand RADIUS server list. b. Click to expand RADIUS server. c. For RADIUS IP/hostname, type the IP address or hostname of the RADIUS server. d. (Optional) Change the RADIUS port. The default port is 1812. TX54 User Guide...
  • Page 241   Command line Configure a new Access point 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 242 7. (Optional) Determine whether to prevent clients that are connected to this access point from communicating with each other: (config)> network wifi ap digi_ap1 isolate_client true (config)> Isolate Wi-Fi clients for information about how to prevent clients connected to different access points from communicating with each other. TX54 User Guide...
  • Page 243 Increasing the time between rekeys can improve connectivity issues in noisy environments. To disable group rekeys, set to 0. This will allow any client that has previously connected see all broadcast traffic on the wireless network until the Wi-Fi radio is restarted. The default is 10 minutes. TX54 User Guide...
  • Page 244 Type quit to disconnect from the device. Edit an existing Access point 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 245 (config)> network wifi ap digi_ap1 encryption group_rekey value (config)> where value is any number of days, hours, minutes, or seconds, and takes the format number {d|h|m|s}. For example, to set group rekey interval to ten minutes, enter either 10m or 600s: TX54 User Guide...
  • Page 246 2. Save the configuration and apply the change: (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 247: Isolate Wi-Fi Clients

    Isolate clients connected to the same access point    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 248: Isolate Clients Connected To Different Access Points

    Wi-Fi Isolate Wi-Fi clients 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 249 Isolate Wi-Fi clients 3. Create a new access point. By default, the TX54 comes with one or two preconfigured access points, named Digi AP (Wi- Fi), or for dual-Wi-Fi models, Digi AP (Wi-Fi) and Digi AP (Wi-Fi2). In these instructions, we will use the existing Digi AP (Wi-Fi) (or Digi AP (Wi-Fi)) access point and create another new access point, named new_AP.
  • Page 250 Drag-and-drop the filter to the top of the list. 5. Create a new LAN: By default, the TX54 device comes with one preconfigured LAN, which includes the default access point (or, for dual-Wi-Fi models, both default access points). We will use that LAN for the default access point (or, for dual-Wi-Fi models, the Digi AP (Wi-Fi) access point), and create a new LAN for the second access point.
  • Page 251 Click Network > Bridges > LAN1. b. Click the down arrow () next to the the Digi AP (Wi-Fi2) access point and select Delete. 7. Click Apply to save the configuration and apply the change.
  • Page 252 Complete other encryption-related fields as appropriate based on the type of encryption. Configure an open Wi-Fi access point, Configure a Wi-Fi access point with personal security, or Configure a Wi-Fi access point with enterprise security for details. TX54 User Guide...
  • Page 253 In this example, we will add the new to the first position in the list (index position 0). i. Add the new packet filter: (config firewall filter 2)> add .. 0 (config firewall filter 0)> TX54 User Guide...
  • Page 254 (config firewall filter 0)> 5. Create a new LAN: By default, the TX54 device comes with one preconfigured LAN, which includes the default access point (or, for dual-Wi-Fi models, both default access points). We will use that LAN for the default access point (or, for dual-Wi-Fi models, the Digi AP (Wi-Fi) access point), and create a new LAN for the second access point.

  • Page 255: Configure A Wi-Fi Client And Add Client Networks

    Configure a Wi-Fi client and add client networks Required configuration items Create the Wi-Fi client. The TX54 device's Wi-Fi radio that the Wi-Fi client will use. The Wi-Fi network that the client will log into: SSID of the Wi-Fi network's access point.
  • Page 256 To configure a Wi-Fi client:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > WiFi > Client mode connections.
  • Page 257 For Long interval, type the number of seconds to wait between scans for access points, when the signal strength from the access point to which the client is currently connected is stronger than the Scan threshold. TX54 User Guide...
  • Page 258 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 259 If the type of encryption is set to: psk, mixedpak, psk2, psk2sae, or sae, set the password that the client will use to connect to the access point: (config network wifi client new_client)> ssid 0 encryption key_ psk2 password (config network wifi client new_client)> TX54 User Guide...
  • Page 260 Set the number of seconds to wait between scans for access points, when the signal strength from the access point to which the client is currently connected is below the value of bgscan_strength: TX54 User Guide...
  • Page 261 (config network wifi client new_client)> where value is any integer greater than 0. The default is 1. e. Configure the frequencies that will be scanned for available access points. The TX54 device has three preconfigured frequencies: 2412 MHz 2437 MHz 2462 MHz You can delete the preconfigured frequencies and add additional frequencies.

  • Page 262: Show Wi-Fi Access Point Status And Statistics

    To show the status and statistics for Wi-Fi access points, use the show wifi command. 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 263 To show a detailed status and statistics of a Wi-Fi access point, use the show wifi ap name name command. 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 264: Show Wi-Fi Client Status And Statistics

    To show the status and statistics for Wi-Fi client, use the show wifi command. 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 265 Show Wi-Fi client status and statistics Enabled : true SSID : my_SSID Status : up Signal : -43 MAC Address : 91:fe:86:d1:0e:81 Channel : 48 Radio : wifi1 TX Power : 23 Link Quality : 67/70 BSSID : 6D:B9:DD:BD:EE:C4 > TX54 User Guide...

  • Page 266: Hotspot

    Hotspot Your TX54 device offers the ability to create a publicly available hotspot, which allows you to provide internet access to users while restricting their ability to access other functionality on the TX54 device, as well as applying bandwidth limits, authenticating users, and other features. The TX54 device's implementation of hotspot uses a "captive portal"...

  • Page 267: Hotspot Authentication Modes

    Local shared password: Requires each user to enter a password. This password is validated locally on the TX54 device, and the password is the same for all users. The sample HTML page included with your TX54 device for local shared password authentication is password.html.

  • Page 268: Hotspot Dhcp Server

    Hotspot DHCP server Hotspot DHCP server When the hotspot is enabled on the TX54 device, it automatically enables a DHCP server. During hotspot configuration, you assign an IPv4 address to the hotspot, and the DHCP server then uses the subnet of the hotspot's IP address, along with the hotspot's subnet mask, to assign IPv4 addresses to clients that connect to the hotspot.

  • Page 269: Hotspot Configuration

    Hotspot configuration This section provides information about enabling and configuring the default hotspot that is provided with your TX54 installation, as well as creating a new hotspot and configuring the type of authentication mode you select for your hotspot. This section contains the following topics:...

  • Page 270: Enable Hotspot Using The Default Configuration

    Hotspot Hotspot configuration Enable hotspot using the default configuration The default configuration of the TX54 device's hotspot is: Default configuration Hotspot Name: hotspot Disabled Authentication mode: Click-through IP address: 10.1.0.1/24 DHCP server: Automatically enabled DHCP server lease range: 100-250 Bandwidth limits:...
  • Page 271 Configure the hotspot to use HotspotSystem authentication. Change the default hotspot IP address and subnet. Modify the sample local HTML page that the TX54 device uses by default for click-through authentication. See Edit sample hotspot HTML pages for information. ...
  • Page 272 Hotspot Hotspot configuration 4. Enable the hotspot access points: a. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi) (single-Wi-Fi models) or Digi Hotspot AP (Wi-Fi1) (dual-Wi-Fi models). b. Click Enable. c. (Dual Wi-Fi models only) Click Digi Hotspot AP (Wi-Fi2).
  • Page 273 Hotspot Hotspot configuration TX54 User Guide...
  • Page 274 Hotspot configuration    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 275: Change The Default Hotspot Ssid

    2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi) (single-Wi-Fi models) or Digi Hotspot AP (Wi-Fi1) (dual-Wi-Fi models). 4. Change the default SSID, Digi Hotspot, to your preferred value.
  • Page 276 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 277: Change The Default Hotspot Ip Address And Subnet

    To change the default hotspot IP address and subnet:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 278 The value entered here represents the low order byte of the IP address, and when DHCP addresses are assigned to client, this number is combined with the subnet of the hotspot's static IP address. The default is 250. 7. Click Apply to save the configuration and apply the change.    Command line TX54 User Guide...
  • Page 279 Hotspot Hotspot configuration 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...

  • Page 280: Change The Default Hotspot Bandwidth Limits

    To change the default hotspot IP address and subnet:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 281 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 282: Add An Ethernet Port To The Default Hotspot

    To add an Ethernet port to the default hotspot:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 283 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 284: Use Policy Routes With Hotspot

    When creating policy routes for hotspots, the source address should be set to use the hotspot zone:    WebUI 1. Create a new routing policy. See Configure a routing policy for instructions. 2. During configuration, for Source address: a. For Type, select Zone. b. For Zone, select hotspot. TX54 User Guide...

  • Page 285: Create A New Hotspot

    The login page source, either Local or Remote. If Remote is selected, include the IP address of fully-qualified domain name of the remote web server that serves the login page. An IP address and subnet for the hotspot. TX54 User Guide...
  • Page 286 To create a new hotspot:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. (Optional) Create new access points for the hotspot.
  • Page 287 For Address, enter an IP address and subnet mask for the LAN. This IP address must be unique from all other interfaces. Note This IP address is not the IP address of the hotspot. The hotspot IP address is configured during hotspot configuration. 5. Click Network > Hotspots. TX54 User Guide...
  • Page 288 Click-through: Requires each user to accept the terms and conditions. Local shared password: Requires each user to enter a password. This password is validated locally on the TX54 device, and the password is the same for all users. Configure the hotspot to use local shared password authentication for information about configuring hotspot for local shared password authentication.
  • Page 289 HotspotSystem authentication. 11. For Login page source, select either: Local: Uses an HTML page for authentication that is stored locally on the TX54 device's filesystem, in the /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time.
  • Page 290 18. (Optional) For Maximum upload speed, type the maximum upload speed in kilobytes per second (Kbps). 19. (Optional) Click Debug to enable verbose logging to the system log. 20. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 291 Hotspot configuration    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 292 (config network bridge new_hotspot_bridge)> ..interface lan1 device ? Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/device/eth3 /network/device/eth4 /network/device/loopback /network/bridge/hotspot_bridge /network/bridge/lan1 /network/wireless/ap/digi_ap1 /network/wireless/ap/digi_ap2 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> TX54 User Guide...
  • Page 293 Hotspot Hotspot configuration ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> c. Type ... to return to the config prompt: (config network bridge new_hotspot_bridge)> ...
  • Page 294 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> b. Add the appropriate device. For example, to add the Digi AP (Wi-Fi) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> 7. Set an access point, and Ethernet port, or a bridge for the hotspot's device: a.
  • Page 295 Requires each user to accept the terms and conditions. local_shared_password: Requires each user to enter a password. This password is validated locally on the TX54 device, and the password is the same for all users. Configure the hotspot to use local shared password authentication for information about configuring hotspot for local shared password authentication.
  • Page 296 For example, to set lease_time to ten minutes, enter either 10m or 600s: (config network hotspot new_hotspot)> ipv4 dhcp_server lease_time 600s (config network hotspot new_hotspot)> TX54 User Guide...
  • Page 297 Repeat to add additional IP addresses or subnets. 16. (Optional) Change the default maximum download speed: (config network hotspot new_hotspot)> bandwidth_max_down value (config network hotspot new_hotspot)> where value is an integer between 1 and 100000 and represents the maximum download speed in Kbps. TX54 User Guide...

  • Page 298: Configure The Hotspot To Use Local Shared Password Authentication

    Local shared password authentication requires each user to enter a password. This password is validated locally on the TX54 device, and the password is the same for all users. By default, the router redirects unauthenticated users to the HTML authentication page located on the router at etc/config/hotspot/password.html.
  • Page 299    Configure hotspot for local shared password authentication from the Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 300: Configure The Hotspot To Use Radius Shared Password Authentication

    HTML authentication page stored in the same directory, or identify a remote web server to host the HTML authentication page and include that server in the "white list" of servers that unauthenticated hotspot clients can access. See Customize the hotspot login page for further information. Hotspot LAN configuration: TX54 User Guide...
  • Page 301    Configure hotspot for RADIUS shared password authentication from the WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 302    Configure hotspot for RADIUS shared password authentication from the Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 303 Add IP addresses and subnets that can be accessed by the client prior to authentication: (config network hotspot new_hotspot)> add walled_garden subnets end value (config network hotspot new_hotspot)> where value is an IPv4 address and optional subnet mask, using the format IPv4_ address[/netmask], or the keyword any. TX54 User Guide...

  • Page 304: Configure The Hotspot To Use Radius Users Authentication

    HTML authentication page and include that server in the "white list" of servers that unauthenticated hotspot clients can access. See Customize the hotspot login page for further information. Hotspot LAN configuration:    Configure hotspot for RADIUS users authentication from the WebUI TX54 User Guide...
  • Page 305 Hotspot Hotspot configuration 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Create a new hotspot Enable hotspot using the default configuration.
  • Page 306    Configure hotspot for RADIUS users authentication from the Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 307 Add IP addresses and subnets that can be accessed by the client prior to authentication: (config network hotspot new_hotspot)> add walled_garden subnets end value (config network hotspot new_hotspot)> where value is an IPv4 address and optional subnet mask, using the format IPv4_ address[/netmask], or the keyword any. TX54 User Guide...

  • Page 308: Configure The Hotspot To Use Hotspotsystem Authentication

    Type quit to disconnect from the device. Configure the hotspot to use HotspotSystem authentication You can configure TX54 hotspot to use HotspotSystem, a cloud hotspot service that supports various free and paid authentication methods, including social media account, SMS, voucher, and PayPal.
  • Page 309    Configure hotspot for HotspotSystem authentication from the WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 310    Configure hotspot for HotspotSystem authentication from the Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 311: Show Hotspot Status And Statistics

    Type quit to disconnect from the device. Show hotspot status and statistics    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click Hotspot. The Hotspot status page is displayed.
  • Page 312 Hotspot Show hotspot status and statistics TX54 User Guide...
  • Page 313 Show hotspot status and statistics    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 314: Customize The Hotspot Login Page

    Customize the hotspot login page Customize the hotspot login page The TX54 device provides three sample HTML webpages for use with the hotspot feature. When hotspot is enabled for the first time, the sample webpages are installed to the /etc/config/hotspot folder on the device's filesystem.

  • Page 315: Edit Sample Hotspot Html Pages

       WebUI 1. Download the sample HTML file: a. Log into the TX54 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the hotspot directory and click  to open the directory.

  • Page 316: Upload Custom Hotspot Html Pages

    Supported file extensions include: .html, .gif, .js, .jpg, .mp4, .ogv, .png, .swf, .json, and .dat. You can configure the TX54 device to use your custom HTML page using either the WebUI or the command line: ...
  • Page 317 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Use the command to upload the edited file from your local machine the the TX54 device. For example: > scp host 192.168.4.1 user admin remote /home/admin/temp/ local /etc/config/hotspot/custom.html to local...

  • Page 318: Restore Hotspot Default Sample Pages

    The hotspot directory and files are loaded when the hotspot is enabled, and you can restore the default pages by doing the following: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 319: Hotspot Radius Attributes

    Also, if the RADIUS server requests it, the hotspot will send accounting information back to the RADIUS server. For example, here are some of the RADIUS attributes that the hotspot sends: Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Input-Gigawords Acct-Output-Gigawords TX54 User Guide...

  • Page 320: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) TX54 User Guide...

  • Page 321: Ip Routing

    IP routing IP routing The TX54 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 322: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 323 7. For Interface, select the interface on the TX54 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 324 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the TX54 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...

  • Page 325: Delete A Static Route

    Delete a static route    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 326 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 327: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the TX54 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 328 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the TX54 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 329 For Domain, type the domain name. iv. Repeat to add additional domains. Default route: Matches packets destined for the default route, excluding routes for local networks. 13. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 330 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the TX54 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 331 Source and destination ports are matched: a. Set the source port: (config network route policy 0)> src_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the source port. TX54 User Guide...
  • Page 332 Set the zone. For example: (config network route policy 0)> src zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the source IP address to the selected interface's network address. Set the interface: TX54 User Guide...
  • Page 333 Matches the source MAC address to the specified MAC address. Set the MAC address to be matched: (config network route policy 0)> src mac MAC_address (config network route policy 0)> 10. Set the destination address type: (config network route policy 0)> dst type value (config network route policy 0)> TX54 User Guide...
  • Page 334 Use the ? to determine available interfaces: (config network route policy 0)> dst interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan1 /network/interface/wwan2 Current value: (config network route policy 0)> dst interface TX54 User Guide...
  • Page 335 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 336: Example: Dual Wan Policy-Based Routing

    Ethernet WAN interface.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 337 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 338 Set the interface: (config network route policy 0)> interface /network/interface/wwan1 (config network route policy 0)> Note On certain single-cellular TX54 devices, the cellular WAN interface may be named /network/interface/wwan. d. Configure the source address: i. Set the source type to zone: (config network route policy 0)>...

  • Page 339: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 340 4. Configure the WAN interfaces to use the new zones: a. Configure the cellular WAN interface: i. Click Network > Interfaces > WWAN1. Note On certain single-cellular TX54 devices, the cellular WAN interface may be named WWAN. ii. For Zone, select CellularWAN. b. Configure the Ethernet WAN interface: i.
  • Page 341 For Label, type Reject LAN traffic to cellular WAN. d. For Action, select Drop. e. For Source zone, select Internal. f. For Destination zone, select CellularWAN. 7. Click Apply to save the configuration and apply the change.    Command line TX54 User Guide...
  • Page 342 Routing IP routing 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...
  • Page 343 (config network route policy 0)> interface /network/interface/wwan1 (config network route policy 0)> Note On certain single-cellular TX54 devices, the cellular WAN interface may be named wwan. d. Configure the source as the MAC address of the VoIP phone: i. Set the source type to mac: (config network route policy 0)>...

  • Page 344: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your TX54 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...

  • Page 345: Configure Routing Services

    Enable and configure the types of routing services that will be used.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 346 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 347: Show The Routing Table

    6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show the routing table To display the routing table: TX54 User Guide...
  • Page 348 Show the routing table    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > Routes.

  • Page 349: Dynamic Dns

    URLs. Unfortunately, IP addresses change frequently, invalidating these mappings when they do. Dynamic DNS has become the standard method of addressing this problem, allowing devices to update name servers with their new IP addresses. TX54 User Guide...

  • Page 350: Configure Dynamic Dns

    WAN or public IP address changes. Your TX54 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 351 8. Type the Domain name that is linked to the interface's IP address. 9. Type the Username and Password used to authenticate with the Dynamic DNS provider. 10. (Optional) For Check Interval, type the amount of time to wait to check if the interface's IP address needs to be updated. TX54 User Guide...
  • Page 352 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 353 (config network ddns new_ddns_instance)> 6. If custom is configured for service, set the custom URL that should be used to update the IP address with the Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)> TX54 User Guide...
  • Page 354 (config network ddns new_ddns_instance)> retry_interval value (config network ddns new_ddns_instance)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set retry_interval to ten minutes, enter either 10m or 600s: TX54 User Guide...

  • Page 355: Virtual Router Redundancy Protocol (Vrrp)

    Multiple TX54 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 356 VRRP priorty of devices based on the status of their network connectivity.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 357 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 358 If this device's actual IP address is being used as the virtual IP address of the VRRP pool, then the priority of this device should be set to TX54 User Guide...

  • Page 359: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a TX54 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 360 SureLink tests.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 361 SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: TX54 User Guide...
  • Page 362 SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. iii. For Interval, type a the amount of time to wait between connectivity tests. To guarantee seamless internet access for VRRP+ purposes, SureLink tests should occur TX54 User Guide...
  • Page 363 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 364 Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Set the DHCP server gateway type to custom: (config)> network interface lan1 ipv4 dhcp_server advanced gateway custom (config)> TX54 User Guide...
  • Page 365 For example, to set interval to ten minutes, enter 5s: (config)> network interface lan1 ipv4 surelink interval 5s (config)> iv. Create a SureLink test target: (config)> add network interface lan1 ipv4 surelink target end (config network interface lan1 ipv4 surelink target 0)> TX54 User Guide...
  • Page 366 (config network interface lan1 ipv4 surelink target 0)> interface_down_time value (config network interface lan1 ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. TX54 User Guide...

  • Page 367: Example: Vrrp/Vrrp+ Configuration

    10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two TX54 devices: TX54 User Guide...

  • Page 368: Configure Device One (Master Device)

       WebUI Task 1: Configure VRRP on device one 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
  • Page 369 Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. 4. Click  to add an interface for monitoring. 5. Select Interface: WWAN1. 6. For Priority modifier, type 30. TX54 User Guide...
  • Page 370   Command line Task 1: Configure VRRP on device one 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 371 Task 3: Configure the IP address for the VRRP interface, LAN1, on device one 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> 2. Set the IP address for LAN1: (config)> network interface lan1 ipv4 address 192.168.3.1/24 (config)> TX54 User Guide...

  • Page 372: Configure Device Two (Backup Device)

       WebUI Task 1: Configure VRRP on device two 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 373 9. Click to expand Virtual IP addresses. 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device two 1. Click to expand VRRP+. 2. Click Enable. TX54 User Guide...
  • Page 374 1. Click Network > Interfaces > LAN1 > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. 6. For Ping host, type my.devicecloud.com. TX54 User Guide...
  • Page 375   Command line Task 1: Configure VRRP on device two 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 376 (config)> network interface lan1 ipv4 address 192.168.3.2 (config)> 3. Set the default gateway to the IP address of the VRRP interface on the master device, configured above in Task 3, step 2 (192.168.3.1). (config)> network interface lan1 ipv4 gateway 192.168.3.1 (config)> TX54 User Guide...
  • Page 377 (config)> 3. Set the DHCP server gateway type to custom: (config)> network interface lan1 ipv4 dhcp_server advanced gateway custom (config)> 4. Set the custom gateway to 192.168.3.3: (config)> network interface lan1 ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> TX54 User Guide...

  • Page 378: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a TX54 device. VRRP status is available from the Web UI only. ...
  • Page 379 Virtual Router Redundancy Protocol (VRRP)    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 380: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO L2TPv3 TX54 User Guide...

  • Page 381: Ipsec

    Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. TX54 User Guide...

  • Page 382: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the TX54 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 383 Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. Tunnel and key renegotiating The lifetime of the IPsec tunnel before it is renegotiated. The amount of time before the IKE phase 1 lifetime expires. TX54 User Guide...
  • Page 384 (wired, cellular, or otherwise), you must configure a static route to direct the traffic either through the IPsec tunnel, or through the WAN (outside of the IPsec tunnel). See Configure a static route for information about configuring a static route. TX54 User Guide...
  • Page 385 Virtual Private Networks (VPN) IPsec    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 386 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. TX54 User Guide...
  • Page 387 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the TX54 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 388 For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. TX54 User Guide...
  • Page 389 RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. FQDN: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. TX54 User Guide...
  • Page 390 Request a network: Requests a network from the remote peer. d. For Remote network, enter the IP address and optional netmask of the remote network. The keyword any can also be used. . TX54 User Guide...
  • Page 391 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. h. For Lifetime margin, enter a randomizing amount of time before the IPsec tunnel is renegotiated. TX54 User Guide...
  • Page 392 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 24. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 25. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 393 IPsec    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 394 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: TX54 User Guide...
  • Page 395 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: TX54 User Guide...
  • Page 396 (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> TX54 User Guide...
  • Page 397 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. TX54 User Guide...
  • Page 398 Repeat for additional hostnames. b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: TX54 User Guide...
  • Page 399 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. TX54 User Guide...
  • Page 400 Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes. To disable: TX54 User Guide...
  • Page 401 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> TX54 User Guide...
  • Page 402 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> .. (config vpn ipsec tunnel ipsec_example ike)> ii. Add a phase 2 proposal: (config vpn ipsec tunnel ipsec_example ike)> add ike phase2_ proposal end (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> TX54 User Guide...
  • Page 403 Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ... (config)> TX54 User Guide...
  • Page 404 (config)> add vpn ipsec tunnel ipsec_example policy end (config vpn ipsec tunnel ipsec_example policy 0)> c. Set the type of local network policy: (config vpn ipsec tunnel ipsec_example policy 0)> local type value (config vpn ipsec tunnel ipsec_example policy 0)> TX54 User Guide...
  • Page 405 The subnet of a local network interface. Set the network: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)> local network ? Interface: The network interface. Format: defaultip defaultlinklocal lan1 lan_hotspot loopback wan1 wwan1 wwan2 Current value: TX54 User Guide...
  • Page 406 Current Value --------------------------------------------------------------------- ---------- ike_retransmit_tries IKE retransmit tries keep_alive NAT keep alive time Additional Configuration --------------------------------------------------------------------- ---------- connection_retry_timeout Connection retry timeout connection_try_interval Connection try interval ike_timeout IKE timeout (config)> Generally, the default settings for these should be sufficient. TX54 User Guide...
  • Page 407 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 408: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the TX54 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 409 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line TX54 User Guide...
  • Page 410 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation TX54 User Guide...

  • Page 411: Configure Surelink Active Recovery For Ipsec

    (config vpn ipsec tunnel backup_ipsec_tunnel)> Configure SureLink active recovery for IPsec You can configure the TX54 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 412 Virtual Private Networks (VPN) IPsec 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 413 DNS test or DNS test (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. HTTP test HTTP test (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers. The URL should take the format of http[s]://hostname/[path]. TX54 User Guide...
  • Page 414 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 415 10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config vpn ipsec tunnel ipsec_example)> connection_monitor timeout value (config vpn ipsec tunnel ipsec_example)> TX54 User Guide...
  • Page 416 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_server ip_address (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_configured (IPv4) or dns_configured6 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. TX54 User Guide...
  • Page 417 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> interface_timeout 600s (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> The default is 60 seconds. TX54 User Guide...

  • Page 418: Show Ipsec Status And Statistics

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 419: Debug An Ipsec Configuration

    Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level, you can enable the TX54 device to write additional debug messages to the system log. The command accepts the following values to set the...

  • Page 420: Configure A Simple Certificate Enrollment Protocol Client

    Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509 certificate deployment. You can configure TX54 device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
  • Page 421 The number of days that the certificate enrollment can be renewed, prior to the request expiring.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > SCEP Client.
  • Page 422 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 423 (config network scep_client scep_client_name)> c. Set the State or Province: (config network scep_client scep_client_name)> distinguished_name st value (config network scep_clientscep_client_name )> d. Set the Locality: (config network scep_client scep_client_name)> distinguished_name l value (config network scep_client scep_client_name)> e. Set the Organization: TX54 User Guide...

  • Page 424: Example: Scep Client Configuration With Fortinet Scep Server

    Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the TX54 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 425 For Default enrollment password, enter a password. The password entered here must correspond to the challenge password configured for the SCEP client on the TX54 device. d. The remaining fields can be left at their defaults or changed as appropriate.
  • Page 426 Virtual Private Networks (VPN) IPsec 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > SCEP Client.
  • Page 427 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 428 IPsec    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 429 (config network scep_client Fortinet_SCEP_client)> 9. (Optional) Set the filename of the Certificate Revocation List (CRL) from the CA. The CRL is stored on the TX54 device in the /etc/config/scep_client/client_name directory. (config network scep_client Fortinet_SCEP_client)> crl_name name (config network scep_client Fortinet_SCEP_client)>...

  • Page 430: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The TX54 device supports two types of OpenVPN topology:...

  • Page 431: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The TX54 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 432 Additional OpenVPN parameters.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 433 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. TX54 User Guide...
  • Page 434 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 435 OpenVPN    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 436 80, the first client IP address will be 192.168.1.80. The default is from 80. ii. Set the last address in the range limit: (config vpn openvpn server name)> server_last_ip value (config vpn openvpn server name)> TX54 User Guide...
  • Page 437 (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> iii. Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> TX54 User Guide...
  • Page 438 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 439 (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> TX54 User Guide...

  • Page 440: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 441 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. TX54 User Guide...
  • Page 442 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 443 OpenVPN    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 444: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 445 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 446 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 447: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 448 13. Paste the contents of the CA certificate (usually in a ca.crt file), the Public key (for example, client.crt), and the Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. TX54 User Guide...
  • Page 449 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 450 11. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn client name)> cacert value (config vpn openvpn client name)> 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: TX54 User Guide...

  • Page 451: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the TX54 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 452 To configure the TX54 device to regularly probe the OpenVPN connection:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 453 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. TX54 User Guide...
  • Page 454 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. TX54 User Guide...
  • Page 455 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 456 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1)> connection_monitor interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. TX54 User Guide...
  • Page 457 (IPv4) or http6 (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. Specify the url. Allowed value uses the format http[s]://hostname/[path]. (config vpn openvpn client openvpn_client1 connection_monitor target 0)> http_url url TX54 User Guide...
  • Page 458 0)> interface_timeout 600s (config vpn openvpn client openvpn_client1 connection_monitor target 0)> The default is 60 seconds. 12. Save the configuration and apply the change: (config vpn openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > TX54 User Guide...

  • Page 459: Show Openvpn Server Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 460: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 461 : udp Port : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 462: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 463 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 464 Task Two: Configure the GRE tunnel    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 465 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 466 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 467: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 468: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The TX54 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 469 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on TX54-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 470 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 471 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the TX54-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 472 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 473 Task three: Create a GRE tunnel    WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). TX54 User Guide...
  • Page 474 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on TX54-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 475 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> TX54 User Guide...
  • Page 476 Task one: Create an IPsec tunnel    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 477 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the TX54-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 478 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the TX54-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 479 Task two: Create an IPsec endpoint interface    WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. TX54 User Guide...
  • Page 480 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > TX54 User Guide...
  • Page 481 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on TX54-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> TX54 User Guide...
  • Page 482 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel2). 5. Click to expand IPv4. 6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. TX54 User Guide...

  • Page 483: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the TX54 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.

  • Page 484: Configure A Nemo Tunnel

    Wirelesss WAN (WWAN1 or, for dual cellular models, WWAN2). If set to IP address, enter the IP address. The local network of the GRE endpoint negotiated by NEMO. If the local network is set to Interface, identify the local interface to be used.    WebUI TX54 User Guide...
  • Page 485 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the TX54 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 486 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 487 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the TX54 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 488 Current value: (config vpn nemo nemo_example)> coaddress interface ii. Set the interface. For example: (config vpn nemo nemo_example)> coaddress interface wan1 (config vpn nemo nemo_example)> If ip is used, set the IP address: TX54 User Guide...
  • Page 489 Local Area Network (LAN): a. Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end lan1 (config vpn nemo nemo_example)> b. (Optional) Repeat for additional interfaces. TX54 User Guide...

  • Page 490: Show Nemo Status

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 491: L2Tpv3

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Your TX54 device supports Layer 2 Tunnelling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your TX54 device supports Layer 2 Tunnelling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
  • Page 492 Virtual Private Networks (VPN) L2TPv3 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > L2TPv3 ethernet.
  • Page 493 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 494 Set the destination UDP port to be used for the tunnel. (config vpn l2tpeth L2TPv3_example)> udp_destination_port port (config vpn l2tpeth L2TPv3_example)> c. (Optional) To calculate and check the UDP checksum: (config vpn l2tpeth L2TPv3_example)> udp_checksum true (config vpn l2tpeth L2TPv3_example)> TX54 User Guide...
  • Page 495 Add a sequence number to each outgoing packet. recv: Reorder packets if they are received out of order. both: Add a sequence number to each outgoing packet, and reorder packets if they are received out of order. The default is none. TX54 User Guide...

  • Page 496: Show L2Tpv3 Tunnel Status

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 497 TX Packets : 2,787 TX Byptes : 3,120 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...
  • Page 498 Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service TX54 User Guide...

  • Page 499: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the TX54's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The TX54 device must have a publicly reachable IP address.
  • Page 500 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 501 Allow remote access for web administration and SSH 3. Click Configuration > Services > SSH > Access Control List > Zones. 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. TX54 User Guide...

  • Page 502: Configure The Web Administration Service

    By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the TX54's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
  • Page 503 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 504 Configure the service    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
  • Page 505 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 506 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 507 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service web_admin acl interface end value (config)>...
  • Page 508 (config)> service web_admin cert "ssl-cert-and-private-key" (config)> If SSL certificate is blank, the device will use an automatically-generated, self-signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA TX54 User Guide...
  • Page 509 VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx TX54 User Guide...
  • Page 510 (config)> service web_admin legacy_encryption true (config)> 8. (Optional) Disable legacy port redirection. Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. TX54 User Guide...
  • Page 511 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 512: Configure Ssh Access

    Services Configure SSH access Configure SSH access The TX54's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
  • Page 513 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 514 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 515 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 516 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service ssh acl interface end value (config)>...
  • Page 517 To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service ssh mdns enable true (config> To disable the mDNS protocl: (config)> service ssh mdns enable false (config)> 6. (Optional) Set the port number for this service. TX54 User Guide...
  • Page 518 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 519: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items If you want to access the TX54 device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
  • Page 520 These instructions assume an existing user named temp_user. 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 521 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 522: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 523 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 524 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 525 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 526 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> TX54 User Guide...

  • Page 527: Configure Dns

    Type quit to disconnect from the device. Configure DNS The TX54 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 528 Services Configure DNS 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS. 4. Click Access control list to configure access control: To limit access to specified IPv4 addresses and networks: a.
  • Page 529 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 530 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service dns acl interface end value (config)>...
  • Page 531 By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: (config)> service dns query_all_servers false (config> TX54 User Guide...
  • Page 532 Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> TX54 User Guide...

  • Page 533: Show Dns Server

       Command line Show DNS information 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 534: Simple Network Management Protocol (Snmp)

    By default, the TX54 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a TX54 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 535 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 536 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 537 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service snmp acl interface end value (config)>...
  • Page 538 (config)> service snmp auth_type SHA (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. TX54 User Guide...

  • Page 539: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the TX54 device.
  • Page 540 Services Simple Network Management Protocol (SNMP) 4. Click Download. TX54 User Guide...

  • Page 541: Location Information

    By default, both the internal GNSS module and the external dead-reckoning USB GNSS receiver are enabled. You can also configure your TX54 device to forward location messages, either from the TX54 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 542: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location.
  • Page 543 (config)> To disable the module: (config)> service location gnss false (config)> 4. Set the amount of time that the TX54 device will wait before polling location sources for updated location data: (config)> service location interval value (config)> where value is any number of hours, minutes, or seconds, and takes the format number {h|m|s}.

  • Page 544: Enable Or Disable The Internal Gnss Module

    GNSS antenna connector.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 545 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 546: Use A Dead Reckoning External Usb Gnss Receiver

    The USB GNSS receiver is available for purchase from Digi International Inc.. The ability to use an external USB GNSS receiver is enabled by default. After purchasing the USB GNSS receiver, plug it into a USB port on the TX54, and it will begin providing location information.
  • Page 547 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 548: Configure The Device To Use A User-Defined Static Location

    You can configured your TX54 device to use a user-defined static location.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 549 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 550: Configure The Device To Accept Location Messages From External Sources

    You can configure the TX54 device to accept NMEA and TAIP messages from external sources. For example, location-enabled devices connected to the TX54 device can forward their location information to the device, and then the TX54 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the TX54 device to forward location messages.
  • Page 551 No limit to IPv6 addresses that can access the location server UDP port. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 552 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 553 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service location source 2 acl interface end value (config)>...

  • Page 554: Forward Location Information To A Remote Host

    Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the TX54 device that forward location messages in either NMEA or TAIP format to a remote host. Required configuration items Enable the location service.
  • Page 555 Configure the TX54 device to forward location information:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 556 13. (Optional) For Prepend text, enter text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the TX54 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 557 Location information    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 558 (index number 2) message type: (config service location forward 0)> del filter_nmea 2 (config service location forward 0)> To add a message type: a. Change to the filter_nmea node: (config service location forward 0)> filter_nmea (config service location forward 0 filter_nmea)> TX54 User Guide...
  • Page 559 Use the add command to add the message type. For example, to add the id message type: (config service location forward 0 filter_taip)> add id end (config service location forward 0 filter_taip)> 13. Save the configuration and apply the change: (config)> save Configuration saved. > TX54 User Guide...
  • Page 560 Services Location information 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 561: Configure Geofencing

    Location information Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your TX54 device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 562 Services Location information 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Geofence.
  • Page 563 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 564 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: TX54 User Guide...
  • Page 565 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 566 Location information    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 567 (config service location geofence test_geofence coordinates 0)> where int is: For latitude, any integer between -90 and 90, with up to six decimal places. For longitude, any integer between -180 and 180, with up to six decimal places. TX54 User Guide...
  • Page 568 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 569 3, the actions will not be performed until the device has been inside the geofence for three minutes. c. Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> TX54 User Guide...
  • Page 570 (Optional) Set the maximum amount of system memory that will be available for the script and it spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory value (config service location geofence test_geofence on_entry action 0)> TX54 User Guide...
  • Page 571 Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> ii. Add the action: (config)> add service location geofence test_geofence on_exit action end TX54 User Guide...
  • Page 572 0)> max_memory value (config service location geofence test_geofence on_exit action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: TX54 User Guide...

  • Page 573: Show Location Information

       Command line Show location information 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 574: Modbus Gateway

    Type quit to disconnect from the device. Modbus gateway The TX54 supports the ability to function as a Modbus gateway, to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the TX54 gateway allows for communication between buses and and networks that use the Modbus protocol.

  • Page 575: Configure The Modbus Gateway

    The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. TX54 User Guide...
  • Page 576 Whether packets should have their Modbus address adjusted downward before to delivery.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 577 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the TX54 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 578 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 579 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the TX54 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 580 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 581 17. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 582 Set the amount of time to wait before disconnecting the socket when it has become inactive: (config service modbus_gateway server test_modbus_server)> inactivity_timeout value (config service modbus_gateway server test_modbus_server)> where value is any number of minutes or seconds up to a maximum of 15 minutes, and takes the format number{m|s}. TX54 User Guide...
  • Page 583 (config service modbus_gateway server test_modbus_server)> serial idle_gap value (config service modbus_gateway server test_modbus_server)> where value is any number between 10 milliseconds and one second, and take the format number{ms|s}. For example, to set idle_gap to one second, enter 1000ms or 1s. TX54 User Guide...
  • Page 584 (config service modbus_gateway client test_modbus_client)> where value is either tcp or udp. ii. Set the port: (config service modbus_gateway client test_modbus_client)> socket port (config service modbus_gateway client test_modbus_client)> where port is an integer between 1 and 65535. The default is 502. TX54 User Guide...
  • Page 585 (config service modbus_gateway client test_modbus_client)> If connection_type is set to serial: i. Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_ client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------- TX54 User Guide...
  • Page 586 Set the maximum time to wait for a response to a message: (config service modbus_gateway client test_modbus_client)> response_ timeout value (config service modbus_gateway client test_modbus_client)> Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. TX54 User Guide...
  • Page 587 Modbuss address in the message. h. To adjust the Modbus server address downward by the specified value prior to delivering the message, use adjust_server_address: (config service modbus_gateway client test_modbus_client)> adjust_ server_address value (config service modbus_gateway client test_modbus_client)> TX54 User Guide...

  • Page 588: Show Modbus Gateway Status And Statistics

       WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, select Status > Modbus Gateway. The Modbus Gateway page appears. Statistics related to the Modbus gateway server are displayed. If the message Server connections not available is displayed, this indicates that there are no connected clients.
  • Page 589 Modbus gateway    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Use the...
  • Page 590 RX Responses RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 591: System Time

    Configure the system time for details about changing the default configuration. The TX54 device can also be configured to serve as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 592 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 593 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your TX54 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
  • Page 594    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 595: Manually Set The System Date And Time

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The TX54 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.

  • Page 596: Configure The Device As An Ntp Server

    3. Click Services > NTP. 4. Enable the TX54 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the TX54 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 597 No limit to IPv6 addresses that can access the NTP service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: a. Click Interfaces.
  • Page 598 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 599 See Configure the system time more information about NTP client configuration. 5. (Optional) Configure the access control list to limit downstream access to the TX54 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 600 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the TX54 device can use the NTP service. 6. (Optional) Set the timezone for the location of your TX54 device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 601: Show Status And Statistics Of The Ntp Server

       Command line Show NTP information 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 602: Configure A Multicast Route

    To configure a multicast route:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Multicast.
  • Page 603 Services Configure a multicast route 9. To add one or more destination interface that the TX54 device will send mutlicast packets to: a. Click to expand Destination interfaces. b. Click . c. For Destination interface, select the interface. d. Repeat for additional destination interfaces.
  • Page 604 Set the interface. For example: (config service multicast test)> src_interface /network/interface/wan1 (config service multicast test)> 8. Set a destination interface that the TX54 device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
  • Page 605 Services Configure a multicast route 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 606: Ethernet Network Bonding

    Ethernet network bonding Ethernet network bonding The TX54 device supports bonding mode for the Ethernet network. This allows you to configure the device so that Ethernet ports share one IP address. When both ports are being used, they act as one Ethernet network port.
  • Page 607 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 608: Enable Service Discovery (Mdns)

    Type quit to disconnect from the device. Enable service discovery (mDNS) Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server. You can enable the TX54 device to use mDNS.    WebUI...
  • Page 609 Services Enable service discovery (mDNS) 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Service Discovery (mDNS).
  • Page 610 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 611 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service mdns acl interface end value (config)>...

  • Page 612: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your TX54 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 613 To enable the iPerf3 server:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > iPerf.
  • Page 614 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 615 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service iperf acl interface end value (config)>...

  • Page 616: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the TX54 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...

  • Page 617: Configure The Ping Responder Service

    Done. Configure the ping responder service Your TX54 device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
  • Page 618 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 619 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add service iperf acl interface end value (config)>...
  • Page 620 6. Save the configuration and apply the change: (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 621: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the TX54 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 622 Applications The TX54 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 623: Configure Scripts To Run Automatically

    Whether the script should run one time only. Task one: Upload the application    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. TX54 User Guide...
  • Page 624 TX54 device. local-path is the location on the TX54 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the TX54 device, issue the following command: >...

  • Page 625: Task Two: Configure The Application To Run Automatically

    Use with care.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
  • Page 626 If Once is enabled, rebooting the device will cause the script to not run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Uncheck Once. 12. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 627 Configure scripts to run automatically    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 628 To log script errors to the system log: (config system schedule script 0)> syslog_stderr true (config system schedule script 0)> If syslog_stdout and syslog_stderr are not enabled, only the script's exit code is written to the system log. TX54 User Guide...

  • Page 629: Configure Scripts To Run Manually

    A label used to identify the script. The arguments for the script. Whether to write the script output and errors to the system log. The memory available to be used by the script. Whether the script should run one time only. TX54 User Guide...

  • Page 630: Task One: Upload The Application

    TX54 device. local-path is the location on the TX54 device where the copied file will be placed. TX54 User Guide...

  • Page 631: Task Two: Configure The Application To Run Automatically

    Use with care.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
  • Page 632 If Once is enabled, rebooting the device will cause the script to not run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Uncheck Once. 12. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 633 Configure scripts to run manually    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 634: Start A Manual Script

    You can start a script that is enabled and configured to have a run mode of Manual. See    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays:...

  • Page 635: Stop A Script That Is Currently Running

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 636: Show Script Information

    3. For scripts that are currently running, click Stop Script to stop the script.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 637: Run A Python Application At The Shell Prompt

    The Scripts page displays:    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 638 TX54 device. local-path is the location on the TX54 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to...

  • Page 639: Start An Interactive Python Session

    You can also create Python applications by using the vi command when logged in with shell access. 2. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 640 Applications Start an interactive Python session NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().

  • Page 641: Digidevice Module

    Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window...

  • Page 642: Use Digidevice.cli To Execute Cli Commands

    1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 643: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Help for using Python to execute TX54 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 644 For example, to use an interactive Python session to upload datapoints related to velocity, temperature, and the state of the emergency door: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 645 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload and datapoint.upload_multiple: 1. Log into the TX54 command line as a user with shell access.

  • Page 646: Use Digidevice.config For Device Configuration

    Use the config Python module to access and modify the device configuration. Read the device configuration 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 647 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 648: Use Python To Respond To Digi Remote Manager Sci Requests

    Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 649 Applications Digidevice module Use Remote Manager's SCI interface to create SCI requests that are sent to your TX54 device, and use the device_request module to send responses to those requests to Remote Manager. See the Digi Remote Manager Programmers Guide for more information on SCI.
  • Page 650 Remote Manager. 1. Create a Python application, called showsystem.py, that uses the digidevice.cli module to create a response containing information about device and the device_request module to respond with this information to a request from Remote Manager: TX54 User Guide...
  • Page 651 This can be done from either the WebUI or the command line:    WebUI i. Log into the TX54 WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 652 Click Apply to save the configuration and apply the change.    Command line i. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 653 > reboot To run the application from the shell prompt: i. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 654 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi TX54 Serial Number : TX54-000068 Hostname : TX54 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 21.8.24.120...
  • Page 655 Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_ request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi TX54 Serial Number : TX54-000023 Hostname : TX54 : 00:40:D0:26:79:1C Hardware Version : 50001959-01 A Firmware Version : 21.8.24.120...
  • Page 656 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the TX54 command line as a user with shell access.

  • Page 657: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 658 Modify the runtime database Use the set() method to modify the runtime database: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 659: Use Python To Upload The Device Name To Digi Remote Manager

    Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 660 5. Click Send. Upload a custom name 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 661: Use Python To Access The Device Location Data

    5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to access the device location data The location submodule enables access to the location data for the TX54 device. The module takes a snapshot of location data stored in the runt database. The location data snapshot can be subsequently updated by using the update method.
  • Page 662 The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 663 The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 664 Help for the digidevice location module Get help for the digidevice location module: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 665: Use Python To Set The Maintenance Window

    Schedule system maintenance tasks for more details. 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 666 Help for the digidevice maintenance module Get help for the digidevice maintenance module: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 667: The Digidevice Led Submodule

    Applications Digidevice module The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the TX54 device. With this submodule, you can: Gain control of the LED with the led.acquire() function. Define the state of the LED with the led.set() function.
  • Page 668 LED state is not updated until Python releases control of the LED. When the LED is returned to system control, the state of the LED will reflect the correct, recorded state information. TX54 User Guide...

  • Page 669: Use Python To Send And Receive Sms Messages

    You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
  • Page 670 Digidevice module    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 671: Use The Human Interface Device (Hid) Module

    Python script. For example, to determine information about a USB-connected keyboard: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 672: Help For The Hid Module

    Help for the hid module Get help for the hid module: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 673: Use Python To Access Serial Ports

    Use Python to access serial ports You can use the Python serial module to access serial ports on your TX54 device that are configured to be in Application mode. For example, you can configure USB ports to function serial ports and interact programmatically with those ports.

  • Page 674: Use The Paho Mqtt Python Library

    6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your TX54 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 675 = cmd_path[len(PREFIX_CMD):] else: print("Invalid command path ({}), cannot send reply".format(cmd_path)) return reply = { "cmd": cmd, "status": status client.publish(PREFIX_RSP + path + "/" + cid, json.dumps(reply, separators= (',',':'))) def on_connect(client, userdata, flags, rc): print("Connected to MQTT server") TX54 User Guide...
  • Page 676 'r') as f: for line in f: elems = line.split() if len(elems) != 5: continue leases.append({"mac": elems[1], "ip": elems[2], "host": elems [3]}) if leases: client.publish(PREFIX_EVENT + "/leases", json.dumps(leases, separators=(',',':'))) except: print("Failed to open DHCP leases file") TX54 User Guide...

  • Page 677: Use The Local Rest Api To Configure The Tx54 Device

    Use the local REST API to configure the TX54 device Your TX54 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...

  • Page 678: Use The Get Method To Return Device Configuration Information

    To determine allowed values for path from the Admin CLI: 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 679 Applications Use the local REST API to configure the TX54 device ping Ping responder snmp SNMP telnet Telnet web_admin Web administration (config)> service For example, to use curl to return the ssh configuration: $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh - X GET Enter host password for user 'admin': ok": true,...

  • Page 680: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Applications Use the local REST API to configure the TX54 device Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters, use the POST method with the path and value parameters.
  • Page 681 Applications Use the local REST API to configure the TX54 device where path is the path to the list item, including the list number, in dot notation (for example, service.ssh.acl.zone.4). For example, to remove the external firewall zone to the ssh service: 1.

  • Page 682: User Authentication

    User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for TX54 users Example user configuration TX54 User Guide...

  • Page 683: Tx54 User Authentication

    User authentication TX54 user authentication TX54 user authentication User authentication on the TX54 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 684 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. TX54 User Guide...

  • Page 685: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 686 This procedure describes how to add methods to various places in the list. 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 687: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 688 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 689: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second: 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 690 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 691: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the TX54 device by using the serial console. Preconfigured authentication groups The TX54 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access and Shell access.

  • Page 692: Change The Access Rights For A Predefined Group

    For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. Full access provides users of this group with the ability to manage the TX54 device by using the WebUI or the Admin CLI.
  • Page 693 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 694: Add An Authentication Group

    Access rights to OpenVPN tunnels, and the tunnels to which they have access. Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI TX54 User Guide...
  • Page 695 For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the TX54 device by using the WebUI or the Admin CLI. TX54 User Guide...
  • Page 696 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 697 (config)> where value is either: full: provides users of this group with the ability to manage the TX54 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 698: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the TX54 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
  • Page 699 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 700: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each TX54 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 701: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 702 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. TX54 User Guide...

  • Page 703: Configure A Local User

    Local users    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 704 To configure a local user:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 705 8. (Optional) Add SSH keys for the user to use passwordless SSH login: a. Click SSH keys. b. In Add SSH key, paste or type a public encryption key that this user can use for passwordless SSH login and click . TX54 User Guide...
  • Page 706 For Code, enter the scratch code. The code must be eight digits, with a minimum of 10000000. iv. Click  again to add additional scratch codes. 10. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 707 Local users    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 708 Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> TX54 User Guide...
  • Page 709 Configure the valid code window size. This represents the allowed number of concurrently valid codes. In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. TX54 User Guide...

  • Page 710: Delete A Local User

    10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your TX54:    WebUI TX54 User Guide...
  • Page 711 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 712 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 713: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the TX54 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 714: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your TX54. Alternatively, if the user is also configured as a local user on the TX54 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.

  • Page 715: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your TX54 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 716 TACACS+ authentication fails. Other authentication methods will only be used if the TACACS+ server is unavailable. 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the TX54 authentication group or groups that the user is a member of. TX54 User Guide...
  • Page 717 For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the TX54 configuration. 8. Add TACACS+ to the authentication methods: a. Click Authentication > Methods.
  • Page 718 TACACS+ server's configuration. For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the TX54 configuration. (config)> auth tacacs+ service service-name (config)> 6. Add a TACACS+ server: a.

  • Page 719: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the TX54 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 720: Radius User Configuration

    TX54. Alternatively, if the user is also configured as a local user on the TX54 device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See Authentication groups more information about authentication groups.

  • Page 721: Configure Your Tx54 Device To Use A Radius Server

    If the RADIUS servers are unavailable and the TX54 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
  • Page 722 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the TX54 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the TX54 device by using ssh, the default value is sshd.
  • Page 723 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 724: Ldap

    User authentication LDAP If you are accessing the TX54 device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the TX54 device by using ssh, the default value is sshd. (config)> auth radius nas_id id (config)>...
  • Page 725 When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the TX54 device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 726: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your TX54 device.

  • Page 727: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your TX54 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 728 User authentication LDAP 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
  • Page 729 If this attribute is not set, the user will be denied access. 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of TX54 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 730 LDAP    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 731 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of TX54 authentication groups that the authenticated user has access to. See...

  • Page 732: Configure Serial Authentication

    This section describes how to configure authentication for serial access.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 733 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 734: Disable Shell Access

    To prohibit access to the shell prompt for all authentication groups, disable the Allow shell parameter.. This does not prevent access to the Admin CLI. Note If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    WebUI TX54 User Guide...
  • Page 735 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 736: Set The Idle Timeout For Tx54 Users

    By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 737 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 738 User authentication Set the idle timeout for TX54 users 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 739: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 740 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 741: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the TX54 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 742 User authentication Example user configuration This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. TX54 User Guide...
  • Page 743 The authentication group on the TX54 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the TX54 WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. TX54 User Guide...
  • Page 744 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. TX54 User Guide...
  • Page 745 Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the TX54 device, admin, is identified in the Unix-FTP- Group-Names parameter. c. Save and close the users file. TX54 User Guide...
  • Page 746 Save and close the tac_plus.conf file. 3. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 747 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...
  • Page 748 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Web filtering TX54 User Guide...

  • Page 749: Firewall Configuration

    The default zone for hotspots. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the TX54 to be forwarded to other servers by translating the destination address. Packet filtering: A list of packet filtering rules that determine whether to accept or reject network connections that are forwarded through the TX54.
  • Page 750 Firewall Firewall configuration 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Zones. 4. In Add Zone, enter a name for the zone and click .

  • Page 751: Configure The Firewall Zone For A Network Interface

    Firewall Firewall configuration 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...
  • Page 752 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 753: Delete A Custom Firewall Zone

    5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 754: Port Forwarding Rules

    The IP version (either IPv4 or IPv6) that incoming network connections must match. The protocols that incoming network connections must match. A white list of devices, based on either IP address or firewall zone, that are authorized to leverage this forwarding rule. To configure a port forwarding rule: TX54 User Guide...
  • Page 755 Port forwarding rules    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
  • Page 756 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 757 7. Set the type of internet protocol . (config firewall dnat 0)> protocol value (config firewall dnat 0)> Network connections will only be forwarded if they match the selected protocol. Allowed values are custom, tcp, tcpudp, or upd. The default is tcp. TX54 User Guide...
  • Page 758 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. TX54 User Guide...

  • Page 759: Delete A Port Forwarding Rule

    To delete a port forwarding rule:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 760 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 761 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 762: Packet Filtering

    Packet filtering By default, there are two preconfigured packet filtering rules: Allow all outgoing traffic: Monitors traffic going to and from the TX54 device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data.
  • Page 763 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 764 Packet filtering    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 765 (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 TX54 User Guide...

  • Page 766: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 767 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 768: Delete A Packet Filtering Rule

    To delete a packet filtering rule:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
  • Page 769 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 770: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.
  • Page 771 Configure custom firewall rules    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 772: Configure Captive Portals

    To configure captive portals:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Captive portals.
  • Page 773 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 774 For example, to set Session timeout to ten minutes, enter either 10m or 600s: (config firewall portal portal1)> timeout 600s (config firewall portal portal1)> TX54 User Guide...
  • Page 775 11. (Optional) Set the URL to which the user will be directed when granted access to the portal. If left blank, the user will be directed to the domain of the URL in the original access request. (config firewall portal portal1)> url https://myportal.com (config firewall portal portal1)> TX54 User Guide...

  • Page 776: Delete Captive Portals

    To delete captive portals:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Captive portals.

  • Page 777: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the TX54 device on the binding's interface. By default, the TX54 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 778 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 779 Type quit to disconnect from the device. Create a new binding    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 780 Allowed value is any integer between 1 and 1000. 9. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. a. Click to expand Policy. b. For Add Policy, click . TX54 User Guide...
  • Page 781 New QoS binding policy rules are enabled by default. To disable, click Enable. iii. (Optional) Type a Label for the binding policy rule. iv. For Type Of Service, type the value of the Type of Service (ToS) packet header that defines packet priority. If unspecified, this field is ignored. TX54 User Guide...
  • Page 782 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 783 Configure Quality of Service options    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 784 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> TX54 User Guide...
  • Page 785 IP port number, a range of port numbers using the format IP_port- IP_port, or any. vii. Set the destination port to define a destination matching criteria: (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> TX54 User Guide...
  • Page 786 (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: TX54 User Guide...
  • Page 787 (config network qos 2 policy 0 rule 0)> dst interface /network/interface/wan1 (config network qos 2 policy 0 rule 0)> address: Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: TX54 User Guide...

  • Page 788: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the TX54 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 789 Task two: Configure web filtering    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Web filtering service.
  • Page 790 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your TX54 is invalid, you can clear the device ID.    Command line 1.

  • Page 791: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 792 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 793 Add the second DNS server: i. Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> TX54 User Guide...

  • Page 794: Verify Your Web Filtering Configuration

    Cisco open DNS servers. 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 795 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the TX54 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.

  • Page 796: Show Web Filter Service Information

    Cisco open DNS servers. 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 797 Firewall Web filtering 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, use the...

  • Page 798: Upload A New Lxc Container

    Containers The TX54 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.

  • Page 799: Configure A Container

    Serial ports on the device that the container will have access to.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 800 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 801 (config system container name)> gateway IP_address (config system container name)> 7. (Optional) Assign serial ports that the container will have access to: a. Determine available serial ports: (config system container name)> ... serial Serial Additional Configuration --------------------------------------------------------------------- ---------- port1 Port 1 TX54 User Guide...

  • Page 802: Starting And Stopping The Container

    Starting a container in non-persistent mode To start the container in non-persistent mode: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 803: Stopping The Container

    To start the container in persistent mode, include the -p option at the command line. For example: 1. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 804: Schedule A Script To Run In The Container

    2. Execute a ping command every ten seconds from inside the container.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 805 /bin/ping -c 1 IP_address For example: lxc test_lxc /bin/ping -c 1 192.168.1.146 9. Click to disable Sandbox. Sandbox restrictions are not necessary when a container is used. 10. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 806 Schedule a script to run in the container    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 807: Create A Custom Container

    In this example, we will use a simple container file named test_lxc.tgz. You can download test_lxc.tgz from the Digi website. At the command line of a Linux host, we will unpack the file, add a simple python script, and create a new container file that includes the python script.

  • Page 808: Test The Custom Container File

    If deselected, you will need to create the configuration manually. vi. Click Apply. 2. Log into the TX54 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 809: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your TX54 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configure power button behavior Configure power input voltage...

  • Page 810: Review Device Status

    Show basic system information: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 811: Configure System Information

    Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your TX54 device, such as providing a name and location for the device. TX54 User Guide...
  • Page 812 A banner that will be displayed when users access terminal services on the device. To enter system information:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System.

  • Page 813: Update System Firmware

    For example, TX54-Dual-Cellular-21.8.24.120.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that...

  • Page 814: Certificate Management For Firmware Images

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The TX54 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 815 Newest firmware version available to download is '21.8.24.120' Device firmware update from '21.5.56.129' to '21.8.24.120' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 21.5.56.129...
  • Page 816 Reboot the device: > reboot > Update firmware from a local file    WebUI 1. Download the TX54 operating system firmware from the Digi Support FTP site to your local machine. Note For TX54 devices, there are three platform variants: TX54-Dual-Cellular TX54-Dual-Wi-Fi TX54-Single-Cellular Download the correct firmware for your variant of the TX54 device.
  • Page 817 TX54 device. local-path is the location on the TX54 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/TX54-Dual- Cellular-21.8.24.120.bin local /etc/config/ to local...

  • Page 818: Dual Boot Behavior

    > reboot Rebooting system > 7. Once the device has rebooted, log into the TX54's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 819: How To Recover A Tx54 That Will Not Boot

    When a TX54 device is in this state, the device will continually reboot as it attempts to boot one of the firmware images that are stored on the device. The LED state will be as follows:...

  • Page 820: Update Cellular Module Firmware

    To recover the TX54 device, you will need a TFTP server that has an IP address of 192.168.1.100. The TX54 will use an IP address of 192.168.1.1. 5. Hold in the reset button on the TX54 and power on the device. The LEDs will begin flashing green.

  • Page 821: Update Modem Firmware Over The Air (Ota)

      Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the TX54 command line as a user with Admin access.
  • Page 822 Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. For single-cellular variants, type: > modem firmware ota list Retrieving modem firmware list ...
  • Page 823 (IMEI: 73342482496112) - Telit LM940 wwan1 (IMEI: 83152092446664) - Telit LM940 > b. Use the name or imei parameter to query the Digi firmware repository for the specified modem. For example: > modem firmware ota list name wwan1 Retrieving modem firmware list ...
  • Page 824 Retrieving download location for modem firmware '24.01.5x4_ ATT' ... > To perform an OTA firmware update by using a specific version from the Digi firmware repository: For single-cellular variants, use the version parameter to identify the appropriate firmware version as determined using the modem firmware ota check or modem firmware ota list command.

  • Page 825: Update Modem Firmware By Using A Local Firmware File

    Type quit to disconnect from the device. Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your TX54 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware.
  • Page 826 Checking for latest ATT firmware in flash ... Newest firmware version available in flash is '05.05.58.00_ATT_ 005.026_000' Modem firmware up to date 05.05.58.00_ATT_005.026_000 > 3. Use the modem firmware list command to list available firmware on the TX54 device. TX54 User Guide...
  • Page 827 Available modems: wwan2 (IMEI: 73342482496112) - Telit LM940 wwan1 (IMEI: 83152092446664) - Telit LM940 > b. Use the name or imei parameter to query the TX54 device. For example: > modem firmware list name wwan1 ATT, 24.01.544_ATT, current Generic, 24.01.514_Generic, image Verizon, 24.01.524_Verizon, image...

  • Page 828: Reboot Your Tx54 Device

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Reboot your TX54 device You can reboot the TX54 device immediately or schedule a reboot for a specific time every day. TX54 User Guide...

  • Page 829: Reboot Your Device Immediately

    Schedule reboots of your device    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. TX54 User Guide...
  • Page 830 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 831: Erase Device Configuration And Reset To Factory Defaults

    Erases all automatically generated certificates and keys. You can also reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command.    WebUI TX54 User Guide...
  • Page 832 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the TX54 by using the serial port or by using an Ethernet cable to connect the TX54 LAN1 port to your PC. b. Log into the TX54: User name: Use the default user name: admin.
  • Page 833 2. Enter the following: > system factory-erase 3. After resetting the device: a. Connect to the TX54 by using the serial port or by using an Ethernet cable to connect the TX54 LAN1 port to your PC. b. Log into the TX54: User name: Use the default user name: admin.

  • Page 834: Configure The Tx54 Device To Use Custom Factory Default Settings

    Configure the TX54 device to use custom factory default settings You can configure your TX54 device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 835 1. Log into the TX54 WebUI as a user with Admin access. 2. Configure your TX54 device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.

  • Page 836: Locate The Device By Using The Find Me Feature

    Select the file from your local file system.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 837: Configure Power Button Behavior

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 838 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 839: Configure Power Input Voltage

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure power input voltage The TX54 device supports multiple power voltage levels, and can be configured to respond to various ranges of power input. Required configuration items The required input voltage.
  • Page 840 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 841: Power Ignition Sensor

    Type quit to disconnect from the device. Power ignition sensor When the TX54 device is used in a vehicle, Digi recommends that you use the ignition sense line. This allows the device to properly shutdown when the vehicle is turned off.

  • Page 842: Configure Power Delays For Power Ignition Sensor

    Configure power delays for power ignition sensor By default, the TX54 device automatically powers on when it detects power on the ignition sensor, and powers off when it detects that there is no power on the ignition sensor, and there is no delay for either power on or power off based on the power ignition sensor.
  • Page 843 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 844: Configuration Files

    Save configuration changes When you make changes to the TX54 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 845: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your TX54 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 846: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your TX54 device by using a backup from the device, or a backup from a similar device. ...
  • Page 847 TX54 device. local-path is the location on the TX54 device where the copied file will be placed. TX54 User Guide...
  • Page 848 > system restore filepath [passphrase passphrase] where filepath is the the path and filename of the configuration backup file on the TX54's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.

  • Page 849: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 850 For Duration window, select the amount of time that the maintenance tasks will be run. If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. TX54 User Guide...
  • Page 851 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 852 If the duration length is set to 0, all scheduled tasks will begin at the exact time specified in the start time. If the duration length is set to 24 hours, the start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time. TX54 User Guide...
  • Page 853 (config)> system schedule maintenance firmware_update_check device false (config)> b. Set how often automated checking for device firmware should take place: (config)> system schedule maintenance frequency value (config)> where value is either daily, weekly, or monthly. daily is the default. TX54 User Guide...

  • Page 854: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your TX54 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
  • Page 855 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 TX54 User Guide...

  • Page 856: Configure The Speed Of Your Ethernet Ports

    Gateway: 192.168.210.1 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your TX54 device. 3. Open a telnet session and connect to the TX54 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 857 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 858 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...
  • Page 859 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Enable the Bluetooth scanner Enable the Wi-Fi scanner TX54 User Guide...

  • Page 860: Intelliflow

    WebUI. To use intelliFlow, the TX54 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 861 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 862 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 863: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 864: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 865 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. TX54 User Guide...

  • Page 866: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 867: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the TX54 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 868 Configure NetFlow Probe    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 869 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 870 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. TX54 User Guide...
  • Page 871 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 872: Enable The Bluetooth Scanner

    Enable the Bluetooth scanner Enable the Bluetooth scanner The Bluetooth scanner allows you to configure your TX54 device to detect BLE-enabled devices that are nearby, and can be configured to open an SSH port that remote hosts can access to read basic information about those devices.
  • Page 873 To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv4 address or network that can access the device's SSH service. Allowed values are: TX54 User Guide...
  • Page 874 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 875 No limit to IPv4 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add monitoring bluetooth_scanner ssh acl address6 end value (config)> Where value can be: TX54 User Guide...
  • Page 876 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add monitoring bluetooth_scanner ssh acl interface end value (config)>...

  • Page 877: Display The Output Of The Bluetooth Scanner

    From the command line when logged into the TX54 device. From a remote host, by connecting to the TX54 device by using the scanner's SSH port. To view the output of the Bluetooth scanner, you must first enable the service. See...
  • Page 878 Monitoring Enable the Bluetooth scanner 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, select Status > Bluetooth. The Bluetooth scanner page displays. Note The Bluetooth scanner status page does not update automatically. You must refresh the page to display the latest output from the Bluetooth scanner.

  • Page 879: Enable The Wi-Fi Scanner

    Monitoring Enable the Wi-Fi scanner (R)|VOID|VOID|-55 TX54|Hopkins, MN|2019-06-28 17:08:59|B6-21-0B-23-AE-FC|Apple, Inc.|VOID|VOID|- Bluetooth scanner output The output from the Bluetooth scanner includes the following information: Field Description Field 1 The name of the device, as configured for the system. Field 2 The location of the device, as configured for the system.
  • Page 880 The access control list for the SSH port used by the Wi-Fi scanner to stream output to a remote host. When the Wi-Fi scanner is enabled, the TX54 device will automatically configure its firewall rules to allow incoming connections on the configured listening port. You can restrict access by configuring the access control list for the Wi-Fi scanner's listening port.
  • Page 881 MAC address. The file should take the format of one MAC address or OUI per line. For example, the following example file, /etc/config/scripts/blocklist.txt, will blocklist all devices with the OUI of 00.00.00, and also blocklist the three listed MAC addresses: 00:00:00 11:09:44:61:41:62 TX54 User Guide...
  • Page 882 Enable the Wi-Fi scanner D0:40:FA:03:3A:92 3E:0F:20:CF:82:40 Upload and download files for information about uploading a file to the TX54 device's filesystem. d. For Wi-Fi device type to report, select either Access points, Clients, or All. The default is All. e. (Optional) Configure the device to automatically determine what Wi-Fi signal transmitters are stationary, and to exclude stationary devices from the output log: i.
  • Page 883 No limit to IPv6 addresses that can access the SSH service. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: i. Click Interfaces.
  • Page 884 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 885 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the TX54 device: (config)> add wifi scanner ssh acl interface end value (config)>...
  • Page 886 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> Repeat this step to list additional firewall zones. TX54 User Guide...

  • Page 887: Display The Output Of The Wi-Fi Scanner

    System Logs page. From the command line when logged into the TX54 device. From a remote host, by connecting to the TX54 device by using the scanning service's SSH port. To view the output of the Wi-Fi scanning service, you must first enable the service. See...
  • Page 888 To view the output of the Wi-Fi scanner from either the Admin CLI menu: 1. Log into the TX54 command line. 2. At the Access selection menu, type Wi-Fi. The Wi-Fi option is only available if the Wi-Fi scanning service is enabled. See...
  • Page 889 For example, to view the output of the scanner by using the default Wi-Fi scanning service port of 3101: $ ssh user@device-ip -p 3101 Password: After logging into your device, it will display the output from the Wi-Fi scanning service in your shell. For example: TX54|Hopkins, MN|1561754337|D0-81-C0-D5-E3-B0|D0-81-C0-D5-E3-B0|48|<hidden- ssid>| -1 TX54|Hopkins, MN|1561754369|27-96-16-79-C9-0C|27-96-16-79-C9-0C|48|TX54-000488- TX54 User Guide...
  • Page 890 SSID, the channel will be listed as -1 . Field 7 If the device is a Wi-Fi access point, the SSID of the access point. Field 8 The Received Signal Strength Indicator (RSSI). TX54 User Guide...

  • Page 891: Central Management

    Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 892: Digi Remote Manager Support

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your TX54 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Disable the Digi Remote Manager connection if it is not required.
  • Page 893 Central management Configure Digi Remote Manager TX54 User Guide...
  • Page 894 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the TX54 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 895 16. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 896 (config)> cloud drm drm_url url (config)> 6. (Optional) Set the amount of time that the TX54 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
  • Page 897 Central management Configure Digi Remote Manager 8. (Optional) Set the amount of time that the TX54 device should wait between sending keep- alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 898 (Optional) Set the service identifier: (config)> cloud drm sms sercice_id id (config)> 1. (Optional) Configure the TX54 device to communicate with remote cloud services by using an HTTP proxy server: a. Enable the use of an HTTP proxy server: (config)> cloud drm proxy enable true (config)>...

  • Page 899: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 900 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
  • Page 901 (config)> When disabled, all metrics are uploaded every Health sample interval. 6. (Optional) Tuning parameters allow to you configure what data are uploaded to the Digi Remote Manager. By default, all tuning parameters are enabled. To view a list of all available tuning parameters, use the show command: (config)>...

  • Page 902: Enable Event Log Upload To Digi Remote Manager

    Type quit to disconnect from the device. Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval: ...

  • Page 903: Log Into Digi Remote Manager

    6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 904 Central management Log into Digi Remote Manager 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account. TX54 User Guide...

  • Page 905: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 906: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your TX54 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...

  • Page 907: Configure Multiple Devices Using Profiles

    Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple TX54 routers. Typically, if you want to provision multiple TX54 routers: 1. Using the TX54 local WebUI, configure one TX54 router to use as the model configuration for all subsequent TX54s you need to manage.

  • Page 908: Learn More

    Central management Learn more Learn more For information on using Digi Remote Manager to configure and manage TX54 routers, see the Digi Remote Manager User Guide. For information on using Digi Remote Manager APIs to develop custom applications, see the Digi Remote Manager Programmer Guide.
  • Page 909 File system This chapter contains the following topics: The TX54 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 910: File System

    The TX54 local file system The TX54 local file system The TX54 local file system has approximately 500 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 911: Create A Directory

    For example: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 912: Display File Contents

    For example:    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 913: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 914: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 915: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 916: Upload And Download Files By Using The Secure Copy Command

    TX54 device. local-path is the location on the TX54 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the TX54 device, issue the following command: >...

  • Page 917: Upload And Download Files Using Sftp

    TX54 device. For example: To copy a support report from the TX54 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 918 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit TX54 User Guide...
  • Page 919 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems TX54 User Guide...

  • Page 920: Perform A Speedtest

    To perform a speedtest:    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 921 Attach the support report to any support requests.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 922: View System And Event Logs

    View System Logs    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 923 5. Click  to download the system log.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 924: View Event Logs

    6. Click  to download the event log.    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 925 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 926: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 927 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 928: Configure Options For The Event And System Logs

    30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI TX54 User Guide...
  • Page 929 Diagnostics Configure options for the event and system logs 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Log.
  • Page 930 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the TX54 device erases system logs each time the device is powered off or rebooted.
  • Page 931 Use the question mark (?) to determine what events are available for DHCP server logging configuration: (config)> system log event dhcpserver ? DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. TX54 User Guide...
  • Page 932 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. TX54 User Guide...

  • Page 933: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The TX54 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 934: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the TX54 WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
  • Page 935 Click Ignore this protocol if the filter should ignore packets that use this protocol. By default, is option is disabled, which means that the filter will capture packets that use TX54 User Guide...
  • Page 936 Click  to add additional VLAN filters. g. For Berkeley packet filter expression, type a filter using Berkeley Packet Filter (BPF) syntax. See Example filters for capturing data traffic for examples of filters using BPF syntax. TX54 User Guide...
  • Page 937 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change. TX54 User Guide...
  • Page 938 Analyze network traffic    Command line 1. Log into the TX54 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 939 (config network analyzer name filter protocol 0)> protocol ? IP protocol to capture or ignore: IP protocol to capture or ignore. Format: icmp icmpv6 igmp ospf other vrrp Current value: (config network analyzer name filter protocol 0)> TX54 User Guide...
  • Page 940 (Optional) Set the filter should ignore packets from this port: (config network analyzer name filter port 0)> ignore true (config network analyzer name filter port 0)> By default, is option is set to false, which means that the filter will capture packets from this port. TX54 User Guide...
  • Page 941 (config network analyzer name filter vlan 0)> ii. Set the VLAN that should be be captured or ignored: (config network analyzer name filter vlan 0)> vlan value (config network analyzer name filter vlan 0)> where value is number o the VLAN. TX54 User Guide...
  • Page 942 Runs the script at a specified time of the day. If set_time is set, set the time that the script should run, using the format HH:MM: (config network analyzer name)> run_time HH:MM (config network analyzer name)> maintenance_time: The script will run during the system maintenance time window. TX54 User Guide...

  • Page 943: Example Filters For Capturing Data Traffic

    BPF syntax. Example IPv4 capture filters Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 Capture traffic from IP host 192.168.1.1: ip src host 192.168.1.1 Capture traffic to IP host 192.168.1.1: ip dst host 192.168.1.1 TX54 User Guide...

  • Page 944: Capture Packets From The Command Line

    Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer for packet capture configuration information. To start packet capture from the command line: TX54 User Guide...

  • Page 945: Stop Capturing Packets

    Analyze network traffic    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 946: Show Captured Traffic Data

    To show captured data traffic:    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 947: Save Captured Data Traffic To A File

       Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. TX54 User Guide...

  • Page 948: Download Captured Data To Your Pc

    WebUI or from the command line by using the (secure copy file) command.    WebUI 1. Log into the TX54 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. TX54 User Guide...

  • Page 949: Clear Captured Data

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 950 To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. TX54 User Guide...

  • Page 951: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 952 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the TX54 device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.

  • Page 953: Digi Tx54 Regulatory And Safety Statements

    Radio Frequency Interference (RFI) (FCC 15.105) The Digi TX54 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
  • Page 954 Digi TX54 regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market. Refer to the radio regulatory agency in the desired countries of operation for more information.

  • Page 955: Anatel (Brazil)

    Digi TX54 regulatory and safety statements ANATEL (Brazil) ANATEL (Brazil) Modelo: TX54-A106/TX54-A206 04208-19-01209 Para maiores informações, consulte o site da ANATEL www.anatel.gov.br Este equipamento não tem direito à proteção contra interferência prejudicial e não pode causar interferência em sistemas devidamente autorizados.

  • Page 956: Maximum Transmit Power For Radio Frequencies

    Digi TX54 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...

  • Page 957: Rohs Compliance Statement

    However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance. Digi International assumes no liability for an end user’s failure to comply with these precautions.

  • Page 958: Product Disposal Instructions

    At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU TX54 User Guide...
  • Page 959 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español TX54 User Guide...

  • Page 960: English

    Do not power on the unit in any aircraft. Operation of this equipment in a residential environment could cause radio interference. For ambient temperatures above 60° C, this equipment must be installed in a Restricted Access Location only. TX54 User Guide...

  • Page 961: Bulgarian--Бъ Л Га Рс Ки

    З а окол ни т е м пе ра т ури на д 60 ° C, т ов а оборудв а не т ря бв а да с е инс т а л ира с а м о на м я с т о с огра нич е н дос т ъ п. TX54 User Guide...

  • Page 962: Croatian--Hrvatski

    ​ ​ j edinicu ni u jednom zrakoplovu. Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje. Za okolne temperature iznad 60 ° C, ova oprema mora biti instalirana samo na mjestu s ograničenim pristupom. TX54 User Guide...

  • Page 963: French--Français

    L'utilisation de cet équipement dans un environnement résidentiel peut provoquer des interférences radio. Pour des températures ambiantes supérieures à 60 °C, cet équipement doit être installé uniquement dans un emplacement à accès restreint. TX54 User Guide...

  • Page 964: Greek--Ε Λλην Ικά

    Γ ια θερ μοκρ ασ ίες περ ιβάλλον τ ος άν ω τ ων 60 ° C, αυτ ός ο εξ οπλισ μός πρ έπει ν α εγ κατ ασ τ αθεί μόν ο σ ε θέσ η περ ιορ ισ μέν ης πρ όσ βασ ης TX54 User Guide...

  • Page 965: Hungarian--Magyar

    60 ° C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. TX54 User Guide...

  • Page 966: Italian--Italiano

    Non accendere l'unità in nessun aereo. Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare interferenze radio. Per temperature ambiente superiori a 60° C, questa apparecchiatura deve essere installata solo in un luogo ad accesso limitato. TX54 User Guide...

  • Page 967: Latvian--Latvietis

    Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus. Ja apkārtējā temperatūra pārsniedz 60 ° C, šī iekārta jāuzstāda tikai ierobežotas piekļuves vietā. TX54 User Guide...

  • Page 968: Lithuanian--Lietuvis

    Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. Naudojant šią įrangą gyvenamojoje aplinkoje, gali kilti radijo trukdžių. Esant aukštesnei nei 60 ° C aplinkos temperatūrai, ši įranga turi būti montuojama tik riboto patekimo vietoje. TX54 User Guide...

  • Page 969: Polish--Polskie

    życie. Nie włączaj urządzenia w żadnym samolocie. Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe. W przypadku temperatur otoczenia powyżej 60°C urządzenie to należy instalować wyłącznie w miejscach o ograniczonym dostępie. TX54 User Guide...

  • Page 970: Portuguese--Português

    Não ligue a unidade em nenhuma aeronave. A operação deste equipamento em um ambiente residencial pode causar interferência de rádio. Para temperaturas ambientes acima de 60 ° C, este equipamento deve ser instalado apenas em locais de acesso restrito. TX54 User Guide...

  • Page 971: Slovak--Slovák

    života. Jednotku nezapínajte v žiadnom lietadle. Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové rušenie. Pri teplotách okolia nad 60 ° C musí byť toto zariadenie inštalované iba na mieste s obmedzeným prístupom. TX54 User Guide...

  • Page 972: Slovenian--Esloveno

    življenja. Enote ne vklopite v nobenem letalu. Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje. Pri temperaturah okolice nad 60 ° C mora biti ta oprema nameščena samo na lokaciji z omejenim dostopom. TX54 User Guide...

  • Page 973: Spanish--Español

    El funcionamiento de este equipo en un entorno residencial puede provocar interferencias de radio. Para temperaturas ambiente superiores a 60 ° C, este equipo debe instalarse únicamente en una ubicación de acceso restringido. TX54 User Guide...

  • Page 974: Digitx54 Certifications

    International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1...
  • Page 975 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 1010 TX54 User Guide...

  • Page 976: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the TX54 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 977: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. TX54 login: 3. Log into the TX54 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 978: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the TX54 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...

  • Page 979: Display Help For Individual Commands

    Show USB information. version Show firmware version. wifi Show Wi-Fi statistics. wifi-scanner Show Wi-Fi scanner information. > show 2. To display additional information about a specific command: > show wifi ? Commands ------------------------------------------------------------------------ Show Wi-Fi access points. TX54 User Guide...

  • Page 980: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Auto-complete applies to these command elements only : Command names. For example, typing net<Tab> auto-completes the command as network. Parameter names. For example: ping hostname int<Tab> auto-completes the parameter as interface. system b<Tab> auto-completes the parameter as backup. TX54 User Guide...
  • Page 981 Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. TX54 User Guide...

  • Page 982: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the TX54 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the TX54 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 983: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the TX54 device from a remote host, or to the remote host from the TX54 device.

  • Page 984: Display Status And Statistics Using The Show Command

    TX54 device. For example: To copy a support report from the TX54 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 985: Show System

    "445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi TX54 Serial Number : TX54-000065 : TX54 Hostname : TX54 MAC Address : DF:DD:E2:AE:21:18...

  • Page 986: Device Configuration Using The Command Line Interface

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The TX54 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 987 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. Parameters Current Value ------------------------------------------------------------------------- enable true Enable [private] Private key port Port Additional Configuration ------------------------------------------------------------------------- Access control list mdns > config service ssh TX54 User Guide...

  • Page 988: Configuration Mode

    1. At the config prompt, enter service to move to the service node: (config)> service (config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> TX54 User Guide...

  • Page 989: Save Changes And Exit Configuration Mode

    Configuration actions Description cancel Discards unsaved configuration changes and exits configuration mode. save Saves configuration changes and exits configuration mode. validate Validates configuration changes. Reverts the configuration to default revert settings. See The revert command more information. TX54 User Guide...

  • Page 990: Display Command Line Help In Configuration Mode

    2. You can then display help for the additional configuration commands. For example, to display help for the config service command, use one of the following methods: At the config prompt, enter service ?: (config)> service ? TX54 User Guide...
  • Page 991 Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter ? to display help for the ssh node: (config service ssh)> ? TX54 User Guide...
  • Page 992 (config service ssh)> enable ? (config service ssh)> Either of these methods will display the following information: (config)> service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Current value: true TX54 User Guide...

  • Page 993: Move Within The Configuration Schema

    You can also move back multiples nodes in the configuration by typing multiple sets of two periods: (config service ssh acl zone)> ..(config service)> Move to the root of the config prompt from anywhere within the configuration by entering three periods (...): (config service ssh acl zone)> ... (config)> TX54 User Guide...

  • Page 994: Manage Elements In Lists

    2. Use the end keyword to add the admin group to the user's configuration: (config)> add auth user new-user group end admin (config)> 3. Use the show command again to verify that the admin group has been added to the user's configuration: TX54 User Guide...
  • Page 995 (config)> show auth method 0 local 1 tacacs+ 2 radius (config)> 2. To configure the device to use TACACS+ authentication first to authenticate a user, use the move index_number_1 index_number_2 command: (config)> move auth method 1 0 (config)> TX54 User Guide...

  • Page 996: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the TX54 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 997 1. Change to the auth node: (config)> auth (config auth)> 2. Enter the revert command with the path set to method: (config auth)> revert method (config auth)> 3. Save the configuration and apply the change: (config auth)> save Configuration saved. > TX54 User Guide...

  • Page 998: Enter Strings In Configuration Commands

    (config)> system description "Digi TX54" Example: Create a new user by using the command line In this example, you will use the TX54 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 999 (config auth user user1)> 6. Add the user to the admin group: (config auth user user1)> add group end admin (config auth user user1)> 7. Save the configuration and apply the change: (config auth user user1)> save Configuration saved. > TX54 User Guide...

  • Page 1000: Example: Configure Multiple Wans And Lans By Using The Command Line

    Example: Configure multiple WANs and LANs by using the command line The default configuration of the TX54 consists of one WAN (WAN1), one or two Wireless WANs (WWAN for single-cellular models, WWAN1 and WWAN2 for dual-cellular models), and one LAN (LAN1). The...

Table of Contents