Digi 6310-DX User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Extender
  5. 6310-DX
  6. User manual

Digi 6310-DX User Manual

Lte cellular extender
Hide thumbs Also See for 6310-DX:
1
2
3
4
5
6
7
8
Table Of Contents
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
Table of Contents

Advertisement

Quick Links

Download this manual
6310-DX
User Guide
User Guide
Firmware version 22.2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 6310-DX and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi 6310-DX

Summary of Contents for Digi 6310-DX

  • Page 1 6310-DX User Guide User Guide Firmware version 22.2...

  • Page 2: Revision History-90002313

    Revision history—90002313 Revision Date Description Release of Digi 6310-DX firmware version 21.2: March 2021 Location services added, including: The ability to define a static latitude and longitude as a location for the device. GNSS support through the cellular modem (requires the CM07 CORE modem).
  • Page 3 Added support for over-the-air (OTA) modem firmware update to check, list, and update to new modem firmware from the Digi firmware server. Added the ability to scan for cellular carriers on the Modem status page and the ability select a particular PLMN/network to use.
  • Page 4 September 2021 Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity. VPN enhancements: Added support for L2TPv3 tunneling. New option to enable, disable, or force IPsec IKE fragmentation.
  • Page 5 Added ability to control if DHCP addresses are assigned sequentially or randomly (disabled by default). Added 802.1x port-based network access control, configurable per network interface. Release of Digi 6310-DX firmware version 21.11: December 2021 Configuration option to allow for automatic update of new firmware (disabled by default).
  • Page 6 Support for sending analog and digial I/O health metrics to Digi Remote Manager. Added show containers Admin CLI command. Release of Digi 6310-DX firmware version 22.2: March 2022 VPN enhancements: Renamed VPN > IPsec > Tunnels > Policies > Local network setting to Local traffic selector and added Remote traffic selector.
  • Page 7 New cat Admin CLI command for displaying file contents. Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 8 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (6310-DX User Guide, 90002313 H) in the subject line of your email. 6310-DX User Guide...

  • Page 9: Table Of Contents

    Contents Revision history—90002313 What's new in Digi 6310-DX version 22.2 Digi 6310-DX Quick start Step 1: What's in the box Step 2: Connect Step 3: Power up Step 4: Configure Digi 6310-DX hardware reference Hardware features Device status LEDs Signal quality indicators...
  • Page 10 Configure the device to use aView for central management Using the web interface Log out of the web interface Use the local REST API to configure the 6310-DX device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and list arrays...
  • Page 11 Show OpenVPN server status and statistics Show OpenVPN client status and statistics Generic Routing Encapsulation (GRE) Configuring a GRE tunnel Show GRE tunnels Example: GRE tunnel over an IPSec tunnel L2TP Configure a PPP-over-L2TP tunnel Configure SureLink active recovery for PPP-over-L2TP 6310-DX User Guide...
  • Page 12 Example performance test using iPerf3 Configure the ping responder service Example performance test using iPerf3 Applications Configure scripts to run automatically Task one: Upload the application Task two: Configure the application to run automatically Configure scripts to run manually 6310-DX User Guide...
  • Page 13 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window Use Python to send and receive SMS messages Use the Paho MQTT python library...
  • Page 14 Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the 6310-DX device to use custom factory default settings Locate the device by using the Find Me feature Configuration files Save configuration changes...
  • Page 15 Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 16 Save changes and exit configuration mode Exit configuration mode without saving changes Configuration actions Display command line help in configuration mode Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands 6310-DX User Guide...
  • Page 17 6310-DX User Guide...
  • Page 18 Antenna notes and solutions Antenna terminology Physical specifications Antennas tested by Digi Extra-small IoT paddle antennas Large external MIMO antenna (outdoor rated) Flat MIMO antenna #1 Flat MIMO antenna #2 6310-DX User Guide...
  • Page 19 Paddle extender 6310-DX User Guide...

  • Page 20: What's New In Digi 6310-Dx Version 22.2

    Added VPN > IPsec > Advanced > Debug level to specify the logging verbosity of IPsec messages in the device system logs. Enhancements to communications with Digi Remote Manager: Enhanced security for communications with Digi Remote Manager by using client-side certificates. The default URL for the device's Remote Manager connection is now edp12.devicecloud.com.

  • Page 21: Digi 6310-Dx Quick Start

    Digi 6310-DX Quick start Thank you for purchasing the Digi 6310-DX. Step 1: What's in the box Item Description 6310-DX unit Digi 1002-CM CORE modem CM unit anchor screws 1 Phillips head 1 hex head 1002-CM CORE modem cover plate: CORE modem cover plate 1003-CM CORE modem cover plate:...
  • Page 22 Digi 6310-DX Quick start Step 1: What's in the box Item Description Cellular antennas (2) Power supply Ethernet cables: 1 x 18 inch 1 x 156 inch Mounting bracket Screws (2) Drywall anchors (2) Optional remote mounting kit: Temporary battery pack...

  • Page 23: Step 2: Connect

    1. Insert your activated SIMs provided by your cellular carrier into the Digi 1002-CM CORE modem. 2. Insert the CORE modem into the 6310-DX by aligning the white clip. Press the modem in and then push the white clip in until it locks firmly in place.

  • Page 24: Step 3: Power Up

    Connect DC power. b. Verify that the signal strength indicator on the front of the 6310-DX shows 2 or more bars, and that the LTE LED on the front of the 6310-DX shows either green or blue (solid or flashing) for proper operation.
  • Page 25 Port 1 is configured as a LAN port and will issue a single passthrough IP Address using DHCP based on the IP received from the cellular connection. Note By default, the 6310-DX device is in cellular passthrough mode. This prevents clients that attach to the device's LAN port from using the device's WAN internet connection. See Enable...

  • Page 26: Digi 6310-Dx Hardware Reference

    Digi 6310-DX hardware reference Hardware features 1. LAN/PoE Port 2. WAN Port 3. SIM Button The SIM button is used to manually toggle between the two SIM slots included in the CM module. 4. ERASE Button The ERASE button is used to perform a device reset, and it has three modes: a.

  • Page 27: Device Status Leds

    Once power has been established, your device will initialize and attempt to connect to the network. Device initialization may take 30-60 seconds. By default your 6310-DX will attempt to use DHCP to establish an Internet connection either through its cellular modem or the ethernet port .

  • Page 28: Signal Quality Indicators

    For 3G networks (including HSPA+) and 2G networks, the signal strength bars are determined by the RSSI value. 4G LTE algorithms For 4G LTE, the 6310-DX device determines the RSRP, SNR, and RSSI values separately and uses the following algorithms to display the signal quality: 6310-DX User Guide...

  • Page 29: Lte Status Indicators

    Once the snr_bars and rsrp_bars values are determined, the device uses the lesser of the two as the reported signal a bars. 3G algorithm For 3G, the 6310-DX determines RSSI signal strength: RSSI > -80, bars=5 -90 < RSSI <= -80, bars=4 -100 <...

  • Page 30: Qr Code Definition

    Digi 6310-DX hardware reference QR code definition Flashing green Solid green Connected to 2G or 3G and is in the Connected to 2G or 3G and also has process of connecting to any device a device linked to its 1/PoE port.

  • Page 31: Hardware Setup

    Hardware setup This chapter contains the following topics: Site survey Physical installation Install SIM cards in the Plug-in LTE modem Mount the 6310-DX device Network integration Enable router mode 6310-DX User Guide...

  • Page 32: Site Survey

    Verify your SIM has been activated with your cellular operator. If you do not get a cellular signal when the 6310-DX is located indoors, then take the device outdoors to verify that your cellular network operator has coverage in your location.

  • Page 33: Install Sim Cards In The Plug-In Lte Modem

    2. Insert the SIM cards into the CORE modem. Note If the 6310-DX device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 34: Tips For Improving Cellular Signal Strength

    2. Attach the 6310-DX device to the mounting bracket by aligning the tabs on bracket with the tab slots on the device.

  • Page 35: Network Integration

    Enable router mode By default, the 6310-DX device is configured to operate in passthrough mode, which means that the device passes the IP address assigned to it via DHCP on its WAN interface, to a client connected to its LAN interface.
  • Page 36 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 37 Hardware setup Enable router mode 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 38: Configuration And Management

    Access Digi Remote Manager Configure the device to use aView for central management Using the web interface Use the local REST API to configure the 6310-DX device Using the command line Access the command line interface Log in to the command line interface...

  • Page 39: Review 6310-Dx Default Settings

    Configure the device to use aView for central management. You can review the default settings for your 6310-DX device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. See Using the web interface details.

  • Page 40: Change The Default Password For The Admin User

    Note If your device was manufactured prior to the release of firmware version 19.11.x, the default user name may be root. To change the default password for the admin user:    WebUI 6310-DX User Guide...
  • Page 41 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 42: Enable Router Mode

    Type quit to disconnect from the device. Enable router mode By default, the 6310-DX device is configured to operate in passthrough mode, which means that the device passes the IP address assigned to it via DHCP on its WAN interface, to a client connected to its LAN interface.
  • Page 43 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 44: Configuration Methods

    With the Remote Manager, you can configure your 6310-DX device and use the configuration as a basis for a profile which can be applied to other similar devices. See...

  • Page 45: Using Digi Remote Manager

    By default, your 6310-DX device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your 6310-DX device, see Central management.
  • Page 46 If the syslog server is not enabled and set to syslog.accns.com, the device will be able to connect to aView and receive configuration updates, but unless the aView configuration updates set the syslog server, the device will not be able to send any metrics or logs to aView. 6310-DX User Guide...
  • Page 47 (Optional) Select the event types to be sent to aView. 8. (Optional) Enable Remote control. Remote control allows remote commands to be sent from aView to the 6310-DX device. It is optional, but is required if you want to send remote commands from aView.
  • Page 48 Verify that the remote log server is set to syslog.accns.com: (config)> show system log remote 0 server syslog.accns.com (config)> c. (Optional) Select the event types to be sent to aView. There are three event types that can be used configured for the remote syslog server: 6310-DX User Guide...

  • Page 49: Using The Web Interface

    (config)> 8. (Optional) Enable remote control. Remote control allows remote commands to be sent from aView to the 6310-DX device. It is optional, but is required if you want to send remote commands from aView. (config)> service remote_control enable true (config)>...
  • Page 50 If the device has been upgraded from 19.8.x or older to 19.11.x or newer and has been factory reset after the upgrade. Devices that connect to Digi aView for cloud management may have a different password for the default user, based on the aView configuration profile used by the device.

  • Page 51: Log Out Of The Web Interface

    On the main menu, click your user name. Click Log out. Use the local REST API to configure the 6310-DX device Your 6310-DX device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
  • Page 52 Configuration and management Use the local REST API to configure the 6310-DX device 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 53: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Configuration and management Use the local REST API to configure the 6310-DX device $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh - X GET Enter host password for user 'admin': ok": true, "result": { "type": "object", "path": "service.ssh" "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge"...

  • Page 54: Use The Delete Method To Remove Items From A List Array

    Configuration and management Use the local REST API to configure the 6310-DX device path is the path to the configuration parameter, in dot notation (for example, ssh.service.enable). new_value is the new value for the parameter. For example, to disable the ssh service using curl: $ curl -k -u admin "https://192.168.210.1/cgi-...
  • Page 55 Configuration and management Use the local REST API to configure the 6310-DX device "result": { "type": "array", "path": "service.ssh.acl.zone" "collapsed": { "0": "internal" "1": "edge" "2": "ipsec" "3": "setup" "4": "external" 2. Use the DELETE method to remove the external zone (list item 4).

  • Page 56: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the 6310-DX device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 57: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the 6310-DX command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...

  • Page 58: Interfaces

    Interfaces 6310-DX devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs)

  • Page 59: Wide Area Networks (Wans)

    Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The 6310-DX device is preconfigured with one Wide Area Network (WAN), named WAN, and one Wireless Wide Area Network (WWAN), named Modem. Default Interface type Preconfigured interfaces Devices configuration Wide Area...

  • Page 60: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    Wireless Wide Area Network (WWAN), named Modem. You can also create additional WANs and WWANs. When a WAN is initialized, the 6310-DX device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
  • Page 61 For Metric, type 1. c. Click IPv6. d. For Metric, type 1. 4. Set the metrics for WAN: a. Click Network > Interfaces > WAN > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. 6310-DX User Guide...
  • Page 62 Wide Area Networks (WANs) 5. Click Apply to save the configuration and apply the change. The 6310-DX device is now configured to use the cellular modem WWAN, Modem, as its highest priority WAN, and its Ethernet WAN, WAN, as its secondary WAN.

  • Page 63: Wan/Wwan Failover

    WAN, and its Ethernet WAN, WAN, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the 6310-DX device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...

  • Page 64: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the 6310-DX device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 65 SureLink will: The device will: 1. First SureLink failure: Nothing will happen. 2. Second SureLink failure: The interface will restart. 3. Third SureLink failure: The modem will reset. 4. Fourth SureLink failure: The interface will restart again. 6310-DX User Guide...
  • Page 66   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 67 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the 6310-DX device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 68 Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. 6310-DX User Guide...
  • Page 69 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 70 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the 6310-DX device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 71 Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> 6310-DX User Guide...
  • Page 72 (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)> The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: 6310-DX User Guide...
  • Page 73 For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. (Optional) Repeat to add additional test targets. 11. Optional active recovery configuration parameters: 6310-DX User Guide...
  • Page 74 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 12. (Optional) Repeat this procedure for IPv6. 13. Save the configuration and apply the change: 6310-DX User Guide...

  • Page 75: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the 6310-DX device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 76   WebUI SureLink can be configured for both IPv4 and IPv6. 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 77 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the 6310-DX device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 78 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 79 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the 6310-DX device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 80 The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this test is considered to have failed. 6310-DX User Guide...
  • Page 81 (config network interface my_wan ipv4 surelink target 0)> If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config network interface my_wan ipv4 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip 6310-DX User Guide...
  • Page 82 For example, to set interval to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> interval 600s (config network interface my_wan ipv4 surelink)> 6310-DX User Guide...

  • Page 83: Disable Surelink

    If your device uses a private APN with no Internet access, or your device has a restricted wired WAN connection that doesn't allow DNS resolution, follow this procedure to disable the default SureLink connectivity tests. You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    WebUI 6310-DX User Guide...
  • Page 84 Interfaces Wide Area Networks (WANs) 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 85 Interfaces Wide Area Networks (WANs) 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 86 7. Click to expand the second test target. This test target has its Test type set to Test DNS servers configured for this interface. 8. Click the menu icon (...) next to the target and select Delete. 9. Click Apply to save the configuration and apply the change. 6310-DX User Guide...

  • Page 87: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    Wide Area Networks (WANs)    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 88 256 bytes to the IP host 43.66.93.111 every 10 seconds. If there are three consecutive failed responses, the 6310-DX device brings the WAN interface down and starts using the Modem interface. It continues to regularly test the connection to WAN, and when tests on WAN succeed, the device falls back to ETH1.
  • Page 89 For Ping host, type 43.66.93.111. h. For Ping payload size, type 256. 4. Repeat the above step for Modem to enable SureLink on that interface. 5. Click Apply to save the configuration and apply the change.    Command line 6310-DX User Guide...
  • Page 90 Interfaces Wide Area Networks (WANs) 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 91: Using Ethernet Devices In A Wan

    Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the 6310-DX device cannot connect to the network using SIM1, it automatically fails over to SIM2. 6310-DX devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 92 Wide Area Networks (WANs)    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Modems > Modem.
  • Page 93 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 94 In the event of a failover to a non-preferred SIM, or if manual SIM switching is used to switch to a non-preferred SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. The default is none. 6310-DX User Guide...
  • Page 95 10. Set whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas: (config)> network modem modem antenna value (config)> where value is one of the following: main both 11. Save the configuration and apply the change: 6310-DX User Guide...
  • Page 96 Type quit to disconnect from the device. Configure cellular modem APNs The 6310-DX device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 97 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 98 (config)> network interface modem modem apn 0 username name (config)> network interface modem modem apn 0 password pwd (config)> The default is none. 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: 6310-DX User Guide...
  • Page 99 Dual-APN connections with the Telit LE910-NAv2 module when using a Verizon SIM are not supported. Using an AT&T SIM with the Telit LE910-NAv2 module is supported. The Telit LE910-NAv2 module is used in the 1002-CM04 CORE modem.    WebUI 6310-DX User Guide...
  • Page 100 For Interface type, select Modem. d. For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the 6310-DX will attempt to determine the APN. 6310-DX User Guide...
  • Page 101 For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: 6310-DX User Guide...
  • Page 102 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. 6310-DX User Guide...
  • Page 103 Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the 6310-DX will attempt to determine the APN. 6310-DX User Guide...
  • Page 104 Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through public apn" (config network route policy 0)> c. Set the interface: (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> 6310-DX User Guide...
  • Page 105 (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> j. Configure the source address: i. Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> 6310-DX User Guide...
  • Page 106 Type quit to disconnect from the device. Configure manual carrier selection By default, your 6310-DX automatically selects the most appropriate cellular carrier based on the SIM that is in use and the status of available carriers in your area. Alternately, you can configure the devices to manually select the carrier, based on the Network PLMN ID.
  • Page 107 You can use themodem scan command at the Admin CLI to scan for available carriers and determine their PLMN ID. See Scan for available cellular carriers for details. 6. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 108 Wide Area Networks (WANs)    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 109    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. croll to the Connection Status section and click SCAN.
  • Page 110    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type: >...
  • Page 111 : passing IPv6 address : 11f6:4680:0d67:59d2:552b:3429:81a8:f1ea IPv6 gateway : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 6310-DX User Guide...
  • Page 112   Command line To unlock a SIM card: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 113 To run AT commands from the 6310-DX command line:    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 114 IMEI: 359072060451693 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 115: Configure A Wide Area Network (Wan)

    When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the 6310-DX device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
  • Page 116 Interfaces Wide Area Networks (WANs) 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 117 Interfaces Wide Area Networks (WANs) The 6310-DX can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the 6310-DX device. c. Type the Server IP address of the authentication server.
  • Page 118 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the 6310-DX device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 119 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 120 (config network interface my_wan)> ipv4 mgmt num (config network interface my_wan)> iv. Set the MTU: (config network interface my_wan)> ipv4 mtu num (config network interface my_wan)> v. Configure how to use DNS: (config network interface my_wan)> ipv4 use_dns value (config network interface my_wan)> 6310-DX User Guide...
  • Page 121 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the 6310-DX device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 122 8. (Optional) To configure 802.1x port based network access control: Note The 6310-DX can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the 6310-DX device: (config network interface my_wan)> 802_1x authentication enable true (config network interface my_wan)>...
  • Page 123 Wide Area Networks (WANs) where value is an integer between 0 and 86400. The default is 3600. f. (Optional) Configure 802.1x authentication auditing: i. Enable authentication auditing on the 6310-DX device: (config network interface my_wan)> 802_1x accounting enable true (config network interface my_wan)>...

  • Page 124: Configure A Wireless Wide Area Network (Wwan)

    The IPv6 Maximum Transmission Unit (MTU) of the WAN. When to use DNS: always, never, or only when this interface is the primary default route. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information. 6310-DX User Guide...
  • Page 125 Wide Area Networks (WANs)    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 126 For Connection attempts before SIM failover, type the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM. b. For SIM failover alternative, configure how SIM failover will function if automatic SIM switching is unavailable: 6310-DX User Guide...
  • Page 127 Reboot device: The device will reboot if automatic SIM switching is unavailable. 16. For APN list and APN list only, the 6310-DX device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 128 SureLink.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 129 Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T (config network interface my_wwan)> b. Set the carrier: (config network interface my_wwan)> modem carrier value (config network interface my_wwan)> 6310-DX User Guide...
  • Page 130 9. Roaming is enabled by default. To disable: (config network interface my_wwan)> modem roaming false (config network interface my_wwan)> 10. Set the carrier selection mode: (config network interface my_wwan)> modem operator_mode value (config network interface my_wwan)> where value is one of: 6310-DX User Guide...
  • Page 131 Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: (config network interface my_wwan)> modem sim_failover_retries num (config network interface my_wwan)> The default setting is 5. 6310-DX User Guide...
  • Page 132 The device will reboot if automatic SIM switching is unavailable. 12. The 6310-DX device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 133 (config network interface my_wwan)> d. Set the management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. (config network interface my_wwan)> ipv4 mgmt num (config network interface my_wwan)> 6310-DX User Guide...

  • Page 134: Show Wan And Wwan Status And Statistics

    3. Under Networking, click Interfaces.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 135 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) : 10.10.10.2, 10.10.10.3 IPv6 Status : up IPv6 Type : dhcpv6 IPv6 Address(es) : fe00:2404::240:f4ff:fe80:120/64 IPv6 Gateway : ff80::234:f3ff:ff0e:4320 IPv6 MTU : 1500 IPv6 Metric IPv6 Weight : 10 6310-DX User Guide...

  • Page 136: Delete A Wan Or Wwan

    WAN, WAN, or the preconfigured WWAN, Modem.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 137: Default Outbound Wan/Wwan Ports

    Interfaces Wide Area Networks (WANs) 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 138: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The 6310-DX device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area Ethernet: Passthrough mode Network Firewall zone: 1/PoE (LAN) Internal LAN priority:...

  • Page 139: About Local Area Networks (Lans)

    When to use DNS: always, never, or only when this interface is the primary default route. IPv4 DHCP server configuration. See DHCP servers for more information. IPv6 configuration: The metric for IPv6 routes associated with the LAN. The relative weight for IPv6 routes associated with the LAN. 6310-DX User Guide...
  • Page 140 To create a new LAN or edit an existing LAN:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 141 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The 6310-DX can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 142 If allowlist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Click to expand MAC address allowlist. b. For Add MAC address, click . c. Type the MAC address. 14. Click Apply to save the configuration and apply the change.    Command line 6310-DX User Guide...
  • Page 143 Interfaces Local Area Networks (LANs) 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 144 (config network interface my_lan)> ipv4 dhcp_server enable true DHCP servers for information about configuring the DHCP server. 7. (Optional) Configure IPv6 settings: a. Enable IPv6 support: (config network interface my_lan)> ipv6 enable true (config network interface my_lan)> 6310-DX User Guide...
  • Page 145 Modify any of the remaining default settings as appropriate. For example, to change the minimum length of the prefix: (config network interface my_lan)> ipv6 prefix_length 60 (config network interface my_lan)> If the minimum length is not available, then a longer prefix will be used. 6310-DX User Guide...
  • Page 146 8. (Optional) To configure 802.1x port based network access control: Note The 6310-DX can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the 6310-DX device: (config network interface my_lan)> 802_1x authentication enable true (config network interface my_lan)>...

  • Page 147: Show Lan Status And Statistics

    Type quit to disconnect from the device. Show LAN status and statistics    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Networking, click Interfaces. 6310-DX User Guide...
  • Page 148 Local Area Networks (LANs)    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 149: Delete A Lan

    Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 150 Local Area Networks (LANs) 3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. 6310-DX User Guide...

  • Page 151: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your 6310-DX device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 152    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces.
  • Page 153 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 154 (config)> network interface my_lan ipv4 dhcp_server advanced gateway value (config)> where value is one of: none: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the 6310-DX device's gateway. 6310-DX User Guide...
  • Page 155 (config)> network interface my_lan ipv4 dhcp_server advanced primary_ wins value (config)> network interface my_lan ipv4 dhcp_server advanced secondary_wins value (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the 6310-DX device's server. 6310-DX User Guide...
  • Page 156 You can configure the DHCP server to assign static IP addresses to specific hosts. Required configuration items IP address that will be mapped to the device. MAC address of the device. Additional configuration items A label for this instance of the static lease. To map static IP addresses:    WebUI 6310-DX User Guide...
  • Page 157 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 158 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:    WebUI 6310-DX User Guide...
  • Page 159 3. Under Networking, click DHCP Leases.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 160 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 161 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your 6310-DX device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 162 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 163 0)> force true (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. 6310-DX User Guide...
  • Page 164 LAN. For the 6310-DX device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 165 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 166 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the 6310-DX device and to diagnose DHCP issues. ...

  • Page 167: Create A Virtual Lan (Vlan) Route

    3. Under Networking, click DHCP Leases.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 168 To create a VLAN:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Virtual LAN.
  • Page 169 Local Area Networks (LANs)    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 170: Default Services Listening On Lan Ports

    Interfaces Local Area Networks (LANs) Default services listening on LAN ports The following table lists the default services listening on the specified ports on the 6310-DX LAN interfaces: Description TCP/UDP Port numbers DNS server DHCP server 67 and 68 SSH server...

  • Page 171: Bridging

    Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. This section contains the following topics: Configure a bridge 6310-DX User Guide...

  • Page 172: Configure A Bridge

    To create a bridge:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Bridges.
  • Page 173 For Forwarding delay, enter the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data. The default is 2 seconds. 8. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 174 Bridging    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 175: Show Surelink Status And Statistics

    To show the Surelink status all interfaces, use the show surelink interface all command: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 176: Show Surelink Status For A Specific Interface

    1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 177: Show Surelink Status For A Specific Ipsec Tunnel

    1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 178: Show Surelink Status For A Specific Openvpn Client

    1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 179: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) 6310-DX User Guide...

  • Page 180: Ip Routing

    IP routing IP routing The 6310-DX device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 181: Configure A Static Route

    To configure a static route:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Static routes.
  • Page 182 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the 6310-DX device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 183 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the 6310-DX device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...

  • Page 184: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 185 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 186: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the 6310-DX device so that high- priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 187: Configure A Routing Policy

    To configure a routing policy:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 188 New route policies are enabled by default. To disable, click to toggle Enable to off. 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the 6310-DX device that will be used with this route policy.
  • Page 189 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 190 Routing IP routing 5. Set the interface on the 6310-DX device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 191 Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup 6310-DX User Guide...
  • Page 192 IPv4_address[/netmask], or any to match any IPv4 address. address6: Matches the source IPv6 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> src address6 value (config network route policy 0)> 6310-DX User Guide...
  • Page 193 Matches the destination IP address to the selected interface's network address. Set the interface: a. Use the ? to determine available interfaces: (config network route policy 0)> dst interface ? Interface: The network interface. Format: /network/interface/defaultip 6310-DX User Guide...
  • Page 194 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 195: Example: Dual Wan Policy-Based Routing

    Ethernet WAN interface.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Policy-based routing.
  • Page 196 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 197 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 198: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 199 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: a. Click Network > Routes > Policy-based routing. b. Click the  to add a new route policy. 6310-DX User Guide...
  • Page 200 For Label, type Reject LAN traffic to cellular WAN. d. For Action, select Drop. e. For Source zone, select Internal. f. For Destination zone, select CellularWAN. 7. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 201 IP routing    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 202 Set the source destination to zone: (config network route policy 0)> dst type zone (config network route policy 0)> ii. Set the zone to CellularWAN: (config network route policy 0)> dst zone CellularWAN (config network route policy 0)> 6310-DX User Guide...

  • Page 203: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your 6310-DX includes support for dynamic routing services and protocols. The following routing services are supported: Service or...

  • Page 204: Configure Routing Services

    The Border Gateway Protocol (BGP) service supports BGP-4 ( IS-IS The IPv4 and IPv6 Intermediate System to Intermediate System (IS-IS) service. Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. 6310-DX User Guide...
  • Page 205 IP routing    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Routes > Routing services.
  • Page 206 Routing IP routing 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: >...

  • Page 207: Show The Routing Table

    To display the routing table:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...

  • Page 208: Dynamic Dns

    WAN or public IP address changes. Your 6310-DX device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 209 The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. 6310-DX User Guide...
  • Page 210 Dynamic DNS    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Dynamic DNS.
  • Page 211 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 212 Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br dnsdynamic.org Default value: custom Current value: custom (config network ddns new_ddns_instance)> service 6310-DX User Guide...
  • Page 213 For example, to set force_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> force_interval 600s (config network ddns new_ddns_instance)> The default is 3d. 6310-DX User Guide...

  • Page 214: Virtual Router Redundancy Protocol (Vrrp)

    Multiple 6310-DX devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.

  • Page 215: Configure Vrrp

    VRRP priorty of devices based on the status of their network connectivity.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 216 For Virtual IP, type the IPv4 or IPv6 address for a virtual IP of this VRRP instance. d. (Optional) Repeat to add additional virtual IPs. 11. See Configure VRRP+ for information about configuring VRRP+. 12. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 217 Virtual Router Redundancy Protocol (VRRP)    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 218: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a 6310-DX device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 219 SureLink tests.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 220 SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: 6310-DX User Guide...
  • Page 221 SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. iii. For Interval, type a the amount of time to wait between connectivity tests. To guarantee seamless internet access for VRRP+ purposes, SureLink tests should occur 6310-DX User Guide...
  • Page 222 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 223 Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Set the DHCP server gateway type to custom: (config)> network interface lan ipv4 dhcp_server advanced gateway custom (config)> 6310-DX User Guide...
  • Page 224 For example, to set interval to ten minutes, enter 5s: (config)> network interface lan ipv4 surelink interval 5s (config)> iv. Create a SureLink test target: (config)> add network interface lan ipv4 surelink target end (config network interface lan ipv4 surelink target 0)> 6310-DX User Guide...
  • Page 225 (config network interface lan ipv4 surelink target 0)> interface_down_time value (config network interface lan ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. 6310-DX User Guide...

  • Page 226: Example: Vrrp/Vrrp+ Configuration

    10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two 6310-DX devices: 6310-DX User Guide...

  • Page 227: Configure Device One (Master Device)

       WebUI Task 1: Configure VRRP on device one 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP.
  • Page 228 Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. 4. Click  to add an interface for monitoring. 5. Select Interface: Modem. 6. For Priority modifier, type 30. 6310-DX User Guide...
  • Page 229   Command line Task 1: Configure VRRP on device one 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 230 Task 3: Configure the IP address for the VRRP interface, LAN, on device one 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> 2. Set the IP address for LAN: (config)> network interface lan ipv4 address 192.168.3.1/24 (config)> 6310-DX User Guide...

  • Page 231: Configure Device Two (Backup Device)

       WebUI Task 1: Configure VRRP on device two 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 232 9. Click to expand Virtual IP addresses. 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device two 1. Click to expand VRRP+. 2. Click Enable. 6310-DX User Guide...
  • Page 233 1. Click Network > Interfaces > LAN > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. 6. For Ping host, type my.devicecloud.com. 6310-DX User Guide...
  • Page 234   Command line Task 1: Configure VRRP on device two 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 235 (config)> network interface lan ipv4 address 192.168.3.2 (config)> 3. Set the default gateway to the IP address of the VRRP interface on the master device, configured above in Task 3, step 2 (192.168.3.1). (config)> network interface lan ipv4 gateway 192.168.3.1 (config)> 6310-DX User Guide...
  • Page 236 (config)> 3. Set the DHCP server gateway type to custom: (config)> network interface lan ipv4 dhcp_server advanced gateway custom (config)> 4. Set the custom gateway to 192.168.3.3: (config)> network interface lan ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> 6310-DX User Guide...

  • Page 237: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a 6310-DX device. VRRP status is available from the Web UI only. ...
  • Page 238 Virtual Router Redundancy Protocol (VRRP)    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 239: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) L2TP L2TPv3 Ethernet NEMO 6310-DX User Guide...

  • Page 240: Ipsec

    Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The 6310-DX supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.

  • Page 241: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the 6310-DX device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 242 Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. 6310-DX User Guide...
  • Page 243    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 244 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. 11. For Mode, select Tunnel mode. Transport mode is not currently supported. 6310-DX User Guide...
  • Page 245 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the 6310-DX device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 246 For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. 6310-DX User Guide...
  • Page 247 RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. FQDN: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. 6310-DX User Guide...
  • Page 248 For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. 6310-DX User Guide...
  • Page 249 If supported by the peer: Send oversized IKE messages in fragments, if the peer supports receiving them. Always: Always send IKEv1 messages in fragments. For IKEv2, this option is equivalent to If supported by the peer. Never: Do not send oversized IKE messages in fragments. 6310-DX User Guide...
  • Page 250 22. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically restarted when failure occurs. 6310-DX User Guide...
  • Page 251 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 25. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 26. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 252 IPsec    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 253 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: 6310-DX User Guide...
  • Page 254 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: 6310-DX User Guide...
  • Page 255 (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> 6310-DX User Guide...
  • Page 256 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. 6310-DX User Guide...
  • Page 257 Repeat for additional hostnames. b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: 6310-DX User Guide...
  • Page 258 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. 6310-DX User Guide...
  • Page 259 Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes. To disable: 6310-DX User Guide...
  • Page 260 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> 6310-DX User Guide...
  • Page 261 (config vpn ipsec tunnel ipsec_example ike phase1_proposal)> add end (config vpn ipsec tunnel ipsec_example ike phase1_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal. iii. Repeat to add more phase 1 proposals. 6310-DX User Guide...
  • Page 262 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ii. Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> The default is modp2048. vi. (Optional) Add additional phase 2 proposals: 6310-DX User Guide...
  • Page 263 (config vpn ipsec tunnel ipsec_example nat 0)> b. Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. 6310-DX User Guide...
  • Page 264 Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local address ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example policy 0)> local address wan (config vpn ipsec tunnel ipsec_example policy 0)> 6310-DX User Guide...
  • Page 265 Set the protocol matching criteria for the local traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> local protocol value (config vpn ipsec tunnel ipsec_example policy 0)> 6310-DX User Guide...
  • Page 266 (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol_other int (config vpn ipsec tunnel ipsec_example policy 0)> Allowed values are an integer between 1 and 255. 19. (Optional) You can also configure various IPsec related time out, keep alive, and related values: 6310-DX User Guide...
  • Page 267 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 268: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the 6310-DX device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 269 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line 6310-DX User Guide...
  • Page 270 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation 6310-DX User Guide...

  • Page 271: Configure Surelink Active Recovery For Ipsec

    (config vpn ipsec tunnel backup_ipsec_tunnel)> Configure SureLink active recovery for IPsec You can configure the 6310-DX device to regularly probe IPsec tunnels to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 272 Virtual Private Networks (VPN) IPsec 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec.
  • Page 273 DNS test: Tests connectivity by sending a DNS query to the specified DNS server. HTTP test: Tests connectivity by sending an HTTP or HTTPS GET request to the URL specified in Web servers. The URL should take the format of http [s]://hostname/[path]. 6310-DX User Guide...
  • Page 274 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 275 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> surelink timeout 600s (config vpn ipsec tunnel ipsec_example)> 6310-DX User Guide...
  • Page 276 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: 6310-DX User Guide...
  • Page 277 If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan 6310-DX User Guide...

  • Page 278: Show Ipsec Status And Statistics

    Type quit to disconnect from the device. Show IPsec status and statistics    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 6310-DX User Guide...

  • Page 279: Debug An Ipsec Configuration

       Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 280 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 281: Configure A Simple Certificate Enrollment Protocol Client

    Simple Certificate Enrollment Protocol (SCEP) is a mechanism that allows for large-scale X.509 certificate deployment. You can configure 6310-DX device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA).
  • Page 282 Virtual Private Networks (VPN) IPsec 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > SCEP Client.
  • Page 283 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 284 Set the Domain Component: (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: 6310-DX User Guide...
  • Page 285 10. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the 6310-DX device to determine when to start attempting to auto-renew an existing certificate. The default is 7.

  • Page 286: Example: Scep Client Configuration With Fortinet Scep Server

    Virtual Private Networks (VPN) IPsec Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the 6310-DX device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 287 The Renewable Time setting on the 6310-DX device must match the setting of this parameter. g. The remaining fields can be left at their defaults or changed as appropriate.
  • Page 288 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 289 IPsec    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 290: Disable Hardware Cryptographic Acceleration

    (config network scep_client Fortinet_SCEP_client)> 9. (Optional) Set the filename of the Certificate Revocation List (CRL) from the CA. The CRL is stored on the 6310-DX device in the /etc/config/scep_client/client_name directory. (config network scep_client Fortinet_SCEP_client)> crl_name name (config network scep_client Fortinet_SCEP_client)>...
  • Page 291    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 292 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. The device must be rebooted for the change to take effect. See Reboot your 6310-DX device. 6310-DX User Guide...

  • Page 293: Openvpn

    OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The 6310-DX device supports two mechanisms for configuring an OpenVPN server in TAP mode: 6310-DX User Guide...

  • Page 294: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The 6310-DX device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 295 Additional OpenVPN parameters.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Servers.
  • Page 296 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. 6310-DX User Guide...
  • Page 297 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces. b. For Add Interface, click .
  • Page 298 OpenVPN    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 299 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. 6310-DX User Guide...
  • Page 300 Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> 6310-DX User Guide...
  • Page 301 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 302 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to list additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. 6310-DX User Guide...

  • Page 303: Configure An Openvpn Authentication Group And User

       WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 304 For Add Group, type a name for the group (for example, OpenVPN_Group) and click . The new authentication group configuration is displayed. c. Click OpenVPN access to enable OpenVPN access rights for users of this group. d. Click to expand the OpenVPN node. e. Click  to add a tunnel. 6310-DX User Guide...
  • Page 305 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 306 Virtual Private Networks (VPN) OpenVPN 6310-DX User Guide...
  • Page 307 OpenVPN    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 308: Configure An Openvpn Client By Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 309 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 310 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 311: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients.
  • Page 312 13. Paste the contents of the CA certificate (usually in a ca.crt file), the Public key (for example, client.crt), and the Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. 6310-DX User Guide...
  • Page 313 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 314 (config vpn openvpn client name)> cacert value (config vpn openvpn client name)> 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name)> public_cert value (config vpn openvpn client name)> 6310-DX User Guide...

  • Page 315: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the 6310-DX device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 316 To configure the 6310-DX device to regularly probe the OpenVPN connection:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 317 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . 6310-DX User Guide...
  • Page 318 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. 14. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 319 OpenVPN    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 320 Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. Specify the hostname or IP address: (config vpn openvpn client openvpn_client1 surelink target 0)> ping_host host (config vpn openvpn client openvpn_client1 surelink target 0)> 6310-DX User Guide...
  • Page 321 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1 surelink target 0)> interface_down_time 600s (config vpn openvpn client openvpn_client1 surelink target 0)> The default is 60 seconds. 6310-DX User Guide...
  • Page 322 Use the ? to determine available interfaces: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan /network/interface/loopback /network/interface/modem /network/interface/wan Current value: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface 6310-DX User Guide...

  • Page 323: Show Openvpn Server Status And Statistics

    You can view status and statistics for OpenVPN servers from either the web interface or the command line:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears. 6310-DX User Guide...

  • Page 324: Show Openvpn Client Status And Statistics

    OpenVPN server's status pane.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 325 OpenVPN client's status pane.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 326: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 327 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 328 Task Two: Configure the GRE tunnel    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 329 10. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 330 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 331: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 332: Example: Gre Tunnel Over An Ipsec Tunnel

    Generic Routing Encapsulation (GRE) Example: GRE tunnel over an IPSec tunnel The 6310-DX device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 333 3. Create a GRE tunnel named gre_tunnel2: a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2. b. Remote endpoint set to the IP address of the GRE tunnel on 6310-DX-1, 172.30.0.1. 4. Create an interface named gre_interface2 and add it to the GRE tunnel: a.
  • Page 334 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 335 4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the 6310-DX-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 336 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 337 Task three: Create a GRE tunnel    WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). 6310-DX User Guide...
  • Page 338 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on 6310-DX-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 339 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 340 Task one: Create an IPsec tunnel    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 341 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the 6310-DX-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 342 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the 6310-DX-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 343 Task two: Create an IPsec endpoint interface    WebUI 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6310-DX User Guide...
  • Page 344 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > 6310-DX User Guide...
  • Page 345 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on 6310-DX-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 6310-DX User Guide...
  • Page 346 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel2). 5. Click to expand IPv4. 6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. 6310-DX User Guide...

  • Page 347: L2Tp

    Your 6310-DX device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your 6310-DX device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
  • Page 348 Optional configuration data in the format of a pppd options file.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 349 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces. b. For Add Interface, click .
  • Page 350 None: No authentication is required. Automatic: The device will attempt to connect using CHAP first, and then PAP. CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. 6310-DX User Guide...
  • Page 351 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 352 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add vpn l2tp acl interface end value (config)>...
  • Page 353 (Optional) Set the UDP port to use to connect to the L2TP network server: (config vpn l2tp lac lac_tunnel)> port int (config vpn l2tp lac lac_tunnel)> where int is an integer between 1 and 65535. The default is 1701. 6310-DX User Guide...
  • Page 354 Set the zone: (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> h. (Optional): Custom PPP configuration: i. Enable custom PPP configuration: (config vpn l2tp lac lac_tunnel)> custom enable true (config vpn l2tp lac lac_tunnel)> 6310-DX User Guide...
  • Page 355 (config vpn l2tp lns lns_server)> local_address IP_address (config vpn l2tp lns lns_server)> d. Set the IP address to assign to the remote peer: (config vpn l2tp lns lns_server)> remote_address IP_address (config vpn l2tp lns lns_server)> e. (Optional) Set the authentication method: 6310-DX User Guide...
  • Page 356 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn l2tp lns lns_server)> 6310-DX User Guide...

  • Page 357: Configure Surelink Active Recovery For Ppp-Over-L2Tp

    Type quit to disconnect from the device. Configure SureLink active recovery for PPP-over-L2TP You can configure the 6310-DX device to regularly probe PPP-over-L2TP access concatenators to determine if the connection has failed and take remedial action. Required configuration items A valid PPP-over-L2TP configuration.
  • Page 358 To configure the 6310-DX device to regularly probe the PPP-over-L2TP connection:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 359 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . 6310-DX User Guide...
  • Page 360 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. 14. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 361 L2TP    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 362 IP address. Specify the hostname or IP address: (config vpn l2tp lac lac_tunnel surelink target 0)> ping_host host (config vpn l2tp lac lac_tunnel surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: 6310-DX User Guide...
  • Page 363 (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: (config vpn l2tp lac lac_tunnel surelink target 0)> interface_timeout value (config vpn l2tp lac lac_tunnel surelink target 0)> 6310-DX User Guide...
  • Page 364 IP version. (config vpn l2tp lac lac_tunnel surelink target 0)> other_ ip_version value (config vpn l2tp lac lac_tunnel surelink target 0)> where value is one of: any, both, ipv4, or ipv6. 6310-DX User Guide...

  • Page 365: L2Tp With Ipsec

    This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic (typically UDP port 1701). While multiple L2TP clients are supported on the 6310-DX by configuring a separate LNS for each client, multiple clients behind a Network Address Translation (NAT) device are not supported, because they will all appear to have the same IP address.
  • Page 366 L2TP Show the status of L2TP access connectors from the Admin CLI 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 367: L2Tpv3 Ethernet

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Ethernet Your 6310-DX device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your 6310-DX device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
  • Page 368 Virtual Private Networks (VPN) L2TPv3 Ethernet 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > L2TPv3 ethernet.
  • Page 369 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 370 Set the destination UDP port to be used for the tunnel. (config vpn l2tpeth L2TPv3_example)> udp_destination_port port (config vpn l2tpeth L2TPv3_example)> c. (Optional) To calculate and check the UDP checksum: (config vpn l2tpeth L2TPv3_example)> udp_checksum true (config vpn l2tpeth L2TPv3_example)> 6310-DX User Guide...
  • Page 371 Add a sequence number to each outgoing packet. recv: Reorder packets if they are received out of order. both: Add a sequence number to each outgoing packet, and reorder packets if they are received out of order. The default is none. 6310-DX User Guide...

  • Page 372: Show L2Tpv3 Tunnel Status

       Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 373: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the 6310-DX device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 374 4. For Home IP address, type the IPv4 address of the NEMO virtual network interface. 5. For Zone, select Internal. The Internal firewall zone configures the 6310-DX device to trust traffic going to the tunnel and allows it through the network.
  • Page 375 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the 6310-DX device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 376 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the 6310-DX device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 377 (config vpn nemo nemo_example)> zone internal (config vpn nemo nemo_example)> The Internal firewall zone configures the 6310-DX device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network.
  • Page 378 Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end lan (config vpn nemo nemo_example)> b. (Optional) Repeat for additional interfaces. 14. Save the configuration and apply the change: (config)> save Configuration saved. > 6310-DX User Guide...

  • Page 379: Show Nemo Status

       Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 380 Virtual Private Networks (VPN) NEMO LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...
  • Page 381 Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service 6310-DX User Guide...

  • Page 382: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the 6310-DX's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices: The 6310-DX device must have a publicly reachable IP address.
  • Page 383 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 384 Allow remote access for web administration and SSH 3. Click Configuration > Services > SSH > Access Control List > Zones. 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. 6310-DX User Guide...

  • Page 385: Configure The Web Administration Service

    Type quit to disconnect from the device. Configure the web administration service The web administration service allows you to monitor and configure the 6310-DX device by using the WebUI, a browser-based interface. By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the 6310-DX's LAN can access the WebUI.
  • Page 386 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 387 Configure the service    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Web administration.
  • Page 388 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 389 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 390 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service web_admin acl interface end value (config)>...
  • Page 391 (config)> service web_admin cert "ssl-cert-and-private-key" (config)> If SSL certificate is blank, the device will use an automatically-generated, self-signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA 6310-DX User Guide...
  • Page 392 VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx 6310-DX User Guide...
  • Page 393 (config)> service web_admin legacy_encryption true (config)> 8. (Optional) Disable legacy port redirection. Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. 6310-DX User Guide...
  • Page 394 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 395: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 396 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 397 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 398 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 399 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service ssh acl interface end value (config)>...
  • Page 400 To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service ssh mdns enable true (config> To disable the mDNS protocl: (config)> service ssh mdns enable false (config)> 6. (Optional) Set the port number for this service. 6310-DX User Guide...
  • Page 401 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 402: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items If you want to access the 6310-DX device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone.
  • Page 403 These instructions assume an existing user named temp_user. 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 404 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 405: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 406 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 407 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 408 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 409 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to list additional firewall zones. 4. (Optional) Configure Multicast DNS (mDNS) 6310-DX User Guide...

  • Page 410: Configure Dns

    Type quit to disconnect from the device. Configure DNS The 6310-DX device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 411 Services Configure DNS 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > DNS. 4. Click Access control list to configure access control: To limit access to specified IPv4 addresses and networks: a.
  • Page 412 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 413 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service dns acl interface end value (config)>...
  • Page 414 By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: (config)> service dns query_all_servers false (config> 6. (Optional) Rebind protection 6310-DX User Guide...
  • Page 415 Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> 6310-DX User Guide...

  • Page 416: Show Dns Server

       Command line Show DNS information 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 417: Simple Network Management Protocol (Snmp)

    By default, the 6310-DX device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a 6310-DX device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 418 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 419 14. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 420 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service snmp acl interface end value (config)>...
  • Page 421 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES (config)> 6310-DX User Guide...

  • Page 422: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the 6310-DX device.

  • Page 423: Location Information

    By default, the modem's internal GNSS module is enabled. You can also configure your 6310-DX device to forward location messages, either from the 6310-DX device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 424: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location.
  • Page 425 (config)> To disable the module: (config)> service location gnss false (config)> 4. Set the amount of time that the 6310-DX device will wait before polling location sources for updated location data: (config)> service location interval value (config)> where value is any number of hours, minutes, or seconds, and takes the format number {h|m|s}.

  • Page 426: Enable Or Disable Modem Gnss Support

    Note Modem GNSS support is currently only available with the CM07 CORE modem. The 6310-DX device supports the CM07 CORE modem, which provides a GNSS module to determine the device's location. To disable support for the modem's GNSS receiver, or enable it if it has been disabled: ...
  • Page 427 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 428: Configure The Device To Use A User-Defined Static Location

    You can configured your 6310-DX device to use a user-defined static location.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 429 Location information    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 430: Configure The Device To Accept Location Messages From External Sources

    Forward location information to a remote host for information about configuring the 6310-DX device to forward location messages. This procedure configures a UDP port on the 6310-DX device that will be used to listen for incoming messages. Required configuration items The location server must be enabled.
  • Page 431 No limit to IPv6 addresses that can access the location server UDP port. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 432 Location information    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 433 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service location source 1 acl interface end value (config)>...
  • Page 434 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service location source 1 acl interface end value (config)>...

  • Page 435: Forward Location Information To A Remote Host

    Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the 6310-DX device that forward location messages in either NMEA or TAIP format to a remote host. 6310-DX User Guide...
  • Page 436 Configure the 6310-DX device to forward location information:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 437 (Optional) If NMEA is selected, select a Talker ID. The talker ID is a two-character prefix in the NMEA message that identifies the source type. The talker ID set here will override the talker ID from all sources, and all 6310-DX User Guide...
  • Page 438 15. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 439 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the 6310-DX device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 440 To add a message type: a. Change to the filter_nmea node: (config service location forward 0)> filter_nmea (config service location forward 0 filter_nmea)> b. Use the add command to add the message type. For example, to add the gsa message type: 6310-DX User Guide...
  • Page 441 13. Save the configuration and apply the change: (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 442: Configure Geofencing

    Location information Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your 6310-DX device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 443 Services Location information 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Location > Geofence.
  • Page 444 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 445 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: 6310-DX User Guide...
  • Page 446 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 447 Location information    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 448 (config service location geofence test_geofence coordinates 0)> where int is: For latitude, any integer between -90 and 90, with up to six decimal places. For longitude, any integer between -180 and 180, with up to six decimal places. 6310-DX User Guide...
  • Page 449 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 450 3, the actions will not be performed until the device has been inside the geofence for three minutes. c. Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> 6310-DX User Guide...
  • Page 451 (Optional) Set the maximum amount of system memory that will be available for the script and it spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory value (config service location geofence test_geofence on_entry action 0)> 6310-DX User Guide...
  • Page 452 Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> ii. Add the action: (config)> add service location geofence test_geofence on_exit action end 6310-DX User Guide...
  • Page 453 0)> max_memory value (config service location geofence test_geofence on_exit action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: 6310-DX User Guide...

  • Page 454: Show Location Information

       Command line Show location information 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 455: Modbus Gateway

    Type quit to disconnect from the device. Modbus gateway The 6310-DX supports the ability to function as a Modbus gateway, to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the 6310-DX gateway allows for communication between buses and and networks that use the Modbus protocol.

  • Page 456: Configure The Modbus Gateway

    The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. 6310-DX User Guide...
  • Page 457 Whether packets should have their Modbus address adjusted downward before to delivery.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 458 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the 6310-DX device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 459 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 460 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the 6310-DX device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 461 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 462 17. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 463 Set the amount of time to wait before disconnecting the socket when it has become inactive: (config service modbus_gateway server test_modbus_server)> inactivity_timeout value (config service modbus_gateway server test_modbus_server)> where value is any number of minutes or seconds up to a maximum of 15 minutes, and takes the format number{m|s}. 6310-DX User Guide...
  • Page 464 (config service modbus_gateway server test_modbus_server)> serial idle_gap value (config service modbus_gateway server test_modbus_server)> where value is any number between 10 milliseconds and one second, and take the format number{ms|s}. For example, to set idle_gap to one second, enter 1000ms or 1s. 6310-DX User Guide...
  • Page 465 (config service modbus_gateway client test_modbus_client)> where value is either tcp or udp. ii. Set the port: (config service modbus_gateway client test_modbus_client)> socket port (config service modbus_gateway client test_modbus_client)> where port is an integer between 1 and 65535. The default is 502. 6310-DX User Guide...
  • Page 466 (config service modbus_gateway client test_modbus_client)> If connection_type is set to serial: i. Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_ client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------- 6310-DX User Guide...
  • Page 467 Set the maximum time to wait for a response to a message: (config service modbus_gateway client test_modbus_client)> response_ timeout value (config service modbus_gateway client test_modbus_client)> Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. 6310-DX User Guide...
  • Page 468 Modbuss address in the message. h. To adjust the Modbus server address downward by the specified value prior to delivering the message, use adjust_server_address: (config service modbus_gateway client test_modbus_client)> adjust_ server_address value (config service modbus_gateway client test_modbus_client)> 6310-DX User Guide...

  • Page 469: Show Modbus Gateway Status And Statistics

       WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, select Status > Modbus Gateway. The Modbus Gateway page appears. Statistics related to the Modbus gateway server are displayed. If the message Server connections not available is displayed, this indicates that there are no connected clients.
  • Page 470 Modbus gateway    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Use the...
  • Page 471 RX Responses RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 472: System Time

    Configure the system time for details about changing the default configuration. The 6310-DX device can also be configured to serve as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 473 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 474 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your 6310-DX device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
  • Page 475    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 476: Manually Set The System Date And Time

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The 6310-DX device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.

  • Page 477: Configure The Device As An Ntp Server

    3. Click Services > NTP. 4. Enable the 6310-DX device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the 6310-DX device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 478 No limit to IPv6 addresses that can access the NTP service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 479 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 480 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the 6310-DX device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 481 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the 6310-DX device can use the NTP service. 7. (Optional) Set the timezone for the location of your 6310-DX device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 482: Show Status And Statistics Of The Ntp Server

       Command line Show NTP information 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 483: Configure A Multicast Route

    To configure a multicast route:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Multicast.
  • Page 484 6. Type the Source address for the route. This must be a multicast IP address between 224.0.0.1 and 239.255.255.255. 7. Select a Source interface where multicast packets will arrive. 8. To add one or more destination interface that the 6310-DX device will send mutlicast packets a. Click to expand Destination interfaces. b. Click .
  • Page 485 Set the interface. For example: (config service multicast test)> src_interface /network/interface/wan (config service multicast test)> 7. Set a destination interface that the 6310-DX device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.

  • Page 486: Ethernet Network Bonding

    Ethernet network bonding Ethernet network bonding The 6310-DX device supports bonding mode for the Ethernet network. This allows you to configure the device so that Ethernet ports share one IP address. When both ports are being used, they act as one Ethernet network port.
  • Page 487 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 488: Enable Service Discovery (Mdns)

    You can enable the 6310-DX device to use mDNS.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. 6310-DX User Guide...
  • Page 489 No limit to IPv6 addresses that can access the mDNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: a. Click Interfaces.
  • Page 490 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 491 Services Enable service discovery (mDNS) To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service mdns acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...

  • Page 492: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your 6310-DX device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 493 To enable the iPerf3 server:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > iPerf.
  • Page 494 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 495 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service iperf acl interface end value (config)>...

  • Page 496: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the 6310-DX device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...

  • Page 497: Configure The Ping Responder Service

    Done. Configure the ping responder service Your 6310-DX device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
  • Page 498 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 499 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the 6310-DX device: (config)> add service iperf acl interface end value (config)>...
  • Page 500 6. Save the configuration and apply the change: (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 501: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the 6310-DX device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 502 Applications The 6310-DX supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 503: Configure Scripts To Run Automatically

    Whether the script should run one time only. Task one: Upload the application    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. 6310-DX User Guide...
  • Page 504 6310-DX device. local-path is the location on the 6310-DX device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the 6310-DX device, issue the following command: >...

  • Page 505: Task Two: Configure The Application To Run Automatically

    Use with care.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
  • Page 506 If Once is enabled, rebooting the device will cause the script to not run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Uncheck Once. 12. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 507 Configure scripts to run automatically    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 508 To log script errors to the system log: (config system schedule script 0)> syslog_stderr true (config system schedule script 0)> If syslog_stdout and syslog_stderr are not enabled, only the script's exit code is written to the system log. 6310-DX User Guide...

  • Page 509: Configure Scripts To Run Manually

    A label used to identify the script. The arguments for the script. Whether to write the script output and errors to the system log. The memory available to be used by the script. Whether the script should run one time only. 6310-DX User Guide...

  • Page 510: Task One: Upload The Application

    6310-DX device. local-path is the location on the 6310-DX device where the copied file will be placed. 6310-DX User Guide...

  • Page 511: Task Two: Configure The Application To Run Automatically

    Use with care.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts.
  • Page 512 If Once is enabled, rebooting the device will cause the script to not run again. The only way to re-run the script is to: Remove the script from the device and add it again. Make a change to the script. Uncheck Once. 12. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 513 Configure scripts to run manually    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 514: Start A Manual Script

    You can start a script that is enabled and configured to have a run mode of Manual. See    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays:...

  • Page 515: Stop A Script That Is Currently Running

       Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 516: Show Script Information

    3. For scripts that are currently running, click Stop Script to stop the script.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 517: Run A Python Application At The Shell Prompt

    The Scripts page displays:    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 518 6310-DX device. local-path is the location on the 6310-DX device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the...

  • Page 519: Start An Interactive Python Session

    You can also create scripts by using the vi command when logged in with shell access. 2. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 520 Applications Start an interactive Python session digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().

  • Page 521: Digidevice Module

    Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window...

  • Page 522: Use Digidevice.cli To Execute Cli Commands

    1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 523: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager

    Help for using Python to execute 6310-DX CLI commands Get help executing a CLI command from Python by accessing help for cli.execute: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 524 For example, to use an interactive Python session to upload datapoints related to velocity, temperature, and the state of the emergency door: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 525 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload and datapoint.upload_multiple: 1. Log into the 6310-DX command line as a user with shell access.

  • Page 526: Use Digidevice.config For Device Configuration

    Use the config Python module to access and modify the device configuration. Read the device configuration 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 527 Modify the device configuration Use the set() and commit() methods to modify the device configuration: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 528: Use Python To Respond To Digi Remote Manager Sci Requests

    Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 529 Applications Digidevice module Use Remote Manager's SCI interface to create SCI requests that are sent to your 6310-DX device, and use the device_request module to send responses to those requests to Remote Manager. See the Digi Remote Manager Programmers Guide for more information on SCI.
  • Page 530 <device_request target_name="myTarget" status="0">OK</device_request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request In this example, we will use the digidevice.cli module in conjunction with the digidevice.device_ request module to return information about multiple devices to Remote Manager. 6310-DX User Guide...
  • Page 531 This can be done from either the WebUI or the command line:    WebUI i. Log into the 6310-DX WebUI as a user with full Admin access rights. ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 532 Click Apply to save the configuration and apply the change.    Command line i. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 533 To reboot the device: i. From the WebUI: i. From the main menu, click System. ii. Click Reboot. i. From the command line, at the Admin CLI prompt, type: > reboot 6310-DX User Guide...
  • Page 534 Digidevice module To run the application from the shell prompt: i. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 535 Applications Digidevice module <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi 6310-DX Serial Number : 6310-DX-000068 Hostname : 6310-DX : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 22.2.9.85 Bootloader Version Firmware Build Date : Thurs, 03 March 2022 10:16:23...
  • Page 536 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the 6310-DX command line as a user with shell access.

  • Page 537: Use Digidevice Runtime To Access The Runtime Database

    Read from the runtime database Use the keys() and get() methods to read the device configuration: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 538 Modify the runtime database Use the set() method to modify the runtime database: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 539: Use Python To Upload The Device Name To Digi Remote Manager

    Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 540 5. Click Send. Upload a custom name 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 541: Use Python To Access The Device Location Data

    5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for uploading the device name to Digi Remote Manager Get help for uploading the device name to Digi Remote Managerby accessing help for digidevice.name: 1.
  • Page 542 7. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot: 6310-DX User Guide...
  • Page 543 Applications Digidevice module 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell. 2. At the shell prompt, use the python command with no parameters to enter an interactive...
  • Page 544 Help for the digidevice location module Get help for the digidevice location module: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 545: Use Python To Set The Maintenance Window

    Schedule system maintenance tasks for more details. 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 546 Help for the digidevice maintenance module Get help for the digidevice maintenance module: 1. Log into the 6310-DX command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 547: Use Python To Send And Receive Sms Messages

    You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
  • Page 548 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 549: Use The Paho Mqtt Python Library

    Use the Paho MQTT python library Your 6310-DX device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure. The following is example code that reads CPU and RAM usage on the device, updates the device firmware, then publishes information about DHCP clients and system information to the MQTT server at 192.168.1.100.
  • Page 550 = cli.execute("system firmware update file " + fname, 60) except: print("Failed to run firmware update command") return HTTPStatus.INTERNAL_SERVER_ERROR if not "Firmware update completed" in ret: print("Failed to update firmware") return HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate 6310-DX User Guide...
  • Page 551 = json.loads(msg.payload) cid = m["cid"] cmd = m["cmd"] try: payload = m["params"] except: payload = None except: print("Invalid command format: {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: 6310-DX User Guide...
  • Page 552 = runt.get("system.serial") PREFIX = "router/" + serial PREFIX_EVENT = "event/" + PREFIX PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() 6310-DX User Guide...
  • Page 553 Applications Use the Paho MQTT python library except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) 6310-DX User Guide...

  • Page 554: User Authentication

    User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for 6310-DX users Example user configuration 6310-DX User Guide...

  • Page 555: 6310-Dx User Authentication

    User authentication 6310-DX user authentication 6310-DX user authentication User authentication on the 6310-DX has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 556 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. 6310-DX User Guide...

  • Page 557: Add A New Authentication Method

    To add an authentication method:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Methods.
  • Page 558 This procedure describes how to add methods to various places in the list. 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 559: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 560 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 561: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second: 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 562 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 563: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the 6310-DX device by using the serial console. Preconfigured authentication groups The 6310-DX device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.

  • Page 564: Change The Access Rights For A Predefined Group

       WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups.
  • Page 565 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 566: Add An Authentication Group

    Access rights to OpenVPN tunnels, and the tunnels to which they have access. Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:    WebUI 6310-DX User Guide...
  • Page 567 For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the 6310-DX device by using the WebUI or the Admin CLI. 6310-DX User Guide...
  • Page 568 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 569 (config)> where value is either: full: provides users of this group with the ability to manage the 6310-DX device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.

  • Page 570: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the 6310-DX device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created: ...
  • Page 571 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 572: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each 6310-DX device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 573: Change A Local User's Password

    To change a user's password:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 574 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. 6310-DX User Guide...

  • Page 575: Configure A Local User

    Local users    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 576 To configure a local user:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users.
  • Page 577 For example, to set Lockout duration to ten minutes, enter 10m or 600s. The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. 6310-DX User Guide...
  • Page 578 For time-based verification only, in Code refresh interval, type the amount of time that a code will remain valid. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes, enter 10m or 600s. 6310-DX User Guide...
  • Page 579 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 580 (config auth user new_user)> Note Every user must be configured with at least one group. b. (Optional) Add additional groups by repeating the add group command: (config auth user new_user> add group end serial (config auth user new_user)> 6310-DX User Guide...
  • Page 581 Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password. hotp: HMAC-based One-Time Password (HOTP) uses a counter to validate a one- time password. The default value is totp. (config auth user new_user 2fa)> type totp (config auth user new_user 2fa)> 6310-DX User Guide...
  • Page 582 (config auth user new_user 2fa)> login_limit_period value (config auth user new_user 2fa)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set login_limit_period to ten minutes, enter either 10m or 600s: 6310-DX User Guide...

  • Page 583: Delete A Local User

    To delete a user from your 6310-DX:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 584 Local users 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 585 Local users    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 586: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the 6310-DX device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 587: Tacacs+ User Configuration

    Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration When configured to use TACACS+ support, the 6310-DX device uses a remote TACACS+ server for user authentication (password verification) and authorization (assigning the access level of the user). Additional TACACS+ servers can be configured as backup servers for user authentication.

  • Page 588: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your 6310-DX device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 589 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 590 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the 6310-DX authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_ plus.conf file is groupname, which is also the default setting in the 6310-DX configuration.
  • Page 591 (config)> auth tacacs+ authoritative true (config)> 4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the 6310-DX authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_attribute in the...
  • Page 592 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 593: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the 6310-DX device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 594: Radius User Configuration

    6310-DX. Alternatively, if the user is also configured as a local user on the 6310-DX device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See...

  • Page 595: Configure Your 6310-Dx Device To Use A Radius Server

    Add additional RADIUS servers in case the first RADIUS server is unavailable. The server NAS ID. If left blank, the default value is used: If you are access the 6310-DX device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 596 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the 6310-DX device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the 6310-DX device by using ssh, the default value is sshd.
  • Page 597 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 598: Ldap

    User authentication LDAP If you are accessing the 6310-DX device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the 6310-DX device by using ssh, the default value is sshd. (config)> auth radius nas_id id (config)>...
  • Page 599 When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the 6310-DX device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 600: Ldap User Configuration

    LDAP LDAP user configuration When configured to use LDAP support, the 6310-DX device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.

  • Page 601: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your 6310-DX device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 602 User authentication LDAP 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > LDAP > Servers.
  • Page 603 If this attribute is not set, the user will be denied access. 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of 6310-DX authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 604 LDAP    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 605 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of 6310-DX authentication groups that the authenticated user has access to. See...

  • Page 606: Configure Serial Authentication

    This section describes how to configure authentication for serial access.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 607 9. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 608: Disable Shell Access

    To prohibit access to the shell prompt for all authentication groups, disable the Allow shell parameter.. This does not prevent access to the Admin CLI. Note If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    WebUI 6310-DX User Guide...
  • Page 609 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 610: Set The Idle Timeout For 6310-Dx Users

    By default, the Idle timeout is set to 10 minutes.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 611 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 612 User authentication Set the idle timeout for 6310-DX users 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 613: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 614 7. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 615: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the 6310-DX device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 616 User authentication Example user configuration This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. 6310-DX User Guide...
  • Page 617 The authentication group on the 6310-DX device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into the 6310-DX WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. 6310-DX User Guide...
  • Page 618 Click  to add another new method. f. For the new method, select Local users. 6. Create the local user: a. Click Authentication > Users. b. In Add User:, type admin1 and click . c. For password, type password1. 6310-DX User Guide...
  • Page 619 Unix-FTP-Group-Names := "admin" In this example: The user's username is admin1. The user's password is password1. The authentication group on the 6310-DX device, admin, is identified in the Unix- FTP-Group-Names parameter. c. Save and close the users file. 6310-DX User Guide...
  • Page 620 Save and close the tac_plus.conf file. 3. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 621 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...
  • Page 622 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options 6310-DX User Guide...

  • Page 623: Firewall Configuration

    IPsec: The default zone for IPsec tunnels. Dynamic routes: Used for routes learned using routing services. Port forwarding: A list of rules that allow network connections to the 6310-DX to be forwarded to other servers by translating the destination address.
  • Page 624    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 625: Configure The Firewall Zone For A Network Interface

    Internal, to External.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 626 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 627: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.

  • Page 628: Port Forwarding Rules

    Port forwarding rules    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 629 To configure a port forwarding rule:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Port forwarding.
  • Page 630 13. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 631 7. Set the type of internet protocol . (config firewall dnat 0)> protocol value (config firewall dnat 0)> Network connections will only be forwarded if they match the selected protocol. Allowed values are custom, tcp, tcpudp, or upd. The default is tcp. 6310-DX User Guide...
  • Page 632 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. 6310-DX User Guide...

  • Page 633: Delete A Port Forwarding Rule

    To delete a port forwarding rule:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 634 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 635 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 636: Packet Filtering

    By default, one preconfigured packet filtering rule, Allow all outgoing traffic, is enabled and monitors traffic going to and from the 6310-DX device. The predefined settings are intended to block unauthorized inbound traffic while providing an unrestricted flow of outgoing data. You can modify the default packet filtering rule and create additional rules to define how the device accepts or rejects traffic that is forwarded through the device.
  • Page 637 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 638 Packet filtering    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 639 (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 6310-DX User Guide...

  • Page 640: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 641 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 642: Delete A Packet Filtering Rule

    To delete a packet filtering rule:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Packet filtering.
  • Page 643 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 644: Configure Custom Firewall Rules

    To configure custom firewall rules:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Custom rules.

  • Page 645: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the 6310-DX device on the binding's interface. By default, the 6310-DX device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 646 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 647 Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Create a new binding    WebUI 6310-DX User Guide...
  • Page 648 Firewall Configure Quality of Service options 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Quality of Service.
  • Page 649 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. 6310-DX User Guide...
  • Page 650 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 651 Configure Quality of Service options    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 652 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> 6310-DX User Guide...
  • Page 653 IP port number, a range of port numbers using the format IP_port- IP_port, or any. vii. Set the destination port to define a destination matching criteria: (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> 6310-DX User Guide...
  • Page 654 Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> 6310-DX User Guide...
  • Page 655 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address value (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. 6310-DX User Guide...
  • Page 656 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 657: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your 6310-DX device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks...

  • Page 658: Review Device Status

    Show basic system information: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 659: Configure System Information

    Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your 6310-DX device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device.
  • Page 660 8. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 661: Update System Firmware

    For example, 6310-DX-22.2.9.85.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.

  • Page 662: Certificate Management For Firmware Images

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The 6310-DX device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 663 Newest firmware version available to download is '22.2.9.85' Device firmware update from '21.11.60.63' to '22.2.9.85' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 21.11.60.63...
  • Page 664 Update firmware from a local file    WebUI 1. Download the 6310-DX operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the 6310-DX WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
  • Page 665 > reboot Rebooting system > 7. Once the device has rebooted, log into the 6310-DX's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 666: Dual Boot Behavior

    > Dual boot behavior By default, the 6310-DX device stores two copies of firmware in two flash memory banks: The current firmware version that is used to boot the device. A copy of the firmware that was in use prior to your most recent firmware update.

  • Page 667: Update Cellular Module Firmware

    > system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device. You can also schedule modem firmware updates. See Schedule system maintenance tasks for details.

  • Page 668: Update Modem Firmware Over The Air (Ota)

      Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the 6310-DX command line as a user with Admin access.

  • Page 669: Update Modem Firmware By Using A Local Firmware File

    Type quit to disconnect from the device. Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your 6310-DX device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware.

  • Page 670: Reboot Your 6310-Dx Device

    Type quit to disconnect from the device. Reboot your 6310-DX device You can reboot the 6310-DX device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 671: Schedule Reboots Of Your Device

    Schedule reboots of your device    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 672 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 673: Erase Device Configuration And Reset To Factory Defaults

    With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 674 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the 6310-DX by using the serial port or by using an Ethernet cable to connect the 6310-DX LAN port to your PC. b. Log into the 6310-DX: User name: Use the default user name: admin.
  • Page 675 2. Enter the following: > system factory-erase 3. After resetting the device: a. Connect to the 6310-DX by using the serial port or by using an Ethernet cable to connect the 6310-DX LAN port to your PC. b. Log into the 6310-DX: User name: Use the default user name: admin.
  • Page 676 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the 6310-DX by using the serial port or by using an Ethernet cable to connect the 6310-DX LAN port to your PC. b. Log into the 6310-DX: User name: Use the default user name: admin.

  • Page 677: Configure The 6310-Dx Device To Use Custom Factory Default Settings

    Configure the 6310-DX device to use custom factory default settings You can configure your 6310-DX device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 678 1. Log into the 6310-DX WebUI as a user with Admin access. 2. Configure your 6310-DX device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.

  • Page 679: Locate The Device By Using The Find Me Feature

    Use the Find Me feature to cause LEDs on the device to blink, which can help you to identify the specific device. For the 6310-DX, the Power LED blinks when the Find Me feature is in use. To use this feature: ...
  • Page 680    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 681: Configuration Files

    Save configuration changes When you make changes to the 6310-DX configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 682: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your 6310-DX device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 683: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your 6310-DX device by using a backup from the device, or a backup from a similar device. ...
  • Page 684 6310-DX device. local-path is the location on the 6310-DX device where the copied file will be placed. 6310-DX User Guide...
  • Page 685 > system restore filepath [passphrase passphrase] where filepath is the the path and filename of the configuration backup file on the 6310-DX's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created.

  • Page 686: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 687 For Duration window, select the amount of time that the maintenance tasks will be run. If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. 6310-DX User Guide...
  • Page 688 11. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 689 (config system schedule maintenance trigger 0)> time from HH:MM (config system schedule maintenance trigger 0)> The behavior of the start time varies depending on the setting of the duration length, which is configured in the next step. 6310-DX User Guide...
  • Page 690 1 or 0 are also allowed. Note If your device is managed by a Digi Remote Manager configuration, the configuration manages the device's firmware version. You should not enable this option.

  • Page 691: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your 6310-DX device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.

  • Page 692: Re-Enable Cryptography After It Has Been Disabled

    Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 6310-DX User Guide...

  • Page 693: Configure The Speed Of Your Ethernet Ports

    Gateway: 192.168.210.1 2. Connect the PC's Ethernet port to the 1/PoE Ethernet port on your 6310-DX device. 3. Open a telnet session and connect to the 6310-DX device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 694 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 695 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...
  • Page 696 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe 6310-DX User Guide...

  • Page 697: Intelliflow

    WebUI. To use intelliFlow, the 6310-DX must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 698 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 699 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 700: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 701: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 702 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. 6310-DX User Guide...

  • Page 703: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 704: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the 6310-DX device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 705 Configure NetFlow Probe    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > NetFlow probe.
  • Page 706 12. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 707 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. 6310-DX User Guide...
  • Page 708 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 709: Central Management

    Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 710: Digi Remote Manager Support

    This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 711 To configure Digi Remote Manager:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 6310-DX User Guide...
  • Page 712 6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199. 7. (Optional) For Retry interval, type the amount of time that the 6310-DX device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 713 CLI. If disabled, no login prompt will be presented and the user will be logged in as admin. The default is disabled. 14. (Optional) Configure the 6310-DX device to communicate with remote cloud services by using SMS: a.
  • Page 714 (config)> cloud drm drm_url url (config)> 6. (Optional) Set the amount of time that the 6310-DX device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
  • Page 715 (config)> cloud drm keep_alive 600s (config)> 8. (Optional) Set the amount of time that the 6310-DX device should wait between sending keep- alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 716 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 13. (Optional) Configure the 6310-DX device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...

  • Page 717: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
  • Page 718 3. Click Monitoring > Device Health. 4. (Optional) Click to expand Data point tuning. Data point tuning options allow to you configure what data are uploaded to the Digi Remote Manager. All options are enabled by default. 5. Only report changed values to Digi Remote Manager is enabled by default.
  • Page 719 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.

  • Page 720: Enable Event Log Upload To Digi Remote Manager

    Type quit to disconnect from the device. Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval: ...
  • Page 721 6. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 722: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.

  • Page 723: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.

  • Page 724: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device. 8. Click Add. 9. Click OK. Digi Remote Manager adds your 6310-DX device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...
  • Page 725 2. The dashboard includes a Digi Remote Manager status pane:    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 726: Configure Multiple Devices Using Profiles

    Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple 6310-DX routers. Typically, if you want to provision multiple 6310-DX routers: 1. Using the 6310-DX local WebUI, configure one 6310-DX router to use as the model configuration for all subsequent 6310-DXs you need to manage.
  • Page 727 File system This chapter contains the following topics: The 6310-DX local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 728: File System

    The 6310-DX local file system The 6310-DX local file system The 6310-DX local file system has approximately 250 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 729: Create A Directory

    For example: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 730: Display File Contents

    For example:    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 731: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 732: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 733: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 734: Upload And Download Files By Using The Secure Copy Command

    6310-DX device. local-path is the location on the 6310-DX device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the 6310-DX device, issue the following command: >...

  • Page 735: Upload And Download Files Using Sftp

    6310-DX device. For example: To copy a support report from the 6310-DX device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 736 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit 6310-DX User Guide...
  • Page 737 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems 6310-DX User Guide...

  • Page 738: Perform A Speedtest

    To perform a speedtest:    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 739 Attach the support report to any support requests.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 740: View System And Event Logs

    View System Logs    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 741 5. Click  to download the system log.    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 742: View Event Logs

    View Event Logs    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 743 Diagnostics View system and event logs 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 744: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 745 5. Click Apply to save the configuration and apply the change.    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 746: Configure Options For The Event And System Logs

    30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    WebUI 6310-DX User Guide...
  • Page 747 Diagnostics Configure options for the event and system logs 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Log.
  • Page 748 Configure options for the event and system logs 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the 6310-DX device erases system logs each time the device is powered off or rebooted.
  • Page 749 (config)> system log event dhcpserver ? DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. Parameters Current Value 6310-DX User Guide...
  • Page 750 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 751: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The 6310-DX device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 752: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration:    WebUI 1. Log into the 6310-DX WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer.
  • Page 753 Click Ignore this protocol if the filter should ignore packets that use this protocol. By default, is option is disabled, which means that the filter will capture packets that use 6310-DX User Guide...
  • Page 754 Click  to add additional VLAN filters. g. For Berkeley packet filter expression, type a filter using Berkeley Packet Filter (BPF) syntax. See Example filters for capturing data traffic for examples of filters using BPF syntax. 6310-DX User Guide...
  • Page 755 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change. 6310-DX User Guide...
  • Page 756 Analyze network traffic    Command line 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 757 Format: icmp icmpv6 igmp ospf other vrrp Current value: (config network analyzer name filter protocol 0)> iii. Set the protocol: (config network analyzer name filter protocol 0)> protocol value (config network analyzer name filter protocol 0)> 6310-DX User Guide...
  • Page 758 By default, is option is set to false, which means that the filter will capture packets from this port. v. Repeat these steps to add additional port filters. d. To create a filter that either captures or ignores packets from one or more specified MAC addresses: 6310-DX User Guide...
  • Page 759 (Optional) Set the filter should ignore packets from this VLAN: (config network analyzer name filter vlan 0)> ignore true (config network analyzer name filter vlan 0)> By default, is option is set to false, which means that the filter will capture packets from this MAC address. 6310-DX User Guide...
  • Page 760 Set the amount of time that the scheduled analyzer session will run: (config network analyzer name)> duration value (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. 6310-DX User Guide...

  • Page 761: Example Filters For Capturing Data Traffic

    Capture traffic for a particular IP protocol: ip proto protocol where protocol is a number in the range of 1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp. 6310-DX User Guide...

  • Page 762: Capture Packets From The Command Line

    Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer for packet capture configuration information. To start packet capture from the command line:    Command line 6310-DX User Guide...

  • Page 763: Stop Capturing Packets

    Diagnostics Analyze network traffic 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Type the following at the Admin CLI prompt: >...

  • Page 764: Show Captured Traffic Data

    To show captured data traffic:    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 765: Save Captured Data Traffic To A File

       Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 6310-DX User Guide...

  • Page 766: Download Captured Data To Your Pc

    WebUI or from the command line by using the (secure copy file) command.    WebUI 1. Log into the 6310-DX WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 6310-DX User Guide...

  • Page 767: Clear Captured Data

    4. Select the saved analyzer report you want to download and click  (download).    Command line 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 768 To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. 6310-DX User Guide...

  • Page 769: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 770 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the 6310-DX device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1.

  • Page 771: Regulatory Guide

    THIS PRODUCT MAY CAUSE INTERFERENCE IF USED IN RESIDENTIAL AREAS. SUCH USE MUST BE AVOIDED UNLESS THE USER TAKES SPECIAL MEASURES TO REDUCE ELECTROMAGNETIC EMISSIONS TO PREVENT INTERFERENCE TO THE RECEPTION OF RADIO AND TELEVISION BROADCASTS. Supported Countries FOR A FULL LIST OF CERTIFIED COUNTRIES GO VISIT: www.digi.com/legal/terms 6310-DX User Guide...
  • Page 772 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español 6310-DX User Guide...

  • Page 773: English

    Do not power on the unit in any aircraft. Operation of this equipment in a residential environment could cause radio interference. For ambient temperatures above 60° C, this equipment must be installed in a Restricted Access Location only. 6310-DX User Guide...

  • Page 774: Bulgarian--Бъ Л Га Рс Ки

    З а окол ни т е м пе ра т ури на д 60 ° C, т ов а оборудв а не т ря бв а да с е инс т а л ира с а м о на м я с т о с огра нич е н дос т ъ п. 6310-DX User Guide...

  • Page 775: Croatian--Hrvatski

    ​ ​ j edinicu ni u jednom zrakoplovu. Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje. Za okolne temperature iznad 60 ° C, ova oprema mora biti instalirana samo na mjestu s ograničenim pristupom. 6310-DX User Guide...

  • Page 776: French--Français

    L'utilisation de cet équipement dans un environnement résidentiel peut provoquer des interférences radio. Pour des températures ambiantes supérieures à 60 °C, cet équipement doit être installé uniquement dans un emplacement à accès restreint. 6310-DX User Guide...

  • Page 777: Greek--Ε Λλην Ικά

    Γ ια θερ μοκρ ασ ίες περ ιβάλλον τ ος άν ω τ ων 60 ° C, αυτ ός ο εξ οπλισ μός πρ έπει ν α εγ κατ ασ τ αθεί μόν ο σ ε θέσ η περ ιορ ισ μέν ης πρ όσ βασ ης 6310-DX User Guide...

  • Page 778: Hungarian--Magyar

    60 ° C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. 6310-DX User Guide...

  • Page 779: Italian--Italiano

    Non accendere l'unità in nessun aereo. Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare interferenze radio. Per temperature ambiente superiori a 60° C, questa apparecchiatura deve essere installata solo in un luogo ad accesso limitato. 6310-DX User Guide...

  • Page 780: Latvian--Latvietis

    Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus. Ja apkārtējā temperatūra pārsniedz 60 ° C, šī iekārta jāuzstāda tikai ierobežotas piekļuves vietā. 6310-DX User Guide...

  • Page 781: Lithuanian--Lietuvis

    Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. Naudojant šią įrangą gyvenamojoje aplinkoje, gali kilti radijo trukdžių. Esant aukštesnei nei 60 ° C aplinkos temperatūrai, ši įranga turi būti montuojama tik riboto patekimo vietoje. 6310-DX User Guide...

  • Page 782: Polish--Polskie

    życie. Nie włączaj urządzenia w żadnym samolocie. Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe. W przypadku temperatur otoczenia powyżej 60°C urządzenie to należy instalować wyłącznie w miejscach o ograniczonym dostępie. 6310-DX User Guide...

  • Page 783: Portuguese--Português

    Não ligue a unidade em nenhuma aeronave. A operação deste equipamento em um ambiente residencial pode causar interferência de rádio. Para temperaturas ambientes acima de 60 ° C, este equipamento deve ser instalado apenas em locais de acesso restrito. 6310-DX User Guide...

  • Page 784: Slovak--Slovák

    života. Jednotku nezapínajte v žiadnom lietadle. Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové rušenie. Pri teplotách okolia nad 60 ° C musí byť toto zariadenie inštalované iba na mieste s obmedzeným prístupom. 6310-DX User Guide...

  • Page 785: Slovenian--Esloveno

    življenja. Enote ne vklopite v nobenem letalu. Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje. Pri temperaturah okolice nad 60 ° C mora biti ta oprema nameščena samo na lokaciji z omejenim dostopom. 6310-DX User Guide...

  • Page 786: Spanish--Español

    El funcionamiento de este equipo en un entorno residencial puede provocar interferencias de radio. Para temperaturas ambiente superiores a 60 ° C, este equipo debe instalarse únicamente en una ubicación de acceso restringido. End user license agreement To view the end user license agreement, visit: www.digi.com/legal/terms 6310-DX User Guide...
  • Page 787 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 6310-DX User Guide...

  • Page 788: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the 6310-DX device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.

  • Page 789: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. 6310-DX login: 3. Log into the 6310-DX command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 790: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the 6310-DX command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...

  • Page 791: Display Help For Individual Commands

    Show OpenVPN statistics. route Show IP routing information. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. > show 6310-DX User Guide...

  • Page 792: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. 6310-DX User Guide...

  • Page 793: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the 6310-DX device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the 6310-DX device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 794: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the 6310-DX device from a remote host, or to the remote host from the 6310-DX device.

  • Page 795: Display Status And Statistics Using The Show Command

    6310-DX device. For example: To copy a support report from the 6310-DX device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 796: Show System

    "445" > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi 6310-DX Serial Number : 6310-DX-000065 : 6310-DX Hostname : 6310-DX MAC Address : DF:DD:E2:AE:21:18...

  • Page 797: Execute Configuration Commands At The Root Admin Cli Prompt

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The 6310-DX device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 798 > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true 6310-DX User Guide...

  • Page 799: Configuration Mode

    2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> Move within the configuration schema for more information about moving within the configuration. 6310-DX User Guide...

  • Page 800: Save Changes And Exit Configuration Mode

    Adds a named element, or an element in a list. See Manage elements in lists for information about using the add command with lists. Deletes a named element, or an element in a list. See Manage elements 6310-DX User Guide...

  • Page 801: Display Command Line Help In Configuration Mode

    At the config prompt, enter service ?: (config)> service ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> b. Enter ? to display help for the service node: (config service)> ? 6310-DX User Guide...
  • Page 802 Enter ? to display help for the ssh node: (config service ssh)> ? Either of these methods will display the following information: (config)> service ssh ? SSH: An SSH server for managing the device. Parameters Current Value ------------------------------------------------------------------------ enable true Enable [private] Private key 6310-DX User Guide...

  • Page 803: Move Within The Configuration Schema

    (config)> service ssh enable Move within the configuration schema You can perform configuration tasks at the CLI by moving within the configuration. Move forward one node in the configuration by entering the name of an Additional Configuration option: 6310-DX User Guide...

  • Page 804: Manage Elements In Lists

    Add elements to a list When used with parameters that contains lists of elements, the add command is used to add an element to the list. For example, to add an authentication method: 6310-DX User Guide...
  • Page 805 (config)> show auth user new-user group 0 admin (config)> Delete elements from a list When used with parameters that contains lists of elements, the del command is used to delete an element in the list. For example, to delete an authentication method: 6310-DX User Guide...

  • Page 806: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the 6310-DX device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 807 2. Save the configuration and apply the change: (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 808: Enter Strings In Configuration Commands

    (config)> system description "Digi 6310-DX" Example: Create a new user by using the command line In this example, you will use the 6310-DX command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 809 Command line interface Configuration mode 1. Log into the 6310-DX command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 810 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. 6310-DX User Guide...

  • Page 811: Command Line Reference

    6310-DX User Guide...

  • Page 812: Analyzer Clear

    Clears the traffic captured by the analyzer. Syntax analyzer clear <name> 6310-DX User Guide...

  • Page 813: Analyzer Save

    Name of the capture filter to use. clear dhcp-lease ip-address Clear the DHCP lease for the specified IP address. Syntax clear dhcp-lease ip-address ADDRESS Parameters address: An IPv4 or IPv6 address clear dhcp-lease mac Clear the DHCP lease for the specified MAC address. 6310-DX User Guide...

  • Page 814: Container Create

    The source file or directory to copy. destination: The destination path to copy the source file or directory to. force: Do not ask to overwrite the destination file if it exists. help Show CLI editing and navigation commands. Syntax help 6310-DX User Guide...
  • Page 815 Command line interface Command line reference Parameters None 6310-DX User Guide...
  • Page 816 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. 6310-DX User Guide...

  • Page 817: Mkdir

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware list List modem firmware files found in the /opt/[MODEM_MODEL]/ directory. 6310-DX User Guide...

  • Page 818: Modem Firmware Ota Check

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware ota check Query the Digi firmware server for the latest remote modem firmware version. Syntax modem firmware ota check [name STRING] [imei STRING] Parameters name: The configured name of the modem to execute this CLI command on.

  • Page 819: Modem Pin Change

    Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Syntax modem pin enable <pin> [name STRING] [imei STRING] Parameters pin: The SIM's PIN code. 6310-DX User Guide...

  • Page 820: Modem Pin Status

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem puk unlock Unlock the SIM with a PUK code from the SIM provider. Syntax modem puk unlock <puk> <new-pin> [name STRING] [imei STRING] 6310-DX User Guide...

  • Page 821: Modem Reset

    The SIM slot to change to. name: The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. monitoring Commands to clear the device's status or systems. 6310-DX User Guide...

  • Page 822: Monitoring Metrics Upload

    The source file or directory to move. destination: The destination path to move the source file or directory to. force: Do not ask to overwrite the destination file if it exists. ping Ping a host using ICMP echo. 6310-DX User Guide...
  • Page 823 If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. size: The number of bytes sent in the ICMP ping request. (Minimum: 0, Default: 56) count: The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. 6310-DX User Guide...

  • Page 824: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None 6310-DX User Guide...
  • Page 825 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. 6310-DX User Guide...

  • Page 826: Scp

    Display IPv4 routes. If no IP version is specified IPv4 & IPV6 will be displayed. ipv6: Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None 6310-DX User Guide...

  • Page 827: Show Config

    Show all leases (active and inactive (not in etc/config/dhcp.*lease)). verbose: Display more information (less concise, more detail). show dns Show DNS servers and associated domains. Syntax show dns Parameters None show event Show event list (high level). 6310-DX User Guide...

  • Page 828: Show Hotspot

    Show L2TP access concentrator status & statistics. Syntax show l2tp lac [name STRING] Parameters name: Display more details for a specific L2TP access concentrator. show l2tp lns Show L2TP network server status & statistics. Syntax show l2tp lns [name STRING] 6310-DX User Guide...

  • Page 829: Show L2Tpeth

    (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. show manufacture Show manufacturer information. Syntax show manufacture [verbose] Parameters verbose: Display more information (less concise, more detail). show modbus-gateway 6310-DX User Guide...

  • Page 830: Show Modem

    [interface STRING] [all] [verbose] Parameters interface: Display more details and config data for a specific network interface. all: Display all interfaces including disabled interfaces. verbose: Display more information (less concise, more detail). show ntp Show NTP status & statistics. 6310-DX User Guide...

  • Page 831: Show Openvpn Client

    Show IP routing information. Syntax show route [ipv4] [ipv6] [verbose] Parameters ipv4: Display IPv4 routes. ipv6: Display IPv6 routes. verbose: Display more information (less concise, more detail). show serial Show serial status & statistics. Syntax show serial [port STRING] 6310-DX User Guide...

  • Page 832: Show Scripts

    The name of a specific IPsec tunnel. all: Show all IPsec tunnels. show surelink openvpn Show SureLink status & statistics for OpenVPN clients. Syntax show surelink openvpn [client STRING] [all] Parameters client: The name of the OpenVPN client. all: Show all OpenVPN clients. 6310-DX User Guide...

  • Page 833: Show System

    Display more details and config data for a specific VRRP instance. all: Display all VRRP instances including disabled instances. verbose: Display all VRRP status and statistics including disabled instances. show web-filter Show web filter status & statistics. 6310-DX User Guide...

  • Page 834: Speedtest

    [passphrase STRING] [remove <custom-defaults>] Parameters type: The type of backup file to create. Archives are full backups including generated SSH keys and dynamic DHCP lease information. CLI configuration backups are a list of CLI commands used to build 6310-DX User Guide...

  • Page 835: System Disable-Cryptography

    Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Syntax system factory-erase Parameters None system find-me Find Me function to flash LEDs on this device to help users locate the unit. Syntax system find-me <state> 6310-DX User Guide...

  • Page 836: System Firmware Ota Check

    Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update.

  • Page 837: System Restore

    Stop an active running script. Scripts scheduled to run again will still run again (disable a script to prevent it from running again). Syntax system script stop <script> Parameters script: Script to stop. system serial clear Clears the serial log. Syntax system serial clear <port> 6310-DX User Guide...

  • Page 838: System Serial Save

    <port> [size INTEGER] Parameters port: Serial port. size: Maximum size of serial log. (Default: 65536) system serial stop Start logging data on a serial port. Syntax system serial stop <port> Parameters port: Serial port. system support-report 6310-DX User Guide...

  • Page 839: System Time Set

    Test the configured NTP server(s) for connectivity. This test will not affect the device's current local date and time. Syntax system time test Parameters None telnet Use Telnet protocol to log into a remote server. Syntax telnet <host> [port INTEGER] 6310-DX User Guide...

  • Page 840: Traceroute

    Do not fragment probe packets. icmp: Use ICMP ECHO for probes. nomap: Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. 6310-DX User Guide...
  • Page 841 Antenna notes and solutions Command line reference Antenna notes and solutions This chapter contains the following topics: Antenna terminology Physical specifications Antennas tested by Digi 6310-DX User Guide...

  • Page 842: Antenna Terminology

    30 feet of cabling. Certain Digi products are designed to provide the ability to place the unit where reception is best (moving the radio is always preferred). This allows the device to capture optimal Radio Frequency (RF) before converting it to IP packets and transmit data via Ethernet cabling, an approach that yields increased performance and cost savings over coax cabling.

  • Page 843: Extra-Small Iot Paddle Antennas

    Directional antennas may improve RF sensitivity, but they will require an expert knowledge to find a specific cellular tower and maintain the ongoing fine-tuning that may be required to keep the antenna positioned properly. Due to the challenges of directional antennas, Digi typically focuses on MIMO omni-directional models.

  • Page 844: Flat Mimo Antenna #1

    This is a hardened antenna designed to be mounted outdoors. This is a MIMO antenna with two short pig tail connectors and the overall dimensions are 187 mm in height and 106 mm at the base. Digi typically provides this antenna with a kit including dual coax cables at 5M in length. If you are using this antenna with a Digi PoE (for example, the Digi 6300-CX) we typically recommend you mount the unit on the inside and run the 5M cables to the outside.
  • Page 845 Antenna notes and solutions Antennas tested by Digi Product: PNM2-LTE and the Product Datasheet MSRP: PNM2-LTE-1C1C-WHT-180 (includes Cabling @ 15 feet) $176.40 Deployment notes This is an additional easy-to-use MIMO antenna with a low-profile form factor and simple mounting. This model is manufactured by Mobile Mark and showed solid RF performance in our testing. With a square form factor of 146 mm x 146 mm x 18 mm, the antenna cabling is built into the antenna and can be sized to order (typically lead time from the manufacturer is 2 weeks).

Table of Contents