1. Manuals
  2. Brands
  3. Digi Manuals
  4. Gateway
  5. IX15
  6. User manual

Digi IX15 User Manual

Hide thumbs Also See for IX15:
1
2
3
Table Of Contents
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
Table of Contents

Advertisement

Quick Links

Download this manual
Digi IX15
Gateway
User Guide
Firmware version 21.2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IX15 and is the answer not in the manual?

Questions and answers

Related Manuals for Digi IX15

Summary of Contents for Digi IX15

  • Page 1 Digi IX15 Gateway User Guide Firmware version 21.2...

  • Page 2: Revision History-90002400

    Initial release of the Digi IX15 Gateway User Guide. May 2021 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 3 Include the document title and part number (Digi IX15 Gateway User Guide, 90002400 A) in the subject line of your email. Digi IX15 Gateway User Guide...

  • Page 4: Table Of Contents

    Get started Step 1: Requirements Step 2: Setup the hardware Step 3: Program an XBee profile Step 4: Join nodes to the IX15 network Step 5: Review your XBee network Next steps Digi IX15 hardware reference Digi IX15 features and specifications...
  • Page 5 Configure and update an XBee network What is an XBee profile? Manage XBee profiles Upload the XBee profile Apply XBee profiles Configure a sleeping network to work with the IX15 Export your network Bluetooth Low Energy Configure Bluetooth Low Energy Verify BLE connectivity...
  • Page 6 Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Configure device two (backup device) Show VRRP status and statistics Virtual Private Networks (VPN) IPsec IPsec data protection IPsec modes Digi IX15 Gateway User Guide...
  • Page 7 Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service Example performance test using iPerf3 Configure the ping responder service Digi IX15 Gateway User Guide...
  • Page 8 Set up the IX15 for Python development Create and test a Python application End-to-end demos Python modules Set up the IX15 to automatically run your applications Configure applications to run automatically Show script information Stop a script that is currently running...
  • Page 9 Reboot your IX15 device Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the IX15 device to use custom factory default settings Configuration files Save configuration changes Save configuration to a file...
  • Page 10 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
  • Page 11 Save captured data traffic to a file Download captured data to your PC Clear captured data Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi IX15 Gateway User Guide...
  • Page 12 Display the system log Recover the local XBee xbeemgmt tool Get the IX15 IP A remote XBee is not listed in the IX15 network PyCharm: My IX15 is not listed in Digi Device Selector Digi IX15 regulatory and safety statements RF exposure statement...

  • Page 13: Digi Ix15 Quick Start

      Digi IX15 device The IX15 has a product label on the bottom of the device. The label includes product identification information and the default password assigned to the device. The IX15 also includes a terminal connector for the power supply installed in the power input.

  • Page 14: Step 3: Connect

    Included in IX15 Accessory kit (76002107)—the kit may be ordered separately. Laptop or personal computer Use an Ethernet cable to connect your IX15 to a laptop or PC. SIM card(s) If you intend to configure cellular WWAN access at this time, acquire SIM cards as needed.
  • Page 15  ii. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX15 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
  • Page 16  b. After SIM cards are installed, replace the SIM slot cover.  2. Attach antennas Connect IX15-compatible cellular antennas to the WWAN1-1 and WWAN1-2 antenna connectors on the back of the device. Connect the RF antenna to the XBee antenna connector.
  • Page 17  3. Use an Ethernet cable to connect the IX15 ETH port to your PC.  4. Connect DC power and power on the IX15 device. The IX15 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum.
  • Page 18 Verify that the signal strength indicator on the front of the IX15 shows two or more bars. CAUTION! If your laptop or PC is connected to the ETH port on the IX15 and the IX15 has a cellular internet connection established, the laptop or PC will likely automatically switch from its Wi-Fi internet connection to its Ethernet port.

  • Page 19: Step 4: Configure

    Change the default password for the admin user for the admin user for instructions. Step 5: Next steps Once you have setup your IX15, it is time to start working with your device and discover all its features following the Get started guide.
  • Page 20 Get started This section guides you through your first steps with the Digi IX15 Gateway. You will connect your hardware, program the IX15 XBee with a profile, and create an XBee network. Step 1: Requirements Step 2: Setup the hardware...

  • Page 21: Get Started

    These devices will be discovered and configured later using XCTU. Step 3: Program an XBee profile The IX15 comes with a set of default configuration settings, firmware version, and XBee protocol based on a Zigbee router profile. To update these configuration, you have to program an XBee profile.
  • Page 22  6. Check the XBee device that appears in the list and click Add to apply the XBee profile. Note If more than one XBee device appears in the list, the first one corresponds to the IX15. Select that one.  7. The new task appears in the Current XBee Update Tasks panel.

  • Page 23: Step 4: Join Nodes To The Ix15 Network

    Step 4: Join nodes to the IX15 network Now that you have the IX15 configured, you can add new XBee devices to the network. To do so, you have to configure the XBee devices that you connected to your computer in Setup the hardware.

  • Page 24: Step 5: Review Your Xbee Network

      Python application development: Create a Python application using the Digi XBee PyCharm Plugin, build, and learn how to launch it in your IX15.   XBee network management: Discover your XBee network, get information from nodes, update their firmware, and configure their settings.
  • Page 25   Firewall   Remote device management: Remotely monitor and analyze multiple devices, manage their configuration, or update the entire system via the integrated Remote Manager support. You can also use Amazon AWS IoT Microsoft Azure. Digi IX15 Gateway User Guide...
  • Page 26 Digi IX15 hardware reference This chapter contains the following topics: Digi IX15 features and specifications IX15 accessories IX15 front and side views IX15 LEDs IX15 power supply requirements Power consumption Digi IX15 serial connector pinout Antenna specifications for the cellular modem...

  • Page 27: Digi Ix15 Hardware Reference

    B1, B2, B3, B4, B5, B7, B8, B12, B13, B18, B19, B20, B25, B26, B28, B38, B39, B40, B1, B2, B4, B5, B6, B8, B19 2G EDGE / GPRS 850 / 900 / 1800 / 1900 MHz IX15 accessories When accessories are purchased with the IX15 device, the following are provided:   Cellular antennas.   Power supply.
  • Page 28 Digi IX15 hardware reference IX15 front and side views Item Description 1. LEDs IX15 LEDs. Main (WWAN1-1) and auxillary (WWAN1-2) cellular antenna connectors. WWAN  Antenna connectors 3. XBee 2.4 GHz mag base antenna connector. Antenna connector The ERASE button is used to perform a device reset, and it has three modes: ERASE  1.

  • Page 29: Ix15 Leds

    Digi IX15 hardware reference IX15 LEDs IX15 LEDs The IX15 LEDs are located on the top front panel. During bootup, the front-panel LEDs light up in sequence to indicate boot progress. Power (PWR) No power. Solid green DC power is connected to the device.

  • Page 30: Xbee

    WARNING! DO NOT POWER OFF DURING UPDATE. Solid green Flashing yellow (or orange) XBee interface is enabled and XBee Updating a remote XBee. service is running. Solid blue Flashing red XBee active discovery running. Recovering local XBee. Digi IX15 Gateway User Guide...

  • Page 31: Signal Quality Indicators

    Solid amber: 1000 Mbps link detected. Signal quality bars explained The signal status bars for the Digi IX15 measure more than simply signal strength. The value reported by the signal bars is calculated using an algorithm that takes into consideration the Reference Signals Received Power (RSRP), the Signal-to-noise ratio (SNR), and the Received Signal Strength Indication (RSSI) to provide an accurate indicator of the quality of the signal that the device is receiving.

  • Page 32: Ix15 Power Supply Requirements

    Digi IX15 hardware reference IX15 power supply requirements 4G LTE algorithms For 4G LTE, the IX15 device determines the RSRP, SNR, and RSSI values separately and uses the following algorithms to display the signal quality: RSRP > -85, rsrp_bars=5 -95 < RSRP <= -85, rsrp_bars=4 -105 <...

  • Page 33: Power Consumption

    Crimp terminals should be used for all connections. Power consumption This section contains information about the power consumption of the Digi IX15 Gateway. All measurements were performed running Digi Accelerated Linux version 20.11.32.138. All presented results were measured at ambient temperature (25ºC).

  • Page 34: Results

    1620 - 1950 46 - 53 840 - 950 85 - 104 1550 - 1900 43 - 50 780 - 910 Note Disconnecting the serial port loopback connector, all measures are reduced by 3-4 mA. Digi IX15 Gateway User Guide...

  • Page 35: Digi Ix15 Serial Connector Pinout

    Digi IX15 hardware reference Digi IX15 serial connector pinout Digi IX15 serial connector pinout The IX15 is a DTE device. The pinout for the 10 pin RJ-45 serial connector is as follows: RS485 half- Pin number RS232 signal duplex signal  ...

  • Page 36: Antenna Specifications For The Xbee Rf Module

    The XBee antenna must be positioned a minimum of 20 cm (7.9 in) from cellular antennas. Specification Value Model number DC-ANT-24DT Frequency range 2.4 GHz ~ 2.5 GHz Impedance 50 Ω nominal VSWR 1.92 maximum Return loss -10 dB maximum Electrical wave 1/2 λ Dipole Gain  1.8 dBi Admitted power Digi IX15 Gateway User Guide...
  • Page 37 Hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Mount the IX15 device Digi IX15 Gateway User Guide...

  • Page 38: Hardware Setup

    Torque to 2.9 inch/pounds. SIM removal The IX15 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch.

  • Page 39: Connect Data Cables

    Ethernet (RJ-45): Use a Cat 5e or Cat 6 Ethernet cable.   Serial (RJ-45): Use a serial cable with an RJ45 connector to connect to the IX15 device. See pin serial cabling options for information about Digi's 10-pin RJ-50 cables.
  • Page 40  a. Attach the DIN rail clip to the back of the device with the screws provided.  b. Set the IX15 device onto a DIN rail and gently press until the clip snaps into the rail.  2. Attach the DIN rail clip to the bottom of the device:  a.
  • Page 41 Hardware setup Mount the IX15 device  b. Set the IX15 device onto a DIN rail and gently press until the clip snaps into the rail. WARNING! If being installed above head height on a wall or ceiling, ensure the device is fitted securely to avoid the risk of personal injury.
  • Page 42 Configuration methods Using Digi Remote Manager Access Digi Remote Manager Using the web interface Using the command line Access the command line interface Log in to the command line interface Exit the command line interface Digi IX15 Gateway User Guide...

  • Page 43: Configuration And Management

    Configuration and management Review IX15 default settings Review IX15 default settings You can review the default settings for your IX15 device by using the local WebUI or Digi Remote Manager: Local WebUI  1. Log into the IX15 WebUI as a user with Admin access. See Using the web interface for details.

  • Page 44: Other Default Configuration Settings

    Packet filtering allows all outbound traffic. Security policies   SSH and web administration:   Enabled for local administration   Firewall zone: Internal   Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval.   SNMP: Disabled   Enabled Serial port  ...
  • Page 45  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 46: Configuration Methods

    With the Remote Manager, you can configure your IX15 device and use the configuration as a basis for a profile which can be applied to other similar devices. See...
  • Page 47 Configuration and management Configuration methods Shows how to perform a task by using the command line interface. Digi IX15 Gateway User Guide...

  • Page 48: Using Digi Remote Manager

    Using Digi Remote Manager Using Digi Remote Manager By default, your IX15 device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your IX15 device, see Central management.

  • Page 49: Log Out Of The Web Interface

    Using the web interface Dashboard area Description Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager. Device Displays the IX15 device's status, statistics, and identifying information.

  • Page 50: Using The Command Line

    Log in to the command line interface   Command line  1. Connect to the IX15 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 51: Exit The Command Line Interface

    1: Serial: port1 (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type a or admin to access the IX15 command line. You will now be connected to the Admin CLI: Connecting now, 'exit' to disconnect from Admin CLI ... >...

  • Page 52: Manage An Xbee Network

    64-bit address, node identifier, role, and so on. The IX15 network caches a list of known nodes that reflects the real XBee network. It adds new nodes to its network cache in these scenarios:  ...

  • Page 53: Review The Current Xbee Network State

    XBee nodes from the CLI. Discover the XBee network Nodes that appear in the Network Manager list are known to the IX15. The list accumulates known network nodes over time. To find new nodes, you can perform:  ...
  • Page 54 Manage an XBee network Discover the XBee network  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
  • Page 55 Allowed values are any number of minutes, or seconds, and take the format number{m|s}. For example, to set Time between requests to five minutes, enter 5m or 300s. The minimum value is 20 seconds and the maximum is 10 minutes. The default is 2 minutes. Digi IX15 Gateway User Guide...
  • Page 56 For large networks we recommend cascade discovery mode. The default is cascade.  5. Set the amount of time the IX15 should wait between discovery cycles. Allowed values are from 1 minute to 3 days. The default is 1 hour. (config)> config xbee active_discovery time_between_scans <time>...

  • Page 57: One-Shot Discovery

    Manage an XBee network Configure and update an XBee network  6. Set the amount of time the IX15 should wait between node requests to ask for neighbors. Allowed values are from 20 seconds to 10 minutes. The default is 2 minutes.

  • Page 58: What Is An Xbee Profile

    XCTU User Guide. Manage XBee profiles The Profile Manager page allows you to manage the XBee profiles stored in the IX15. You can upload, download, and delete profiles. For each profile, it also shows whether it contains settings, firmware, and filesystem updates.

  • Page 59: Upload The Xbee Profile

    XBee. The Profile Manager shows whether those contents are included or not for each available profile. Upload the XBee profile Once you create the desired XBee profile, follow these steps to upload it to the IX15:  1. Open the IX15 WebUI and login.  2. On the top menu, click XBee.

  • Page 60: Configure A Sleeping Network To Work With The Ix15

    IX15, can send messages to the end device. Short sleep: nodes that sleep less than 30 seconds They can receive data transmissions at any time since their parents buffer data long enough for the end devices to wake and poll to receive the data.
  • Page 61 From MicroPython, transmit any data to the IX15 when it wakes up.   Any other intelligence that sends anything when the node wakes up.  2. Must stay awake to provide other nodes, including the IX15, with enough time to send messages to the end device.  ...

  • Page 62: Export Your Network

    From MicroPython, transmit any data to the IX15 when it wakes up.   Any other intelligence that sends anything when the node wakes up.  2. Must stay awake to provide other nodes, including the IX15, with enough time to send messages to the end device.  ...

  • Page 63: Bluetooth Low Energy

    XBee protocol + Bluetooth Low Energy (BLE). For example, you can use your cellphone to connect to the XBee device of the IX15, and then from your phone, interact with the IX15 using the XBee Python API.
  • Page 64 Bluetooth Low Energy Configure Bluetooth Low Energy  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window displays. Digi IX15 Gateway User Guide...
  • Page 65  8. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 66: Verify Ble Connectivity

    Type quit to disconnect from the device. Verify BLE connectivity You can use the Digi XBee Mobile application to verify that BLE is enabled and working on your IX15.  1. Download and install the Digi XBee Mobile application in your phone.  2. Open the Digi XBee Mobile application. The Find XBee devices screen appears and the app automatically begins scanning for devices.
  • Page 67 Bluetooth Low Energy Verify BLE connectivity  6. Tap OK. The Device Information screen displays. You are now connected to the IX15 through BLE. Digi IX15 Gateway User Guide...

  • Page 68: Power Management

    Power management Most of the time the IX15 will be powered by a plug in the wall so power consumption might not be a problem. However, if you plan to power your device with batteries you must consider power saving.

  • Page 69: Configure A Power Profile

    You can choose to preserve power, performance or to balance both. To change the active power profile: É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Configuration, click Device Configuration. Digi IX15 Gateway User Guide...
  • Page 70 Power management Configure a power profile The Configuration window displays. Digi IX15 Gateway User Guide...
  • Page 71 Manual: Allows you to manually set the working frequency of the CPU. When this option is selected, the setting Custom frequency is available to set the CPU working frequency manually:   198 KHz   396 KHz   528 KHz   792 KHz Digi IX15 Gateway User Guide...
  • Page 72  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 73: Suspend Mode

    Suspend mode is a special state where the CPU, most of the RAM, and most of the digital peripherals are powered off to save as much power as possible. The IX15 is able to enter suspend mode on demand to reduce power consumption to the minimum when no operation is required during a certain time.
  • Page 74 XBee: Wakes up the device when any data is received in the XBee interface.  5. If RTC alarm is enabled, set the the alarm date and time in RTC alarm date and time following the format: YYYY-MM-DD HH:MM[:SS]. Digi IX15 Gateway User Guide...

  • Page 75: Enter Suspend Mode

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Enter suspend mode You can command the IX15 to enter suspend mode at any time using the CLI interface. To do so: Digi IX15 Gateway User Guide...

  • Page 76: Disable Interfaces On Suspend

    Power management Suspend mode  1. Connect to the IX15 CLI by using a serial connection, SSH, or the Terminal in the WebUI.  2. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 77  3. Click System > Power > Disabled interfaces on suspend.  4. The interfaces are listed:   Modem: Turn on this setting to disable the modem interface when the IX15 enters suspend mode. By default, all interfaces are enabled when going to suspend. Click available interfaces to toggle them to disable on suspend.
  • Page 78  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 79: Interfaces

    Interfaces Digi IX15 Gateway devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs)

  • Page 80: Wireless Wide Area Networks (Wwans)

    Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX15 device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 81   WebUI SureLink can be configured for both IPv4 and IPv6.  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 82 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds.  10. Optional active recovery configuration parameters: Digi IX15 Gateway User Guide...
  • Page 83 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6.  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 84   interface_up: The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this test Digi IX15 Gateway User Guide...
  • Page 85 The default is 15 minutes.  e. If more than one test target is configured, determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets: Digi IX15 Gateway User Guide...

  • Page 86: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the IX15 device to reboot when it has determined that an interface has failed. Required configuration items  ...
  • Page 87 Additional configuration items   Configure SureLink active recovery to detect modem failures for optional SureLink configuration parameters. Digi IX15 Gateway User Guide...
  • Page 88   WebUI SureLink can be configured for both IPv4 and IPv6.  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 89  c. For Attempts, type the number of probe attempts before the WAN is considered to have failed. Digi IX15 Gateway User Guide...
  • Page 90 Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6.  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 91   (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi IX15 Gateway User Guide...
  • Page 92  e. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config network interface my_wwan ipv4 surelink)> timeout value (config network interface my_wwan ipv4 surelink> The default is 15 seconds.  9. (Optional) Repeat this procedure for IPv6. Digi IX15 Gateway User Guide...

  • Page 93: Disable Surelink

    SureLink interface test. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 94  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 95 É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 96  9. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 97: Using Cellular Modems In A Wireless Wan (Wwan)

    Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX15 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX15 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 98 Wireless Wide Area Networks (WWANs) É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Modems > Modem.
  • Page 99  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 100 2. Uses the second SIM slot. The default is any.  6. If sim_slot is set to any, set the SIM slot that should be considered the preferred slot for this modem: (config)> network modem modem sim_slot_preference value (config)> Digi IX15 Gateway User Guide...
  • Page 101 The default is all, which uses the best available technology.  10. Set whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas: (config)> network modem modem antenna value (config)> Digi IX15 Gateway User Guide...
  • Page 102 Type quit to disconnect from the device. Configure cellular modem APNs The IX15 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 103  8. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs, enable APN list only.  9. Click Apply to save the configuration and apply the change.   Command line Digi IX15 Gateway User Guide...
  • Page 104 Interfaces Wireless Wide Area Networks (WWANs)  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 105 The modem status window is displayed   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 106 IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 ICCID : 26587628655003992180 SIM Provider : AT&T Digi IX15 Gateway User Guide...
  • Page 107 A SIM card can be locked if a user tries to set an invalid PIN for the SIM card too many times. In addition, some cellular carriers require a SIM PIN to be added before the SIM card can be used. If the SIM card is locked, the Digi IX15 Gateway device cannot make a cellular connection.  ...
  • Page 108 To run AT commands from the IX15 command line:     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 109 Site-to-site networking, without the overhead of tunneling for each device. To accomplish this, we will create separate WWAN interfaces that use the same modem but use different APNs, and then use routing roles to forward traffic to the appropriate WWAN interface. É   WebUI Digi IX15 Gateway User Guide...
  • Page 110 Interfaces Wireless Wide Area Networks (WWANs)  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Increase the maximum number of interfaces allowed for the modem:  a.
  • Page 111 Interfaces Wireless Wide Area Networks (WWANs)  f. (Optional): Configure the public APN. If the public APN is not configured, the IX15 will attempt to determine the APN.  i. Click to expand APN list > APN.  ii. For APN, type the public APN for your cellular carrier.
  • Page 112  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 113  c. Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)>  d. (Optional): Set the public APN. If the public APN is not configured, the IX15 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
  • Page 114  i. Set the type to interface: (config network route policy 1)> dst type interface (config network route policy 1)>  ii. Set the interface to WWANPrivate : (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> Digi IX15 Gateway User Guide...

  • Page 115: Configure A Wireless Wide Area Network (Wwan)

    The IPv6 management priority of the WAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access.   The IPv6 Maximum Transmission Unit (MTU) of the WAN. Digi IX15 Gateway User Guide...
  • Page 116   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 117 The default setting is When primary default route.  f. SIM failover is enabled by default, which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect. If Digi IX15 Gateway User Guide...
  • Page 118 Reboot device: The device will reboot if automatic SIM switching is unavailable.  9. For APN list and APN list only, the IX15 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 119 Interfaces Wireless Wide Area Networks (WWANs)  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 120 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)>   plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> Digi IX15 Gateway User Guide...
  • Page 121 (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> If enabled:  i. Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: Digi IX15 Gateway User Guide...
  • Page 122 The device will reboot if automatic SIM switching is unavailable.  7. The IX15 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.

  • Page 123: Show Wwan Status And Statistics

     3. Under Networking, click Interfaces.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 124 IPv6 DNS Server(s) : fd00:244::1, fe80::234:f3f4:fe0e:4320 >  4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 125: Delete A Wwan

     5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 126  4. Save the configuration and apply the change: (config)> save Configuration saved. >  5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 127: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX15 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area     Ethernet:   Firewall zone: Network Internal (LAN)  ...

  • Page 128: About Local Area Networks (Lans)

    The IPv6 management priority of the LAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access.   The IPv6 Maximum Transmission Unit (MTU) of the LAN. Digi IX15 Gateway User Guide...
  • Page 129 To create a new LAN or edit an existing LAN:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 130 Incoming packets will be dropped from any devices whose MAC addresses is included in the MAC address blacklist.  a. Click to expand MAC address blacklist.  b. For Add MAC address, click g .  c. Type the MAC address.  12. (Optional) Click to expand MAC address whitelist. Digi IX15 Gateway User Guide...
  • Page 131  13. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 132  b. Set the IPv6 type to DHCP: (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)>  c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): Digi IX15 Gateway User Guide...

  • Page 133: Show Lan Status And Statistics

     9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show LAN status and statistics   É   WebUI Digi IX15 Gateway User Guide...
  • Page 134  3. Under Networking, click Interfaces.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 135: Delete A Lan

    LAN, LAN1. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 136 Interfaces Local Area Networks (LANs)  5. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...

  • Page 137: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your IX15 device to assign IP addresses to clients, using either:   The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 138   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 139  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 140  b. Determine how the DHCP server should broadcast the gateway server: (config)> network interface my_lan ipv4 dhcp_server advanced gateway value (config)> where value is one of:   none: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Digi IX15 Gateway User Guide...
  • Page 141 Interfaces Local Area Networks (LANs)   auto: Broadcasts the IX15 device's gateway.   custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)> The default is auto.
  • Page 142 IP address that will be mapped to the device.   MAC address of the device. Additional configuration items   A label for this instance of the static lease. To map static IP addresses:   É   WebUI Digi IX15 Gateway User Guide...
  • Page 143  11. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 144 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:   É   WebUI Digi IX15 Gateway User Guide...
  • Page 145  3. Under Networking, click DHCP Leases.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 146  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 147 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your Digi IX15 Gateway device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 148 Local Area Networks (LANs) É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Interfaces.
  • Page 149 Interfaces Local Area Networks (LANs)  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 150 LAN. For the IX15 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 151  10. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 152 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the Digi IX15 Gateway device and to diagnose DHCP issues.  ...

  • Page 153: Create A Virtual Lan (Vlan) Route

     3. Under Networking, click DHCP Leases.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 154 To create a VLAN:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Virtual LAN.
  • Page 155 Local Area Networks (LANs)   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 156: Serial Port

    IX15 devices have a single serial port that provides access to the command-line interface. Use an RS-232 serial cable to establish a serial connection from your IX15 to your local laptop or PC. Use a terminal emulator program to establish the serial connection. The terminal emulator's serial connection must be configured to match the configuration of the IX15 device's serial port.
  • Page 157 Serial port Configure the serial port  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.  3. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 158  a. Enable CTS to monitor CTS (Clear to Send) changes on this port.  b. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port.  9. (Optional) Copy the serial port's configuration by clicking the Å (copy) icon. The Copy Configuration window displays. Digi IX15 Gateway User Guide...
  • Page 159   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 160  d. Set the stop bits used by the device to which you want to connect: (config)> serial port1 stopbits bits (config)>  e. Set the type of flow control used by the device to which you want to connect: (config)> serial port1 flow type (config) Digi IX15 Gateway User Guide...
  • Page 161  e. (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config)> serial port1 monitor cts true (config)  f. (Optional) Enable monitoring of DCD (Data Carrier Detect) changes on this port: (config)> serial port1 monitor dcd true (config) Digi IX15 Gateway User Guide...
  • Page 162 No limit to IPv6 addresses that can access the tcp port. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: Digi IX15 Gateway User Guide...
  • Page 163 (config serial USB_port)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup Digi IX15 Gateway User Guide...
  • Page 164 A single IP address or host name.   A network designation in CIDR notation, for example, 2001:db8::/48.   any: No limit to IPv6 addresses that can access the telnet port. Repeat this step to list additional IP addresses or networks. Digi IX15 Gateway User Guide...
  • Page 165 Serial port Configure the serial port   To limit access to hosts connected through a specified interface on the IX15 device: (config serial USB_port)> add service telnet acl interface end value (config serial USB_port)> Where value is an interface defined on your device.
  • Page 166 A single IP address or host name.   A network designation in CIDR notation, for example, 2001:db8::/48.   any: No limit to IPv6 addresses that can access the ssh port. Repeat this step to list additional IP addresses or networks. Digi IX15 Gateway User Guide...
  • Page 167 Serial port Configure the serial port   To limit access to hosts connected through a specified interface on the IX15 device: (config serial USB_port)> add service ssh acl interface end value (config serial USB_port)> Where value is an interface defined on your device.

  • Page 168: Show Serial Status And Statistics

     3. Under Connections, click Serial.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 169: Log Serial Port Messages

    To display and configure the serial port log:   É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the main menu, click Status  3. Under Connections, click Serial.  4. Click Log. The Serial port log window displays.

  • Page 170: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi IX15 Gateway User Guide...

  • Page 171: Ip Routing

    IP routing IP routing The IX15 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows:  1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 172: Configure A Static Route

    To configure a static route: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Routes > Static routes.
  • Page 173  7. For Interface, select the interface on the IX15 device that will be used with this static route.  8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 174 The any keyword can also be used to route packets to any destination with this static route.  6. Set the interface on the IX15 device that will be used with this static route:  a. Use the ? to determine available interfaces:  b.

  • Page 175: Delete A Static Route

    Delete a static route É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Routes > Static routes.

  • Page 176: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX15 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 177: Configure A Routing Policy

    Routing IP routing Policy-based routing for the IX15 device uses the following criteria to determine how to route traffic:   Firewall zone (for example, internal/outbound traffic, external/inbound traffic, or IPSec tunnel traffic).   Network interface (for example, the cellular connection, the WAN, or the LAN).
  • Page 178  5. (Optional) For Label, type a label that will be used to identify this route policy.  6. For Interface, select the interface on the IX15 device that will be used with this route policy.  7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 179  13. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 180 (config network route policy 0)> label "New route policy" (config network route policy 0)>  5. Set the interface on the IX15 device that will be used with this route policy:  a. Use the ? to determine available interfaces:  b. Set the interface. For example: (config network route policy 0)>...
  • Page 181 Matches the source IP address to the selected firewall zone. Set the zone:  a. Use the ? to determine available zones: (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Digi IX15 Gateway User Guide...
  • Page 182 (config network route policy 0)> src mac MAC_address (config network route policy 0)>  10. Set the destination address type: (config network route policy 0)> dst type value (config network route policy 0)> Digi IX15 Gateway User Guide...
  • Page 183 (config network route policy 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address.   address6: Matches the destination IPv6 address to the specified IP address or network. Set the address that will be matched: Digi IX15 Gateway User Guide...
  • Page 184  11. Save the configuration and apply the change: (config)> save Configuration saved. >  12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 185: Routing Services

    Routing IP routing Routing services Your IX15 includes support for dynamic routing services and protocols. The following routing services are supported: Service or protocol Information RFC2453 The IPv4 Routing Information Protocol (RIP) service supports RIPv2 ( ) and RFC1058 RIPv1 (...
  • Page 186 IP routing É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Routes > Routing services.
  • Page 187 IP routing   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 188: Show The Routing Table

    To display the routing table: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...

  • Page 189: Dynamic Dns

    WAN or public IP address changes. Your IX15 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 190 The amount of time to wait to force an update of the interface's IP address.   The amount of time to wait for an IP address update to succeed before retrying the update.   The number of times to retry a failed IP address update. Digi IX15 Gateway User Guide...
  • Page 191 Dynamic DNS É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Dynamic DNS.
  • Page 192  14. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 193 Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)>  7. Set the domain name that is linked to the interface's IP address: (config network ddns new_ddns_instance)> domain domain_name (config network ddns new_ddns_instance)> Digi IX15 Gateway User Guide...
  • Page 194 For example, to set retry_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> retry_interval 600s (config network ddns new_ddns_instance)> The default is 60s.  13. (Optional) Set the number of times to retry a failed IP address update: Digi IX15 Gateway User Guide...

  • Page 195: Virtual Router Redundancy Protocol (Vrrp)

    Multiple IX15 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 196 VRRP priorty of devices based on the status of their network connectivity. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 197  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 198  9. Add a virtual IP address associated with this VRRP instance. This can be an IPv4 or IPv6 address. (config network vrrp VRRP_test)> add virtual_address end ip_address (config network vrrp VRRP_test)> Additional virtual IP addresses can be added by repeating this step with different values for ip_ address. Digi IX15 Gateway User Guide...

  • Page 199: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX15 device. Required configuration items  ...
  • Page 200 Routing Virtual Router Redundancy Protocol (VRRP)  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > VRRP.
  • Page 201  d. Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses:  i. Click to expand DHCP Server > Advanced settings.  ii. For Gateway, select Custom. Digi IX15 Gateway User Guide...
  • Page 202  11. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 203  8. Configure the VRRP interface:  a. Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses:  i. Set the DHCP server gateway type to custom: Digi IX15 Gateway User Guide...
  • Page 204 For example, to set interval to ten minutes, enter 5s: (config)> network interface eth ipv4 surelink interval 5s (config)> Digi IX15 Gateway User Guide...
  • Page 205   (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi IX15 Gateway User Guide...

  • Page 206: Example: Vrrp/Vrrp+ Configuration

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two IX15 devices: Digi IX15 Gateway User Guide...

  • Page 207: Configure Device One (Master Device)

    É   WebUI Task 1: Configure VRRP on device one  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > VRRP.
  • Page 208 Task 2: Configure VRRP+ on device one  1. Click to expand VRRP+.  2. Click Enable.  3. Click to expand Monitor interfaces.  4. Click g to add an interface for monitoring.  5. Select Interface: Modem.  6. For Priority modifier, type 30. Digi IX15 Gateway User Guide...
  • Page 209   Command line Task 1: Configure VRRP on device one  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 210 Task 3: Configure the IP address for the VRRP interface, ETH, on device one  1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)>  2. Set the IP address for ETH: (config)> network interface eth ipv4 address 192.168.3.1/24 (config)> Digi IX15 Gateway User Guide...

  • Page 211: Configure Device Two (Backup Device)

    É   WebUI Task 1: Configure VRRP on device two  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 212  7. For Router ID, leave at the default setting of 50.  8. For Priority, type 80.  9. Click to expand Virtual IP addresses.  10. Click g to add a virtual IP address.  11. For Virtual IP, type 192.168.3.3. Digi IX15 Gateway User Guide...
  • Page 213  1. Click Network > Interfaces > ETH > IPv4 > SureLink.  2. Click Enable.  3. For Interval, type 15s.  4. Click to expand Test targets > Test target.  5. For Test Type, select Ping test. Digi IX15 Gateway User Guide...
  • Page 214   Command line Task 1: Configure VRRP on device two  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 215 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, ETH, on device two  1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> Digi IX15 Gateway User Guide...
  • Page 216  2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients:  a. Set the start address to 200: (config)> network interface eth ipv4 dhcp_server lease_start 200 (config)>  b. Set the end address to 250: (config)> network interface eth ipv4 dhcp_server lease_end 250 (config)> Digi IX15 Gateway User Guide...

  • Page 217: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a Digi IX15 Gateway device. VRRP status is available from the Web UI only. É...
  • Page 218 The Virtual Router Redundancy Protocol window is displayed.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 219 Routing Virtual Router Redundancy Protocol (VRRP) > Digi IX15 Gateway User Guide...

  • Page 220: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) NEMO Digi IX15 Gateway User Guide...

  • Page 221: Ipsec

    Aggressive mode Aggressive mode is faster than main mode, but is not as secure as main mode, because the device and its peer exchange their IDs and hash information in clear text instead of being encrypted. Digi IX15 Gateway User Guide...

  • Page 222: Authentication

    Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX15 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX15 device uses a private RSA key to authenticate with a...
  • Page 223 The amount of time before the IKE phase 1 lifetime expires.   The amount of time before the IKE phase 2 lifetime expires   The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated.   Digi IX15 Gateway User Guide...
  • Page 224 Virtual Private Networks (VPN) IPsec É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click VPN > IPsec.
  • Page 225 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. Digi IX15 Gateway User Guide...
  • Page 226 Certificate Authority: For Certificate Authority chain, paste the Certificate Authority (CA) certificates. These must include all peer certificates in the chain up to the root CA certificate, in PEM format.  15. (Optional) For Management Priority, set the priority for this IPsec tunnel. Digi IX15 Gateway User Guide...
  • Page 227  19. Click to expand Remote endpoint.  a. For Hostname, select either a hostname or IP address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword Digi IX15 Gateway User Guide...
  • Page 228  20. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel.  a. Click g to create a new policy. The new policy configuration is displayed.  b. Click to expand Local network. Digi IX15 Gateway User Guide...
  • Page 229 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. Digi IX15 Gateway User Guide...
  • Page 230 NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT.  24. See Configure SureLink active recovery for IPsec for information about IPsec Active recovery.  25. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 231 Virtual Private Networks (VPN) IPsec   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 232 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel.  8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: Digi IX15 Gateway User Guide...
  • Page 233  b. Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> Digi IX15 Gateway User Guide...
  • Page 234 These must include all peer certificates in the chain up to the root CA certificate, in PEM format. (config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_ chain (config vpn ipsec tunnel ipsec_example)>  11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: Digi IX15 Gateway User Guide...
  • Page 235 (config vpn ipsec tunnel ipsec_example)> local id raw_id id (config vpn ipsec tunnel ipsec_example)>   any: Any ID will be accepted.   ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Digi IX15 Gateway User Guide...
  • Page 236  b. Set the ID type: (config vpn ipsec tunnel ipsec_example)> remote id type value (config vpn ipsec tunnel ipsec_example)> where value is one of:   auto: The ID will be automatically determined from the value of the tunnels endpoints. Digi IX15 Gateway User Guide...
  • Page 237 This setting must match the peer's IKE version.  b. Determine whether the device should initiate the key exchange, rather than waiting for an incoming request. By default, the device will initiate the key exchange. This must be Digi IX15 Gateway User Guide...
  • Page 238  g. Set a randomizing amount of time before the IPsec tunnel is renegotiated: (config vpn ipsec tunnel ipsec_example)> ike lifetime_margin value (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi IX15 Gateway User Guide...
  • Page 239 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal.  iii. Repeat to add more phase 1 proposals. Digi IX15 Gateway User Guide...
  • Page 240 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal.  iii. Repeat to add more phase 2 proposals. Digi IX15 Gateway User Guide...
  • Page 241 (config vpn ipsec tunnel ipsec_example nat 0)> ... (config)>  b. Add a policy: (config)> add vpn ipsec tunnel ipsec_example policy end (config vpn ipsec tunnel ipsec_example policy 0)>  c. Set the type of local network policy: Digi IX15 Gateway User Guide...
  • Page 242  a. Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example policy 0)> ... (config)>  b. (config)> vpn ipsec advanced keep_alive value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi IX15 Gateway User Guide...
  • Page 243  20. Save the configuration and apply the change: (config)> save Configuration saved. >  21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 244: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the IX15 device to fail over from a primary IPsec tunnel to a backup tunnel:   SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 245 See Configure an IPsec tunnel for instructions.   During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).   Command line Digi IX15 Gateway User Guide...
  • Page 246  a. Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation Digi IX15 Gateway User Guide...

  • Page 247: Configure Surelink Active Recovery For Ipsec

    (config vpn ipsec tunnel backup_ipsec_tunnel)> Configure SureLink active recovery for IPsec You can configure the IX15 device to regularly probe IPsec client connections to determine if the connection has failed and take remedial action. You can also configure the IPsec tunnel to fail over to a backup tunnel. See Configure IPsec failover further information.
  • Page 248 Virtual Private Networks (VPN) IPsec  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click VPN > IPsec.
  • Page 249 IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size.   DNS test or DNS test (IPv6): Tests connectivity by sending a DNS query to the specified DNS server. Digi IX15 Gateway User Guide...
  • Page 250  14. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 251  10. Set the amount of time that the device should wait for a response to a probe attempt before considering it to have failed: (config vpn ipsec tunnel ipsec_example)> connection_monitor timeout value (config vpn ipsec tunnel ipsec_example)> Digi IX15 Gateway User Guide...
  • Page 252 (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> dns_server ip_address (config vpn ipsec tunnel ipsec_example connection_monitor target 0)>   dns_configured (IPv4) or dns_configured6 (IPv6): Tests connectivity by sending a DNS query to the DNS servers configured for this interface. Digi IX15 Gateway User Guide...
  • Page 253 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> interface_timeout 600s (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> The default is 60 seconds. Digi IX15 Gateway User Guide...

  • Page 254: Show Ipsec Status And Statistics

      Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 255: Debug An Ipsec Configuration

    Use the interactive shell to set the IPsec debug level By using the interactive shell to set the debug level, you can enable the IX15 device to write additional debug messages to the system log. The command accepts the following values to set the debug level:  ...
  • Page 256   Command line  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.

  • Page 257: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX15 device supports two types of OpenVPN topology:...

  • Page 258: Configure An Openvpn Server

    OpenVPN that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The IX15 device supports two mechanisms for configuring an OpenVPN server in TAP mode:   OpenVPN managed—The IX15 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration).
  • Page 259 Additional OpenVPN parameters. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click VPN > OpenVPN > Servers.
  • Page 260  9. If Server managed certificates is not enabled:  a. Select the Authentication type:   Certificate only: Uses only certificates for client authentication. Each client requires a public and private key. Digi IX15 Gateway User Guide...
  • Page 261 No limit to IPv6 addresses that can access the service-type.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 262  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 263 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. Digi IX15 Gateway User Guide...
  • Page 264 Authentication Group and User for instructions.  ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> Digi IX15 Gateway User Guide...
  • Page 265 Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 266 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to list additional firewall zones.  9. (Optional) Set additional OpenVPN parameters. Digi IX15 Gateway User Guide...

  • Page 267: Configure An Openvpn Authentication Group And User

    É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 268 The new authentication group configuration is displayed.  c. Click OpenVPN access to enable OpenVPN access rights for users of this group.  d. Click to expand the OpenVPN node.  e. Click g to add a tunnel. Digi IX15 Gateway User Guide...
  • Page 269  d. Click to expand the Groups node.  e. Click g to add a group to the user.  f. Select a Group with OpenVPN access enabled.  5. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 270 Virtual Private Networks (VPN) OpenVPN Digi IX15 Gateway User Guide...
  • Page 271 Virtual Private Networks (VPN) OpenVPN   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 272: Configure An Openvpn Client By Using An .Ovpn File

      É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click VPN > OpenVPN > Clients.
  • Page 273  11. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 274  7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)>  8. Save the configuration and apply the change: (config)> save Configuration saved. > Digi IX15 Gateway User Guide...

  • Page 275: Configure An Openvpn Client Without Using An .Ovpn File

    OpenVPN active recovery.   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 276  5. The OpenVPN client is enabled by default. To disable, click Enable.  6. The default behavior is to use an OVPN file for client configuration. To disable this behavior and configure the client manually, click Use .ovpn file to disable. Digi IX15 Gateway User Guide...
  • Page 277  15. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 278 (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)>  9. Set the IP address of the OpenVPN server: (config vpn openvpn client name)> server ip_address (config vpn openvpn client name)> Digi IX15 Gateway User Guide...

  • Page 279: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the IX15 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Digi IX15 Gateway User Guide...
  • Page 280 To configure the IX15 device to regularly probe the OpenVPN connection: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 281 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. Digi IX15 Gateway User Guide...
  • Page 282 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. Digi IX15 Gateway User Guide...
  • Page 283  14. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 284 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1)> connection_monitor interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 seconds. Digi IX15 Gateway User Guide...
  • Page 285 (IPv4) or http6 (IPv6): Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL.   Specify the url. Allowed value uses the format http[s]://hostname/[path]. (config vpn openvpn client openvpn_client1 connection_monitor target 0)> http_url url Digi IX15 Gateway User Guide...
  • Page 286 0)> interface_timeout 600s (config vpn openvpn client openvpn_client1 connection_monitor target 0)> The default is 60 seconds.  12. Save the configuration and apply the change: (config vpn openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > Digi IX15 Gateway User Guide...

  • Page 287: Show Openvpn Server Status And Statistics

    OpenVPN server's status pane.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 288: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 289: Generic Routing Encapsulation (Gre)

    Task One: Create a GRE loopback endpoint interface   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 290  11. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 291 Task Two: Configure the GRE tunnel   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 292  10. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 293 (config vpn iptunnel gre_example)> save Configuration saved. >  9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 294: Show Gre Tunnels

      É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears.  3. To view configuration details about a GRE tunnel, click the ­ (configuration) icon in the upper right of the tunnel's status pane.

  • Page 295: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The IX15 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 296  3. Create a GRE tunnel named gre_tunnel2:  a. Local endpoint set to the IPsec endpoint interface, Interface: ipsec_endpoint2.  b. Remote endpoint set to the IP address of the GRE tunnel on IX15-1, 172.30.0.1.  4. Create an interface named gre_interface2 and add it to the GRE tunnel:  a.
  • Page 297  15. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 298  4. Set the pre-shared key to testkey: (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)>  5. Set the remote endpoint to public IP address of the IX15-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 299  4. For Device, select Ethernet: loopback.  5. Click to expand IPv4.  6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32.  7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 300 É   WebUI  1. Click VPN > IP Tunnels.  2. For Add IP Tunnel, type gre_tunnel1 and click g .  3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). Digi IX15 Gateway User Guide...
  • Page 301 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)>  4. Set the remote endpoint to the IP address of the GRE tunnel on IX15-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)>  5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 302 Task three (IP tunnel: gre_tunnel1).  5. Click to expand IPv4.  6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel.  7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 303 Task one: Create an IPsec tunnel É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 304  3. Click VPN > IPsec > Tunnels.  4. For Add IPsec Tunnel, type ipsec_gre2 and click g .  5. Click to expand Authentication.  6. For Pre-shared key, type the same pre-shared key that was configured for the IX15-1 (testkey).  7. Click to expand Remote endpoint.
  • Page 305 (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)>  4. Set the pre-shared key to the same pre-shared key that was configured for the IX15-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 306 Task two: Create an IPsec endpoint interface É   WebUI  1. Click Network > Interfaces.  2. For Add Interface, type ipsec_endpoint2 and click g .  3. For Zone, select Internal.  4. For Device, select Ethernet: loopback.  5. Click to expand IPv4. Digi IX15 Gateway User Guide...
  • Page 307  5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)>  6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > Digi IX15 Gateway User Guide...
  • Page 308 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)>  4. Set the remote endpoint to the IP address of the GRE tunnel on IX15-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> Digi IX15 Gateway User Guide...
  • Page 309 Task three (IP tunnel: gre_tunnel2).  5. Click to expand IPv4.  6. For Address, type 172.31.1.1/30 for a virtual IP address on the GRE tunnel.  7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...

  • Page 310: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX15 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.

  • Page 311: Configure A Nemo Tunnel

    If set to IP address, enter the IP address.   The local network of the GRE endpoint negotiated by NEMO.   If the local network is set to Interface, identify the local interface to be used. É   WebUI Digi IX15 Gateway User Guide...
  • Page 312  10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX15 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 313  14. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 314 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX15 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 315 The default is defaultroute.  12. Set the GRE tunnel local endpoint:  a. Set the method to determine the GRE tunnel local endpoint: (config vpn nemo nemo_example)> tun_local type value (config vpn nemo nemo_example)> where value is one of: Digi IX15 Gateway User Guide...

  • Page 316: Show Nemo Status

      Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 317 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized >  4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
  • Page 318 Modbus gateway System time Configure the system time Network Time Protocol Configure the device as an NTP server Configure a multicast route Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi IX15 Gateway User Guide...

  • Page 319: Allow Remote Access For Web Administration And Ssh

    Allow remote access for web administration and SSH Allow remote access for web administration and SSH By default, only devices connected to the IX15's LAN have access to the device via web administration and SSH. To enable these services for access from remote devices:  ...
  • Page 320  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 321 Allow remote access for web administration and SSH É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 322 Services Allow remote access for web administration and SSH  6. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...

  • Page 323: Configure The Web Administration Service

    By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the IX15's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the web administration service to allow access from remote devices.
  • Page 324  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 325 Configure the service É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > Web administration.
  • Page 326 No limit to IPv6 addresses that can access the web administration service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 327  11. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 328 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service web_admin acl interface end value (config)>...
  • Page 329 The SSL certificate and private key must be in PEM format.   The private key can use one of the following algorithms:       ECDSA   ECDH Note Password-protected certificate keys are not supported. Example Digi IX15 Gateway User Guide...
  • Page 330 UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs+ml1PlepXgveKpKrWwORsdDBd+OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y/5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Digi IX15 Gateway User Guide...
  • Page 331 Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> Digi IX15 Gateway User Guide...
  • Page 332  9. Save the configuration and apply the change: (config)> save Configuration saved. >  10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 333: Configure Ssh Access

    Services Configure SSH access Configure SSH access The IX15's default configuration has SSH access enabled, and allows SSH access to the device from authorized users within the Internal firewall zone. If this configuration is sufficient for your needs, no further configuration is required. See Allow remote access for web administration and SSH information about configuring the SSH service to allow access from remote devices.
  • Page 334  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 335 No limit to IPv6 addresses that can access the SSH service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 336  8. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 337 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service ssh acl interface end value (config)>...
  • Page 338  7. Save the configuration and apply the change: (config)> save Configuration saved. >  8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 339: Use Ssh With Key Authentication

    SSH public key for the user Additional configuration items   If you want to access the Digi IX15 Gateway device using SSH over a WAN interface, configure the access control list for the SSH service to allow SSH access for the External firewall zone. É...
  • Page 340 These instructions assume an existing user named temp_user.  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 341  4. Save the configuration and apply the change: (config)> save Configuration saved. >  5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 342: Configure Telnet Access

    The telnet service is disabled by default. To enable the service: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 343  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 344 No limit to IPv6 addresses that can access the telnet service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 345  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 346 Services Configure telnet access   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...

  • Page 347: Configure Dns

    Type quit to disconnect from the device. Configure DNS The IX15 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 348 To configure the DNS server:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > DNS.
  • Page 349 No limit to IPv6 addresses that can access the DNS service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 350 Services Configure DNS  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. At the command line, type config to enter configuration mode: >...
  • Page 351 By default, the device's DNS server queries all available DNS servers. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: Digi IX15 Gateway User Guide...
  • Page 352  a. Add a host: (config)> add service dns host end (config service dns host 0)>  b. Set the IP address of the host: (config service dns host 0)> address ip-addr (config service dns host 0)> Digi IX15 Gateway User Guide...
  • Page 353  10. Save the configuration and apply the change: (config)> save Configuration saved. >  11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 354: Simple Network Management Protocol (Snmp)

    By default, the IX15 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a IX15 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 355 No limit to IPv6 addresses that can access the SNMP agent.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 356  14. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 357 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service snmp acl interface end value (config)>...
  • Page 358 (config)> service snmp privacy pwd (config)>  11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES (config)>  12. (Optional) Enable read-only access to to SNMP version 2c. Digi IX15 Gateway User Guide...

  • Page 359: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:   É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX15 device.

  • Page 360: Location Information

    Location messages forwarded to the device from other location-enabled devices. You can also configure your IX15 device to forward location messages, either from the IX15 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 361: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > Location.
  • Page 362   To disable the module: (config)> service location gnss false (config)>  4. Set the amount of time that the IX15 device will wait before polling location sources for updated location data: (config)> service location interval value (config)> where value is any number of hours, minutes, or seconds, and takes the format number{h|m|s}.

  • Page 363: Configure The Device To Use A User-Defined Static Location

    You can configured your IX15 device to use a user-defined static location. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 364  10. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 365: Configure The Device To Accept Location Messages From External Sources

    You can configure the IX15 device to accept NMEA and TAIP messages from external sources. For example, location-enabled devices connected to the IX15 device can forward their location information to the device, and then the IX15 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the IX15 device to forward location messages.
  • Page 366 No limit to IPv6 addresses that can access the location server UDP port.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 367  9. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 368 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service location source 1 acl interface end value (config)>...

  • Page 369: Forward Location Information To A Remote Host

    Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the IX15 device that forward location messages in either NMEA or TAIP format to a remote host. Required configuration items  ...
  • Page 370 Configure the Digi IX15 Gateway device to forward location information: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 371  13. (Optional) For Prepend text, enter text to prepend to the forwarded message. Two variables can be included in the prepended text:   %s: Includes the Digi IX15 Gateway device's serial number in the prepended text.   %v: Includes the vehicle ID in the prepended text.
  • Page 372  15. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 373 Services Location information   %s: Includes the Digi IX15 Gateway device's serial number in the prepended text.   %v: Includes the vehicle ID in the prepended text. (config service location forward 0)> prepend __|%s|__|%v|__ (config service location forward 0)>  10. (Optional) Set the vehicle ID.
  • Page 374 (config service location forward 0 filter_taip)>  b. Use the add command to add the message type. For example, to add the id message type: (config service location forward 0 filter_taip)> add id end (config service location forward 0 filter_taip)> Digi IX15 Gateway User Guide...
  • Page 375  13. Save the configuration and apply the change: (config)> save Configuration saved. >  14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 376: Configure Geofencing

    Location information Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your IX15 device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 377 Services Location information  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > Location > Geofence.
  • Page 378  d. Click g again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following:...
  • Page 379 1MB or 1M.  vi. Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable.  vii. Repeat for any additional actions. Digi IX15 Gateway User Guide...
  • Page 380  vi. Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable.  vii. Repeat for any additional actions.  8. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 381 Location information   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 382 (config service location geofence test_geofence coordinates 0)> where int is:   For latitude, any integer between -90 and 90, with up to six decimal places.   For longitude, any integer between -180 and 180, with up to six decimal places. Digi IX15 Gateway User Guide...
  • Page 383 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 384 3, the actions will not be performed until the device has been inside the geofence for three minutes.  c. Add an action:  i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> Digi IX15 Gateway User Guide...
  • Page 385  iv. (Optional) Set the maximum amount of system memory that will be available for the script and it spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory value (config service location geofence test_geofence on_entry action 0)> Digi IX15 Gateway User Guide...
  • Page 386  c. Add an action:  i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)>  ii. Add the action: (config)> add service location geofence test_geofence on_exit action end Digi IX15 Gateway User Guide...
  • Page 387 (config service location geofence test_geofence on_exit action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: Digi IX15 Gateway User Guide...

  • Page 388: Show Location Information

    The device's current location is displayed, along with the status of any configured geofences.   Command line Show location information  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 389: Modbus Gateway

    Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the IX15 gateway allows for communication between buses and and networks that use the Modbus protocol.

  • Page 390: Configure The Modbus Gateway

    Response timeout   If connection type is set to socket:   The port to use.   The inactivity timeout.   If connection type is set to serial:   Whether to use half duplex (two wire) mode. Digi IX15 Gateway User Guide...
  • Page 391 Whether packets should have their Modbus address adjusted downward before to delivery. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 392   If Serial is selected for Connection type:  a. For Serial port, select the appropriate serial port on the IX15 device.  5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 393 No limit to IPv6 addresses that can access the web administration service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 394   If Serial is selected for Connection type:  a. For Serial port, select the appropriate serial port on the IX15 device.  5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 395 No limit to IPv6 addresses that can access the web administration service.  d. Click g again to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .
  • Page 396  17. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 397 (config service modbus_gateway server test_modbus_server)> inactivity_timeout value (config service modbus_gateway server test_modbus_server)> where value is any number of minutes or seconds up to a maximum of 15 minutes, and takes the format number{m|s}. Digi IX15 Gateway User Guide...
  • Page 398 (config service modbus_gateway server test_modbus_server)> where value is any number between 10 milliseconds and one second, and take the format number{ms|s}. For example, to set idle_gap to one second, enter 1000ms or 1s. Digi IX15 Gateway User Guide...
  • Page 399  ii. Set the port: (config service modbus_gateway client test_modbus_client)> socket port (config service modbus_gateway client test_modbus_client)> where port is an integer between 1 and 65535. The default is 502. Digi IX15 Gateway User Guide...
  • Page 400   If connection_type is set to serial:  i. Set the serial port:  i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_ client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------- Digi IX15 Gateway User Guide...
  • Page 401  e. Set the maximum time to wait for a response to a message: (config service modbus_gateway client test_modbus_client)> response_ timeout value (config service modbus_gateway client test_modbus_client)> Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. Digi IX15 Gateway User Guide...
  • Page 402 Modbuss address in the message.  h. To adjust the Modbus server address downward by the specified value prior to delivering the message, use adjust_server_address: (config service modbus_gateway client test_modbus_client)> adjust_ server_address value (config service modbus_gateway client test_modbus_client)> Digi IX15 Gateway User Guide...

  • Page 403: Show Modbus Gateway Status And Statistics

      É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, select Status > Modbus Gateway. The Modbus Gateway page appears. Statistics related to the Modbus gateway server are displayed. If the message Server connections not available is displayed, this indicates that there are no connected clients.
  • Page 404 Services Modbus gateway   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. Use the...
  • Page 405 RX Timeouts TX Broadcasts TX Requests >  4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 406: System Time

    The IX15 device can also be configured to use Network Time Protocol (NTP). In this configuration, the device serves as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 407  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 408  2. At the command line, type config to enter configuration mode: > config (config)>  3. (Optional) Set the timezone for the location of your IX15 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...

  • Page 409: Network Time Protocol

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The IX15 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
  • Page 410 The Configuration window is displayed.  3. Click Services > NTP.  4. Enable the IX15 device's NTP service by clicking Enable.  5. (Optional) Configure the access control list to limit downstream access to the IX15 device's NTP service.   To limit access to specified IPv4 addresses and networks:  a.
  • Page 411 Services Configure the device as an NTP server   To limit access to hosts connected through a specified interface on the IX15 device:  a. Click Interfaces.  b. For Add Interface, click g .  c. For Interface, select the appropriate interface from the dropdown.
  • Page 412 See Configure the system time more information about NTP client configuration.  5. (Optional) Configure the access control list to limit downstream access to the IX15 device's NTP service.  ...
  • Page 413 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service ntp acl interface end value (config)>...
  • Page 414 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX15 device can use the NTP service.  6. (Optional) Set the timezone for the location of your IX15 device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 415: Configure A Multicast Route

     7. Type the Source port. Ensure the port is not used by another protocol.  8. Select a Source interface where multicast packets will arrive.  9. Select a Destination interface that the IX15 device will use to send mutlicast packets.  10. Click Apply to save the configuration and apply the change.
  • Page 416 Services Configure a multicast route  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 417 Services Configure a multicast route  10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 418: Enable Service Discovery (Mdns)

      É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > Service Discovery (mDNS).
  • Page 419  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 420 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service mdns acl interface end value (config)>...

  • Page 421: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your IX15 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 422 Use the iPerf service Additional configuration Items   The port that the IX15 device's iPerf server will use to listen for incoming connections.   The access control list for the iPerf server. When the iPerf server is enabled, the IX15 device will automatically configure its firewall rules to allow incoming connections on the configured listening port.
  • Page 423 To enable the iPerf3 server: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Services > iPerf.
  • Page 424  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 425 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service iperf acl interface end value (config)>...

  • Page 426: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX15 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...

  • Page 427: Configure The Ping Responder Service

    Done. Configure the ping responder service Your IX15 device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
  • Page 428  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 429 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks.   To limit access to hosts connected through a specified interface on the IX15 device: (config)> add service iperf acl interface end value (config)>...

  • Page 430: Example Performance Test Using Iperf3

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip Digi IX15 Gateway User Guide...
  • Page 431 Services Configure the ping responder service where device_ip is the IP address of the IX15 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201 [ ID] Interval...
  • Page 432 Applications The IX15 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 433: Develop Python Applications

    IX15. See Create and test a Python application. In addition to the standard Python library, the IX15 includes a set of extensions to access its configuration and interfaces. See Python modules.

  • Page 434: Create And Test A Python Application

    IX15. Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.

  • Page 435: End-To-End Demos

    Python modules The IX15 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your IX15:...
  • Page 436   Eclipse Paho MQTT Python client enables applications to connect to an MQTT broker to publish messages, and to subscribe to topics and receive published messages. Note Module-related documentation is in the Digidevice module section. Digi IX15 Gateway User Guide...
  • Page 437 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi IX15 Gateway User Guide...
  • Page 438 Example: Get local XBee instance from digidevice import xbee local_xbee = xbee.get_device() Once the local XBee of the IX15 is retrieved, you can work with it using the XBee Python Library API that is integrated into the gateway firmware:  ...
  • Page 439 To stop listening to new data messages from the Bluetooth interface, use the del_bluetooth_data_ received_callback method to unsubscribe the already-registered listener. Deregister Bluetooth data reception [...] device = [...] Digi IX15 Gateway User Guide...
  • Page 440 = cli.execute("show system") print (response)  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 441 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C >>>  5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi IX15 Gateway User Guide...
  • Page 442 Help for using Python to execute IX15 CLI commands Get help executing a CLI command from Python by accessing help for cli.execute:  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 443 Digi Remote Manager Programmers Guide more information on web services and datapoints. Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload: Digi IX15 Gateway User Guide...
  • Page 444 Applications Develop Python applications  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.  2. At the shell prompt, use the python command with no parameters to enter an interactive...
  • Page 445 >>> cfg = config.load() >>> print(interfaces.get("lan.ipv4.address")) Which returns: 192.168.2.1/24 Modify the device configuration Use the set() and commit() methods to modify the device configuration: #!/usr/bin/python from digidevice import config cfg = config.load(writable=True) cfg.set("system.name", "New-Name") cfg.commit() Digi IX15 Gateway User Guide...
  • Page 446 Applications Develop Python applications  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.  2. At the shell prompt, use the python command with no parameters to enter an interactive...
  • Page 447 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX15 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 448 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
  • Page 449 True: time.sleep(10)  2. Upload the showsystem.py application to the /etc/config/scripts directory on two or more Digi devices. In this example, we will upload it to two devices, and use the same request in Remote Manager to query both devices.
  • Page 450 Develop Python applications É   WebUI  i. Log into the IX15 WebUI as a user with full Admin access rights.  ii. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  iii. Click System > Scheduled tasks > Custom scripts.
  • Page 451  ix. Click Apply to save the configuration and apply the change.   Command line  i. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 452   To run the application from the shell prompt:  i. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 453 Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_ request> </requests> </device> <device id="00000000-00000000-0000FFFF-485740BC"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX15 Serial Number : IX15-000023 Hostname : IX15 : 00:40:D0:26:79:1C Digi IX15 Gateway User Guide...
  • Page 454 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request:  1. Log into the IX15 command line as a user with shell access.
  • Page 455 Read from the runtime database Use the keys() and get() methods to read the device configuration:  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 456  7. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Modify the runtime database Use the set() method to modify the runtime database: #!/usr/bin/python from digidevice import config runt.start() runt.set("my-variable", "my-value") runt.stop() Digi IX15 Gateway User Guide...
  • Page 457 Applications Develop Python applications  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.  2. At the shell prompt, use the python command with no parameters to enter an interactive...
  • Page 458 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the following issues apply:  ...
  • Page 459 #!/usr/bin/python from digidevice import name name.upload("my_name")  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 460 You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
  • Page 461  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 462 # DIGI HAS NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, # ENHANCEMENTS, OR MODIFICATIONS. # IN NO EVENT SHALL DIGI BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, # SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, # ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF # DIGI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • Page 463 Applications Develop Python applications Use Python to access serial ports You can use the Python serial module to access serial ports on your IX15 device that are configured to be in Application mode. See Configure the serial port for information about configuring a serial port in Application mode.
  • Page 464  6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your IX15 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 465 MQTT server") client.subscribe(PREFIX_CMD + "/system") def on_message(client, userdata, msg): """ Supporting only a single topic for now, no need for filters Expects the following message format: "cid": "<client-id>", "cmd": "<command>", "params": { Digi IX15 Gateway User Guide...
  • Page 466 + "/leases", json.dumps(leases, separators=(',',':'))) except: print("Failed to open DHCP leases file") def publish_system(): avg1, avg5, avg15 = runt.get("system.load_avg").split(', ') ram_used = runt.get("system.ram.per") disk_opt = runt.get("system.disk./opt.per") disk_config = runt.get("system.disk./etc/config.per") msg = json.dumps({ "load_avg": { Digi IX15 Gateway User Guide...

  • Page 467: Set Up The Ix15 To Automatically Run Your Applications

    Applications Set up the IX15 to automatically run your applications "1min": avg1, "5min": avg5, "15min": avg15 "disk_usage": { "/opt": disk_opt, "/etc/config:": disk_config, "ram": ram_used client.publish(PREFIX_EVENT + "/system", json.dumps(msg)) runt.start() serial = runt.get("system.serial") PREFIX = "router/" + serial PREFIX_EVENT = "event/" + PREFIX PREFIX_CMD = "cmd/"...
  • Page 468 Task one: Upload the application É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Administration, click File System. The File System page appears.  3. Highlight the scripts directory and click d to open the directory.
  • Page 469 IX15 device.   local-path is the location on the IX15 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX15 device, issue the following command: >...
  • Page 470 Applications Set up the IX15 to automatically run your applications  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 471 Applications Set up the IX15 to automatically run your applications   None: Action taken when the script exits.   Restart script: Runs the script repeatedly.   Reboot: The device will reboot when the script completes.   Interval: The script will start running at the specified interval, within 30 seconds after the configuration change is saved.
  • Page 472 Applications Set up the IX15 to automatically run your applications  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 473 Applications Set up the IX15 to automatically run your applications (config system schedule script 0)> on_interval 600s (config system schedule script 0)>   (Optional) Configure the script to run only a single instance at a time: (config system schedule script 0)> once true (config system schedule script 0)>...

  • Page 474: Show Script Information

    The Scripts page displays:   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 475: Stop A Script That Is Currently Running

      Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 476: Start An Interactive Python Session

    Authentication groups information about configuring authentication groups that include shell access.  1. Log into the IX15 command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell.
  • Page 477 The uploaded file is uploaded to the /etc/config/scripts directory.     Command line  a. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 478: Install Third Party Python Modules

    IX15 device.   local-path is the location on the IX15 device where the copied file will be placed. For example: To upload a Python application from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the IX15 device, issue the following command: >...

  • Page 479: Programming Ide

    Python applications using any software and then transfer them to the IX15 Gateway. Python version Another big difference of the IX15 compared to previous XBee gateways is the Python version used to program applications. Previous Digi XBee gateways use Python 2.6, while the new generation of gateways use Python 3.6.
  • Page 480 In previous generations, the digiwdog Python module was used to control the gateway watchdog:  1. Create a watchdog object with Watchdog(timeout, name) constructor specifying the watchdog timeout and name.  2. Invoke the stroke() method to update the watchdog periodically. Previous API import digiwdog import time Digi IX15 Gateway User Guide...
  • Page 481 The new XBee gateways do not have a GPS interface, so there is no specific API to access the device location. In previous generations, the digicli Python module was used to access the system CLI: Digi IX15 Gateway User Guide...
  • Page 482 Digi Remote Manager Interaction with Digi Remote Manager is key for the XBee gateways. For this reason, a set of APIs are still available to perform the most common Digi Remote Manager operations, although they are implemented in a different way:  ...
  • Page 483 24, geo_location=(54.409469, -1.718836, 129)) datapoint.upload("Emergency_Door", "closed", timestamp=time.time()) Subscribe device request In previous generations, the idigidata Python module was used to register callbacks from Digi Remote Manager:  1. Use the register_callback(target, handler) function passing the target name and callback handler as arguments.
  • Page 484 Power management When the IX15 is powered by batteries, the power consumption is a very important factor to consider. For this reason, Digi created a set of power management APIs to control the device power functions. In previous generations, the digipowercontrol Python module was used to control the power management features of the gateway.
  • Page 485 # Go to sleep, reset when a trigger occurs, this routine does not return digipowercontrol.system_power_set(0) The IX15 does not include a specific API for power management control. You can access the different power management options using the digidevice.config Python module:  ...
  • Page 486 The sleep or suspend mode is a special state where the CPU, most of the RAM and most of the digital peripherals are powered off to save as much power as possible. The IX15 Gateway can be commanded to go to suspend mode at any time.
  • Page 487 # This method blocks until the device wakes up os.system("suspend") One common feature of cellular capable gateways is the use of SMS messages for communication.  The IX15 Gateways have a cellular interface, so these are the SMS related actions that can be executed:  ...
  • Page 488 In previous generations, the zigbee Python module was used as the entry point to every XBee related operation in the gateway. In the new XBee gateways, all the XBee operations are based in the open source Digi Python Library that is already installed in the gateway. This library is protocol-agnostic and provides access to every XBee related operation using a object oriented philosophy.
  • Page 489  2. Once you have the local instance, get the XBee network using the get_network() method.  3. List the available nodes with get_devices(). New API from digidevice import xbee device = xbee.get_device() try: device.open() xbee_network = device.get_network() node_list = xbee_network.get_devices() finally: if device.is_open(): Digi IX15 Gateway User Guide...
  • Page 490 In previous generations, the zigbee Python module was used to list the available XBee nodes of the network. With the node list, you could iterate the different nodes and print their information: Previous API import zigbee # Perform a node discovery: Digi IX15 Gateway User Guide...
  • Page 491 DESTINATION="[00:13:a2:00:40:0a:07:8d]!" value = zigbee.ddo_get_param(DESTINATION, 'NI') print "Read NI value: %s" % (value) In the new XBee gateways, the digidevice.xbee Python module is used to read any parameter from XBee nodes in the network: Digi IX15 Gateway User Guide...
  • Page 492 In previous generations, the zigbee Python module was used to write any parameter to XBee nodes in the network:  1. Invoke ddo_set_param(ext_addr, parameter, value) function with the 64-bit address of the XBee to write to, the setting ID to write, and the value. Previous API import zigbee DESTINATION="[00:13:a2:00:40:0a:07:8d]!" zigbee.ddo_set_param(DESTINATION, 'D1', 1) Digi IX15 Gateway User Guide...
  • Page 493 XBee and the command ID to execute. Previous API import zigbee DESTINATION="[00:13:a2:00:40:0a:07:8d]!" zigbee.ddo_command(DESTINATION, 'RE') In the new XBee gateways, the digidevice.xbee Python module is used to execute commands in any XBee node of the network: Digi IX15 Gateway User Guide...
  • Page 494  4. Reading from the socket is a blocking operation, but you can use select for an non-blocking read. Blocking read Previous API import xbee from socket import * # Create the socket, datagram mode, proprietary transport: sd = socket(AF_XBEE, SOCK_DGRAM, XBS_PROT_TRANSPORT) Digi IX15 Gateway User Guide...
  • Page 495 = sd.sendto(payload, 0, src_addr) # Slice off count bytes from the buffer, # useful for if this was a partial write: payload = payload[count:] except Exception, e: # upon an exception, close the socket: sd.close() Digi IX15 Gateway User Guide...
  • Page 496 XBee message as argument. It contains information about the sender and the explicit data received. New API from digi.xbee.models.mode import APIOutputModeBit from digi.xbee.util import utils from digidevice import xbee device = xbee.get_device() try: device.open() Digi IX15 Gateway User Guide...
  • Page 497 %s >> %s" % (xbee_message.remote_device, xbee_message.data.decode())) else: print("No data available") finally: if device.is_open(): device.close() Send data In previous generations, the socket Python module was used to send data to any XBee node of the network: Digi IX15 Gateway User Guide...
  • Page 498 # Obtain the remote XBee device from the XBee network. xbee_network = device.get_network() remote_device = xbee_network.get_device_by_node_id(REMOTE_NODE_ID) if remote_device: print("Sending data to %s % remote_device) device.send_data(remote_device, DATA_TO_SEND) print("Success") else: print("Remote device not found") finally: Digi IX15 Gateway User Guide...
  • Page 499  3. This method blocks until the data is successfully sent, an error occurs, or send timeout elapses. New API from digidevice import xbee DATA_TO_SEND = "Hello, World!" REMOTE_NODE_ID = "REMOTE" SRC_ENDPOINT = 0xA0 DEST_ENDPOINT = 0xA1 CLUSTER_ID = 0x1554 PROFILE_ID = 0x1234 Digi IX15 Gateway User Guide...
  • Page 500 # Obtain the remote XBee device from the XBee network. xbee_network = device.get_network() remote_device = xbee_network.get_device_by_node_id(REMOTE_NODE_ID) if remote_device: print("Sending explicit data to %s % remote_device) device.send_expl_data_async(remote_device, DATA_TO_SEND, SRC_ ENDPOINT, DEST_ENDPOINT, CLUSTER_ID, PROFILE_ID) print("Success") else: print("Remote device not found") finally: if device.is_open(): device.close() Digi IX15 Gateway User Guide...
  • Page 501  1. Invoke the send_data_broadcast(data) method specifying the data to broadcast. New API from digidevice import xbee DATA_TO_SEND = "Hello, World!" device = xbee.get_device() try: device.open() device.send_data_broadcast(DATA_TO_SEND) finally: if device.is_open(): device.close() Explicit data broadcast Once you have the local XBee instance: Digi IX15 Gateway User Guide...
  • Page 502 64-bit address of the joining device, the registration options, and the key. New API from digi.xbee.models.address import XBee64BitAddress from digi.xbee.models.options import RegisterKeyOptions from digidevice import xbee device = xbee.get_device() try: device.open() device.register_joining_device(XBee64BitAddress("000d6f0000068929"), RegisterKeyOptions.LINK_KEY, "1234".decode()) finally: Digi IX15 Gateway User Guide...

  • Page 503: Deployment

    When deploying an application in the gateway, all the source code, resources, and application required libraries must be transferred to the device. In previous XBee gateways, this process is handled by the Digi ESP for Python IDE. The IDE automatically builds and transfers the application to the gateway. If your application requires additional libraries, you are responsible of either copying them to the project or manually uploading them to the gateway.
  • Page 504 Applications Python migration guide The IX15 Gateway uses Pycharm as the application development IDE with a set of Digi created plugins to ease the development process. These plugins automatically build and transfer the application code and resources to the gateway as in the past. The IDE also automatically installs any required Python library so that you do not have to manually install/copy them.

  • Page 505: User Authentication

    IX15 user authentication User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for IX15 users Example user configuration Digi IX15 Gateway User Guide...

  • Page 506: Ix15 User Authentication

    User authentication IX15 user authentication IX15 user authentication User authentication on the IX15 has the following features and default configuration: Default Feature Description configuration Idle timeout   10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 507 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication.   LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi IX15 Gateway User Guide...

  • Page 508: Add A New Authentication Method

    To add an authentication method:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > Methods.
  • Page 509 This procedure describes how to add methods to various places in the list.  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 510: Delete An Authentication Method

    Delete an authentication method   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 511  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 512: Rearrange The Position Of Authentication Methods

    To reorder these so that RADIUS is first and Local users is second:  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 513  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 514: Authentication Groups

    Allow shell parameter.   Serial access: Users with Serial access have the ability to log into the IX15 device by using the serial console. Preconfigured authentication groups The IX15 device has two preconfigured authentication groups:  ...
  • Page 515 User authentication Authentication groups Change the access rights for a predefined group Add an authentication group Delete an authentication group Digi IX15 Gateway User Guide...

  • Page 516: Change The Access Rights For A Predefined Group

    For groups assigned Admin access, you can also determine whether the Access level should be Full access or Read-only access.   Full access provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI.  ...
  • Page 517  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 518: Add An Authentication Group

    (config)> where value is either:   full: provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI.   read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 519 To add an authentication group: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > Groups.
  • Page 520 Full access or Read-only access. where value is either:   Full access full: provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI.   Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 521 (config)> where value is either:   full: provides users of this group with the ability to manage the IX15 device by using the WebUI or the Admin CLI.   read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 522 (config)> add auth group test acl portal portals end portal1 (config)>  6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)>  7. (Optional) Enable users that belong to this group to access the Bluetooth scanning service: Digi IX15 Gateway User Guide...

  • Page 523: Delete An Authentication Group

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete an authentication group By default, the IX15 device has two preconfigured authentication groups: admin and serial. These groups cannot be deleted. To delete an authentication group that you have created:  ...
  • Page 524  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 525: Local Users

    Local users are authenticated on the device without using an external authentication mechanism such as TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX15 device comes with a default user configured as follows:   Username: admin.  ...

  • Page 526: Change A Local User's Password

    To change a user's password: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > Users.
  • Page 527 User authentication Local users The active user must have full Admin access rights to be able to change the password.  6. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...

  • Page 528: Configure A Local User

    Local users   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 529 To configure a local user:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > Users.
  • Page 530  8. (Optional) Add SSH keys for the user to use passwordless SSH login:  a. Click SSH keys.  b. In Add SSH key, paste or type a public encryption key that this user can use for passwordless SSH login and click g . Digi IX15 Gateway User Guide...
  • Page 531 For example, to set Login limit period to ten minutes, enter 10m or 600s.  j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch code:  i. Click Scratch codes.  ii. For Add Code, click g . Digi IX15 Gateway User Guide...
  • Page 532  10. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 533 (config auth user new_user)> ssh_key (config auth user new_user ssh_key)>  b. Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: Digi IX15 Gateway User Guide...
  • Page 534 For example, to set refresh_interval to ten minutes, enter either 10m or 600s: (config auth user name 2fa)> refresh_interval 600s (config auth user name 2fa)> The default is 30s. Digi IX15 Gateway User Guide...
  • Page 535 (config auth user new 2fa scratch_code)> save Configuration saved. >  10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 536: Delete A Local User

    To delete a user from your IX15: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > Users.
  • Page 537 Local users   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 538: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the IX15 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 539: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX15. Alternatively, if the user is also configured as a local user on the IX15 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.

  • Page 540: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX15 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 541 User authentication Terminal Access Controller Access-Control System Plus (TACACS+)  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > TACACS+ > Servers.
  • Page 542 Terminal Access Controller Access-Control System Plus (TACACS+)  6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX15 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 543 IX15 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_ plus.conf file is groupname, which is also the default setting for the group_attribute in the IX15 configuration. (config)> auth tacacs+ group_attribute attribute-name (config)>...

  • Page 544: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the IX15 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 545: Radius User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication. This section outlines how to configure a RADIUS server to be used for user authentication on your IX15 device.

  • Page 546: Configure Your Ix15 Device To Use A Radius Server

    If the RADIUS servers are unavailable and the IX15 device falls back to local authentication, only users defined locally on the device are able to log in. RADIUS users cannot log in until the RADIUS servers are brought back online.
  • Page 547  7. (Optional) For NAS ID, type the unique identifier for this network access server (NAS). You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: Digi IX15 Gateway User Guide...
  • Page 548 User authentication Remote Authentication Dial-In User Service (RADIUS)   If you are accessing the IX15 device by using the WebUI, the default value is for NAS ID is httpd.   If you are accessing the IX15 device by using ssh, the default value is sshd.
  • Page 549 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used:   If you are accessing the IX15 device by using the WebUI, the default value is for NAS ID is httpd.  ...

  • Page 550: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX15 device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 551: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX15 device.

  • Page 552: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX15 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 553 User authentication LDAP  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication > LDAP > Servers.
  • Page 554 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com).  11. (Optional) For Group attribute, type the name of the user attribute that contains the list of IX15 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 555 User authentication LDAP   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 556 (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). (config)> auth ldap base_dn value (config)>  9. (Optional) Set the name of the user attribute that contains the list of IX15 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.

  • Page 557: Disable Shell Access

      É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 558  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 559: Set The Idle Timeout For Ix15 Users

    By default, the Idle timeout is set to 10 minutes.   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Authentication.
  • Page 560  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 561: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 562  7. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 563: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Type quit to disconnect from the device. Example 2: RADIUS, TACACS+, and local authentication for one user Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. Digi IX15 Gateway User Guide...
  • Page 564 User authentication Example user configuration In this example, when the user attempts to log in to the IX15 device, user authentication will occur in the following order:  1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable,  2.
  • Page 565 The authentication group on the IX15 device, admin, is identified in the groupname parameter.  c. Save and close the tac_plus.conf file.  3. Log into the IX15 WebUI as a user with full Admin access rights.  4. On the menu, click System. Under Configuration, click Device Configuration. Digi IX15 Gateway User Guide...
  • Page 566  e. Click g to add another new method.  f. For the new method, select Local users.  6. Create the local user:  a. Click Authentication > Users.  b. In Add User:, type admin1 and click g .  c. For password, type password1. Digi IX15 Gateway User Guide...
  • Page 567   The user's username is admin1.   The user's password is password1.   The authentication group on the IX15 device, admin, is identified in the Unix-FTP- Group-Names parameter.  c. Save and close the users file. Digi IX15 Gateway User Guide...
  • Page 568  c. Save and close the tac_plus.conf file.  3. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 569 (config auth user adminuser)> save Configuration saved. >  9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
  • Page 570 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Digi IX15 Gateway User Guide...

  • Page 571: Firewall Configuration

      Dynamic routes: Used for routes learned using routing services.   Port forwarding: A list of rules that allow network connections to the IX15 to be forwarded to other servers by translating the destination address.   Packet filtering: A list of packet filtering rules that determine whether to accept or reject network connections that are forwarded through the IX15.
  • Page 572     Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 573: Configure The Firewall Zone For A Network Interface

    Internal, to External.   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 574  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 575: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Zones.

  • Page 576: Port Forwarding Rules

    Port forwarding rules   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 577 To configure a port forwarding rule:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Port forwarding.
  • Page 578  13. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 579 (config firewall dnat 0)>   For IPv6 addresses: (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)>  9. Set the public-facing port number that network connections must use for their traffic to be forwarded. Digi IX15 Gateway User Guide...
  • Page 580 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------- ----------- dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> Digi IX15 Gateway User Guide...

  • Page 581: Delete A Port Forwarding Rule

    To delete a port forwarding rule:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Port forwarding.
  • Page 582  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 583  5. Save the configuration and apply the change: (config)> save Configuration saved. >  6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 584: Packet Filtering

    To configure a packet filtering rule:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 585  9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. Firewall configuration for more information about firewall zones.  10. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 586 Packet filtering   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 587     ipv4   ipv6   The default is any.  8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of:     icmp   icmpv6 Digi IX15 Gateway User Guide...

  • Page 588: Enable Or Disable A Packet Filtering Rule

    To enable or disable a packet filtering rule:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Packet filtering.
  • Page 589  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 590: Delete A Packet Filtering Rule

    To delete a packet filtering rule:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Packet filtering.
  • Page 591  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 592: Configure Custom Firewall Rules

    To configure custom firewall rules:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Firewall > Custom rules.
  • Page 593 Firewall Configure custom firewall rules  7. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...

  • Page 594: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the IX15 device on the binding's interface. By default, the IX15 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 595  8. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 596 Create a new binding É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 597 Typically, this should be 95% of the available bandwidth. Allowed value is any integer between 1 and 1000.  9. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. Digi IX15 Gateway User Guide...
  • Page 598  g. If Default is disabled, you must configure at least one rule:  i. Click to expand Rule.  ii. For Add Rule, click g . The QoS binding policy rule configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 599 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured.  10. Click Apply to save the configuration and apply the change. Digi IX15 Gateway User Guide...
  • Page 600 Configure Quality of Service options   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 601 (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)>  ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)> Digi IX15 Gateway User Guide...
  • Page 602   any: Source traffic from any address will be matched. Firewall configuration for more information about firewall zones.   interface: Only traffic from the selected interface will be matched. Set the interface: Digi IX15 Gateway User Guide...
  • Page 603 (config network qos 2 policy 0 rule 0)> dst interface /network/interface/eth1 (config network qos 2 policy 0 rule 0)>   address: Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: Digi IX15 Gateway User Guide...
  • Page 604  8. Save the configuration and apply the change: (config)> save Configuration saved. >  9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 605: System Administration

    Update system firmware Update cellular module firmware Reboot your IX15 device Erase device configuration and reset to factory defaults Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet port Digi IX15 Gateway User Guide...

  • Page 606: Review Device Status

      Show basic system information:  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 607: Configure System Information

    Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your IX15 device, such as providing a name and location for the device. Configuration items   A name for the device.  ...
  • Page 608  8. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 609: Update System Firmware

    For example, IX15-21.2.39.67.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.

  • Page 610: Certificate Management For Firmware Images

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The IX15 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 611  6. Click Update Firmware.     Command line  1. Download the IX15 operating system firmware from the Digi Support FTP site to your local machine.  2. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 612: Dual Boot Behavior

    > reboot Rebooting system >  7. Once the device has rebooted, log into the IX15's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 613: Update Cellular Module Firmware

    > system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device. You can also schedule modem firmware updates. See Schedule system maintenance tasks for details.

  • Page 614: Update Modem Firmware Over The Air (Ota)

      Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update:  1. Log into the IX15 command line as a user with Admin access.
  • Page 615 System administration Update cellular module firmware 24.01.5x4_ATT 24.01.544_ATT >  3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ... 25.20.664_CUST_044_3 25.20.666_CUST_067_1 25.20.663_CUST_040 >...

  • Page 616: Update Modem Firmware By Using A Local Firmware File

    Type quit to disconnect from the device. Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your IX15 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware.

  • Page 617: Reboot Your Ix15 Device

    Type quit to disconnect from the device. Reboot your IX15 device You can reboot the IX15 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 618: Reboot Your Device Immediately

    Schedule reboots of your device   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 619  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 620: Erase Device Configuration And Reset To Factory Defaults

    You can also reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command. When resetting an IX15 to factory defaults, the XBee defaults are also restored and applied. Default values are those established by the user or factory values if no custom defaults are defined for the XBee device.
  • Page 621  3. In the Erase configuration section, click ERASE.  4. Click CONFIRM.  5. After resetting the device:  a. Connect to the IX15 by using the serial port or by using an Ethernet cable to connect the IX15 ETH port to your PC.  b. Log into the IX15: User name: Use the default user name: admin.
  • Page 622 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys.  3. After resetting the device:  a. Connect to the IX15 by using the serial port or by using an Ethernet cable to connect the IX15 ETH port to your PC.  b. Log into the IX15: User name: Use the default user name: admin.

  • Page 623: Configure The Ix15 Device To Use Custom Factory Default Settings

    Configure the IX15 device to use custom factory default settings You can configure your IX15 device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 624 >     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. Enter the following: >...

  • Page 625: Configuration Files

    Save configuration changes When you make changes to the IX15 configuration, the changes are not automatically saved. You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.

  • Page 626: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your IX15 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.

  • Page 627: Restore The Device Configuration

    /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX15 device by using a backup from the device, or a backup from a similar device.   This process does not apply any profile to the IX15's XBee, a custom profile must be applied manually...
  • Page 628 The configuration will be restored and the device will be rebooted.     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 629 IX15 device.   local-path is the location on the IX15 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-21.2.39.67-19.23.42.bin local /opt to local...

  • Page 630: Schedule System Maintenance Tasks

    Custom scripts that should be run as part of the configuration check. É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 631  c. Modem firmware update check is enabled by default. This enables to automated checking for modem firmware updates.  d. For Frequency, select how often automated checking for device and modem firmware should take place. Allowed values are Daily, Weekly, and Monthly. The default is Daily. Digi IX15 Gateway User Guide...
  • Page 632 Click to enable Run single to run only a single instance of the script at a time. If Run single is not selected, a new instance of the script will be started at every interval, regardless of whether the script is still running from a previous Digi IX15 Gateway User Guide...
  • Page 633  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 634 1 or 0 are also allowed.  5. (Optional) Configure automated checking for device firmware updates:  a. Device firmware update check is enabled by default. This enables to automated checking for device firmware updates. To disable: Digi IX15 Gateway User Guide...
  • Page 635 Runs the script repeatedly.   reboot: The device will reboot when the script completes.   interval: The script will start running at the specified interval, within 30 seconds after the configuration change is saved. If interval is selected: Digi IX15 Gateway User Guide...
  • Page 636 To log the script's output to the system log: (config system schedule script 0)> syslog_stdout true (config system schedule script 0)>   To log script errors to the system log: (config system schedule script 0)> syslog_stderr true (config system schedule script 0)> Digi IX15 Gateway User Guide...

  • Page 637: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your IX15 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.

  • Page 638: Re-Enable Cryptography After It Has Been Disabled

    CLI.     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. Disable encryption with the following command: >...
  • Page 639  b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter.  c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears.  d. Configure with the following details:   IP address for PC: 192.168.210.2   Subnet: 255.255.255.0   Gateway: 192.168.210.1 Digi IX15 Gateway User Guide...

  • Page 640: Configure The Speed Of Your Ethernet Port

    Configure the speed of your Ethernet port  2. Connect the PC's Ethernet port to the Ethernet port on your IX15 device.  3. Open a telnet session and connect to the IX15 device at the IP address of 192.168.210.1.  4. Log into the device:  ...
  • Page 641  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 642  4. Save the configuration and apply the change: (config)> save Configuration saved. >  5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
  • Page 643 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi IX15 Gateway User Guide...

  • Page 644: Intelliflow

    WebUI. To use intelliFlow, the IX15 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 645  6. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 646  5. Save the configuration and apply the change: (config)> save Configuration saved. >  6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 647: Use Intelliflow To Display Average Cpu And Ram Usage

    To display display average CPU and RAM usage:   É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.  3. From the menu, click Status > intelliFlow.

  • Page 648: Use Intelliflow To Display Top Data Usage Information

    To generate a top data usage chart:   É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.  3. From the menu, click Status > intelliFlow.
  • Page 649  5. Change the type of chart that is used to display the data:  a. Click the menu icon (É ).  b. Select the type of chart.  6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi IX15 Gateway User Guide...

  • Page 650: Use Intelliflow To Display Data Usage By Host Over Time

    To generate a chart displaying a host's data usage over time:   É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.  3. From the menu, click Status > intelliFlow.

  • Page 651: Configure Netflow Probe

     b. To save the chart to your local filesystem, select Export to PNG.  c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX15 device and export statistics to NetFlow collectors. Required configuration items  ...
  • Page 652 Configure NetFlow Probe É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Monitoring > NetFlow probe.
  • Page 653  12. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 654 1 and 1800. The default is 1800.  8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. Digi IX15 Gateway User Guide...
  • Page 655 (config monitoring netflow collector 0)> save Configuration saved. >  11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...
  • Page 656 Configure Digi Remote Manager Collect device health data and set the sample interval Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...

  • Page 657: Central Management

    Digi Remote Manager User Guide. Configure Digi Remote Manager By default, your IX15 device is configured to use central management using Digi Remote Manager. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed:  ...
  • Page 658 Central management Configure Digi Remote Manager Digi IX15 Gateway User Guide...
  • Page 659  6. (Optional) For Management port, type the destination port for the remote cloud services connection. The default is 3199.  7. (Optional) For Retry interval, type the amount of time that the IX15 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 660  16. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 661 (config)> cloud drm drm_url url (config)>  6. (Optional) Set the amount of time that the IX15 device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds. The default is 30 seconds.
  • Page 662 The minimum value is 30 minutes and the maximum is 48 hours. If not set, this option is disabled. The default is disabled.  12. (Optional) Determine whether to require a login and password to authenticate the user from the remote cloud services CLI: Digi IX15 Gateway User Guide...

  • Page 663: Collect Device Health Data And Set The Sample Interval

    Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is...
  • Page 664 To avoid a situation where several devices are uploading health metrics information to Remote Manager at the same time, the IX15 device includes a preconfigured randomization of two minutes for uploading metrics. For example, if Health sample interval is set to five minutes, the metrics will be uploaded to Remote Manager at a random time between five and seven minutes.
  • Page 665 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data.  5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
  • Page 666 Central management Collect device health data and set the sample interval  6. (Optional) Tuning parameters allow to you configure what data are uploaded to the Digi Remote Manager. By default, all tuning parameters are enabled. To view a list of all available tuning parameters, use the show command: (config)>...

  • Page 667: Log Into Digi Remote Manager

     1. If you have not already done so, click here to sign up for a Digi Remote Manager account.  2. Check your email for Digi Remote Manager login instructions.  3. Go to remotemanager.digi.com.  4. Log into your Digi Remote Manager account.

  • Page 668: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device:  1. If you have not already done so, connect to your Digi Remote Manager account.  2. Click Device Management to display a list of your devices.

  • Page 669: Add A Device To Digi Remote Manager

    The same default password is also shown on the label affixed to the bottom of the device.  6. Click Add.  7. Click OK. Digi Remote Manager adds your IX15 device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: É...

  • Page 670: Use The Digi Remote Manager Mobile App

    The Device ID is the unique identifier for the device, as used by the Remote Manager. Use the Digi Remote Manager mobile app If you have a smart phone or tablet, you can use the Digi Remote Manager mobile app to automatically provision a new devices and monitor devices in your account.

  • Page 671: Configure Multiple Devices Using Profiles

     2. Follow the prompts to complete your IX15 registration. Digi Remote Manager registers your IX15 and adds it to your Digi Remote Manager device list. You can now manage the device remotely using Digi Remote Manager.

  • Page 672: Learn More

    Learn more information see docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub Connectivity with the Azure IoT Hub and the IX15 XBee Gateway has been validated by using the Azure Python SDK—github.com/Azure/azure-iot-sdks. Additionally, the IX15 provides several Python samples that demonstrate how to connect and interact with Azure.
  • Page 673 File system This chapter contains the following topics: The IX15 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 674: File System

    The IX15 local file system The IX15 local file system The IX15 local file system has approximately 150 MB of space available for storing files, such as Python programs, alternative configuration files and firmware versions, and release files, such as cellular module images.

  • Page 675: Create A Directory

    For example:  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 676: Display File Contents

    For example:     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. At the Admin CLI prompt, type more /path/filename. For example, to view the contenct of the file accns.json in /etc/config:...

  • Page 677: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py:  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 678: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts:  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 679: Upload And Download Files

    FileZilla. Upload and download files by using the WebUI Upload files  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Administration, click File System. The File System page appears.

  • Page 680: Upload And Download Files By Using The Secure Copy Command

    IX15 device.   local-path is the location on the IX15 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX15 device, issue the following command: >...

  • Page 681: Upload And Download Files Using Sftp

    IX15 device. For example: To copy a support report from the IX15 device to a remote host at the IP address of 192.168.4.1:  1. Use the system support-report command to generate the report: >...
  • Page 682 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit Digi IX15 Gateway User Guide...
  • Page 683 XBee-specific commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi IX15 Gateway User Guide...

  • Page 684: Command Line Interface

    Log in to the command line interface   Command line  1. Connect to the IX15 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 685: Exit The Command Line Interface

     2. At the main menu, click Terminal. The device console appears. IX15 login:  3. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 686: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX15 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...

  • Page 687: Display Help For Individual Commands

    Show modbus gateway status & statistics modem Show modem statistics. network Show network interface statistics. openvpn Show OpenVPN statistics. route Show IP routing information. serial Show serial statistics. system Show system statistics. version Show firmware version. > show Digi IX15 Gateway User Guide...

  • Page 688: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    (config)> serial port1 enable true Auto-complete does not function for:   Parameter values that are string types.   Integer values.   File names.   Select parameters passed to commands that perform an action. Digi IX15 Gateway User Guide...

  • Page 689: Available Commands

    Reboots the IX15 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX15 device and a remote host.   Use the scp command for information about using the scp command.

  • Page 690: Xbee-Specific Commands

    XBee-specific commands for more information. Note For commands that operate on the IX15's file system, such as the cp, ls, and mkdir commands, File system for information about the file system, including how to copy, move and delete files and directories.

  • Page 691: Manage An Xbee Network

    64-bit address, node identifier, role, and so on. The IX15 network caches a list of known nodes that reflects the real XBee network. It adds new nodes to its network cache in these scenarios:  ...
  • Page 692 WebUI. Show the network This command shows all nodes known to the IX15 and included in its network cache. To show the current nodes on your network, run xbee network show:  ...

  • Page 693: Configure Individual Xbee Parameters

      name—optional:  Name for the network. For example, to export the network to /etc/config/ with the name "My IX15 network" and description "My IX15 Gateway XBee network", enter the following command: > xbee network export /etc/config name "My IX15 network" description "My IX15 Gateway XBee network"...
  • Page 694 Command line interface XBee-specific commands   Digi XBee 3 Zigbee RF Module User Guide   Digi XBee 3 DigiMesh RF Module User Guide   Digi XBee 3 802.15.4 RF Module User Guide Read XBee parameters To read the value of an XBee setting use the xbee get command. This command allows you to get the value of an XBee parameter from the local XBee device or of any remote device in the network.
  • Page 695 For example, to set to 0x01 the value of D2 (AD2/DIO2 Configuration) of an XBee which its 64-bit address is 0013A200DDDDDDD0, enter the following command: Example: xbee set > xbee set 0013A200DDDDDDD0 D2 0x01 > xbee get 0013A200DDDDDDD0 D2 0x01 > Digi IX15 Gateway User Guide...

  • Page 696: Apply Xbee Profiles

    XPRO file that may contain several items: device firmware, setting values to configure, and a file system. Upload XBee profiles XPRO files are uploaded to the /etc/config/xbee-profiles directory of the IX15. You can upload profiles to the IX15 using:  ...

  • Page 697: Use The Scp Command

    The username and password of the user on the remote host.   Whether the file is being copied to the IX15 device from a remote host, or to the remote host from the IX15 device. Digi IX15 Gateway User Guide...
  • Page 698   local-path is the path and filename on the IX15 device. For example: To copy a support report from the IX15 device to a remote host at the IP address of 192.168.4.1: Digi IX15 Gateway User Guide...

  • Page 699: Display Status And Statistics Using The Show Command

    > Display status and statistics using the show command The IX15 show command display status and statistics for various features. For example: show config show config command displays all the configuration settings for the device that have been changed from the default settings.

  • Page 700: Show Network

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX15 device's ssh service is now disabled. Digi IX15 Gateway User Guide...

  • Page 701: Display Help For The Config Command From The Root Admin Cli Prompt

     2. You can then display help for the additional configuration commands. For example, to display help for the config service command: > config service ? Services Additional Configuration ------------------------------------------------------------------------- mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control Digi IX15 Gateway User Guide...

  • Page 702: Configuration Mode

    You can cancel all changes without saving them at any time. Configuration changes do not take effect until the configuration is saved. Enable configuration mode To enable configuration mode, at the root prompt, enter the config command without any parameters: > config (config)> Digi IX15 Gateway User Guide...

  • Page 703: Enter Configuration Commands In Configuration Mode

    After using save to save changes to the configuration, you will automatically exit configuration mode. To return to configuration mode, type config again. Exit configuration mode without saving changes You can discard any unsaved configuration changes and exit configuration mode by using the cancel command: Digi IX15 Gateway User Guide...

  • Page 704: Configuration Actions

    Display command line help in configuration mode Display additional configuration commands, as well as available parameters and values, by entering the question mark (?) character at the config prompt. For example:  1. Enter ? at the config prompt: (config)> ? Digi IX15 Gateway User Guide...
  • Page 705  b. Enter ? to display help for the service node: (config service)> ? Either of these methods will display the following information: config> service ? Services Additional Configuration ------------------------------------------------------------------------ mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP Digi IX15 Gateway User Guide...
  • Page 706 (config)> service ssh  4. Lastly, to display allowed values and other information for the enable parameter, use one of the following methods:   At the config prompt, enter service ssh enable ?: (config)> service ssh enable ? Digi IX15 Gateway User Guide...

  • Page 707: Move Within The Configuration Schema

     3. Type acl to move to the acl node: (config service ssh)> acl (config service ssh acl)>  4. Type zone to move to the zone node: (config service ssh acl)> zone (config service ssh acl zone)> Digi IX15 Gateway User Guide...

  • Page 708: Manage Elements In Lists

     2. Add an authentication method by using the add index_item command. For example:   To add the TACACS+ authentication method to the beginning of the list, use the index number 0: (config)> add auth method 0 tacacs+ (config)> show auth method 0 tacacs+ 1 local (config)> Digi IX15 Gateway User Guide...
  • Page 709  2. Delete one of the authentication methods by using the del index_number command. For example:  a. To delete the local authentication method, use the index number 0: (config)> del auth method 0 (config)>  b. Use the show command to verify that the local authentication method was removed: Digi IX15 Gateway User Guide...

  • Page 710: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the IX15 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 711 Move to the location in the configuration and enter the revert command without the path parameter. For example:  1. Change to the auth method node: (config)> auth method (config auth method)>  2. Enter the revert command: (config auth method)> revert (config auth method)> Digi IX15 Gateway User Guide...

  • Page 712: Enter Strings In Configuration Commands

    (config)> system description "Digi IX15" Example: Create a new user by using the command line In this example, you will use the IX15 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 713 (config auth user user1)> show ..group admin admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals serial enable false no ports shell enable false serial admin Digi IX15 Gateway User Guide...
  • Page 714 (config auth user user1)> save Configuration saved. >  8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 715: Command Line Reference

    Command line interface Command line reference Command line reference analyzer help mkdir modem modem puk status [imei STRING] [name STRING] modem scan [imeiSTRING] [nameSTRING] more ping powerctrl reboot show system traceroute xbee Digi IX15 Gateway User Guide...

  • Page 716: Analyzer

    Start a capture session of packets on this devices interfaces. Parameters name Name of the capture filter to use. Syntax: STRING analyzer stop name STRING Stops the traffic capture session. Parameters name Name of the capture filter to use. Syntax: STRING Digi IX15 Gateway User Guide...
  • Page 717 The source file or directory to copy. Syntax: STRING destination The destination path to copy the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi IX15 Gateway User Guide...

  • Page 718: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Parameters None Digi IX15 Gateway User Guide...
  • Page 719 Directory listing command. ls [show-hidden] PATH List a directory. Parameters path List files and directories under this path. Syntax: STRING show-hidden Show hidden files and directories. Hidden filenames begin with '.'. Syntax: BOOLEAN Default: False Optional: True Digi IX15 Gateway User Guide...

  • Page 720: Mkdir

    Command line interface Command line reference mkdir mkdir PATH Create a directory. Parent directories are created as needed. Parameters path The directory path to create. Syntax: STRING Digi IX15 Gateway User Guide...

  • Page 721: Modem

    Commands for interacting with cellular modem firmware. See Update cellular module firmware further information about using the modem firmware commands. firmware check [imei STRING] [name STRING] Inspect /opt/[MODEM_MODEL]/Custom_Firmware/ directory for new modem firmware file. Digi IX15 Gateway User Guide...
  • Page 722 Commands for performing FOTA (firmware-over-the-air) interactions with cellular modem. ota check [imei STRING] [name STRING] Query the Digi firmware server for the latest remote modem firmware version. Parameters imei The IMEI of the modem to execute this CLI command on...
  • Page 723 Command line interface Command line reference ota list [imei STRING] [name STRING] Query the Digi firmware server for a list of modem firmware versions. Parameters imei The IMEI of the modem to execute this CLI command on Optional: True Type: string...
  • Page 724 [imei STRING] [name STRING] PIN Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Parameters The SIM's PIN code. Digi IX15 Gateway User Guide...
  • Page 725 PUK locked when there are no remaining retries Parameters imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi IX15 Gateway User Guide...

  • Page 726: Modem Puk Status [Imei String] [Name String]

    The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True puk unlock [imei STRING] [name STRING] PUK NEW-PIN Unlock the SIM with a PUK code from the SIM provider. Digi IX15 Gateway User Guide...

  • Page 727: Modem Scan [Imeistring] [Namestring]

    [imeiSTRING] [nameSTRING] imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Digi IX15 Gateway User Guide...
  • Page 728 Syntax: (1|2|show) imei The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True Digi IX15 Gateway User Guide...

  • Page 729: More

    Command line interface Command line reference more path The file to view. Syntax: STRING Digi IX15 Gateway User Guide...
  • Page 730 The source file or directory to move. Syntax: STRING destination The destination path to move the source file or directory to. Syntax: STRING force Do not ask to overwrite the destination file if it exists. Syntax: BOOLEAN Default: False Optional: True Digi IX15 Gateway User Guide...

  • Page 731: Ping

    If a hostname is defined as the value of the 'host' parameter, use the hosts IPV6 address. Syntax: BOOLEAN Default: False Optional: True size The number of bytes sent in the ICMP ping request. Syntax: INT Minimum: 0 Default: 56 Digi IX15 Gateway User Guide...

  • Page 732: Powerctrl

    The ping command will send a packet with the source address set to the IP address of this interface, rather than the address of the interface the packet is sent from. Syntax: STRING Optional: True powerctrl Power control commands. powerctrl state poweroff Enter in poweroff or suspend. powerctrl state suspend Enter in suspend. Digi IX15 Gateway User Guide...

  • Page 733: Reboot

    Command line interface Command line reference reboot Reboot the system. Parameters None Digi IX15 Gateway User Guide...
  • Page 734 Command line interface Command line reference Remove a file or directory. rm [force] PATH Parameters path The path to remove. Syntax: STRING force Force the file to be removed without asking. Syntax: BOOLEAN Default: False Optional: True Digi IX15 Gateway User Guide...

  • Page 735: Scp

    Copy the file from the local device to the remote host, or from the remote host to the local device. Syntax: (remote|local) user The username to use when connecting to the remote host. Syntax: STRING Digi IX15 Gateway User Guide...

  • Page 736: Show

    Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show cloud Show Digi Remote Manager status and statistics. Parameters None show config Show changes made to default configuration. Digi IX15 Gateway User Guide...
  • Page 737 Type of event log to be displayed (status, error, info). Syntax: (status|error|info) Optional: True show hotspot [ip STRING] [name STRING] Show hotspot statistics. Parameters IP address of a specific client, to limit the status display to only this client. Syntax: STRING Optional: True Digi IX15 Gateway User Guide...
  • Page 738 Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. Syntax: (critical|warning|debug|info) Optional: True Digi IX15 Gateway User Guide...
  • Page 739 The IMEI of the modem to execute this CLI command on. Syntax: STRING Optional: True name The configured name of the modem to execute this CLI command on. Syntax: STRING Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Digi IX15 Gateway User Guide...
  • Page 740 Syntax: BOOLEAN Default: False Optional: True show openvpn Show OpenVPN status and statistics. openvpn client [all] [name STRING] Show OpenVPN client status statistics. Parameters Display all clients including disabled clients. Syntax: BOOLEAN Default: False Optional: True Digi IX15 Gateway User Guide...
  • Page 741 Syntax: BOOLEAN Default: False Optional: True ipv6 Display IPv6 routes. Syntax: BOOLEAN Default: False Optional: True verbose Display more information (less concise, more detail). Syntax: BOOLEAN Default: False Optional: True show scripts Show scheduled system scripts Digi IX15 Gateway User Guide...
  • Page 742 Show USB information. Parameters None show version [verbose] Show firmware version. Parameters verbose Display more information (build date) Syntax: BOOLEAN Default: False Optional: True show vrrp [all|verbose] [name STRING] Show VRRP status and statistics. Digi IX15 Gateway User Guide...

  • Page 743: Ssh

    Optional: True Type: string host The hostname or IP address of the remote host Syntax: {hostname|IPv4_address|IPv6_address} Type: string port The SSH port to use to connect to the remote host. Default: 22 Maximum: 65535 Minimum: 1 Digi IX15 Gateway User Guide...
  • Page 744 Command line interface Command line reference Syntax: {Integer} Type: integer user The username to use when connecting to the remote host. Type: string Digi IX15 Gateway User Guide...

  • Page 745: System

    Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Digi IX15 Gateway User Guide...
  • Page 746 Parameters script Script to stop. Syntax: STRING system serial clear PORT Clears the serial log. Parameters port Serial port. Type: string system serial save PORT FILENAME Saves the current serial log to a file. Digi IX15 Gateway User Guide...
  • Page 747 Serial port. Type: string system serial stop PORT Start logging data on a serial port. Parameters port Serial port. Type: string system support-report PATH Save a support report to a file and include with support requests. Digi IX15 Gateway User Guide...
  • Page 748 Command line interface Command line reference Parameters path The file path to save the support report to. Syntax: STRING Digi IX15 Gateway User Guide...

  • Page 749: Traceroute

    Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway Syntax: STRING Optional: True icmp Use ICMP ECHO for probes. Syntax: BOOLEAN Default: False Digi IX15 Gateway User Guide...
  • Page 750 Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. Syntax: INT Minimum: -1 Default: -1 pausemsecs Minimal time interval between probes Syntax: INT Minimum: 0 Default: 0 Digi IX15 Gateway User Guide...

  • Page 751: Xbee

    XBEE-ID AT-COMMAND [value] Execute an AT command in an XBee node. Parameters XBEE-ID The XBee identifier (MAC or node identifier) of the XBee to execute the command. Syntax: STRING AT-COMMAND The AT command to execute. Syntax: STRING Digi IX15 Gateway User Guide...
  • Page 752 Export the XBee network to a file. Parameters EXPORTDIR Absolute path of the directory to create the xnet file. Syntax: STRING description A brief description of the network. Syntax: STRING Optional: True name The name for the XBee network. Digi IX15 Gateway User Guide...
  • Page 753 Syntax: Decimal number, hexadecimal number with prefix 0x, or string between quotes. no-apply Do not apply the change. Syntax: BOOLEAN Default: False Optional: True no-save Do not write to flash the change. Syntax: BOOLEAN Default: False Digi IX15 Gateway User Guide...
  • Page 754 XBEE-ID PROFILE Update the XBee with a profile. Parameters XBEE-ID The XBee identifier (MAC or node identifier) of the XBee to update. Syntax: STRING PROFILE The path to the profile to update. Syntax: STRING Digi IX15 Gateway User Guide...
  • Page 755 View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi IX15 Gateway User Guide...

  • Page 756: Generate A Support Report

    Attach the support report to any support requests.     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 757: View System And Event Logs

      É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the main menu, click System > Logs. The system log displays:  3. Limit the display in the system log by using the Find search tool.
  • Page 758  5. Click to download the system log.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 759: View Event Logs

     6. Click to download the event log.   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 760 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 >  5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 761: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click System > Log.
  • Page 762  5. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 763 (config system log remote 0)> protocol value (config system log remote 0)> where value is either tcp or udp. The default is udp.  6. Save the configuration and apply the change: (config)> save Configuration saved. > Digi IX15 Gateway User Guide...

  • Page 764: Configure Options For The Event And System Logs

    To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:   É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi IX15 Gateway User Guide...
  • Page 765  7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the IX15 device erases system logs each time the device is powered off or rebooted. Note You should only enable Preserve system logs temporarily to debug issues.
  • Page 766 To disable the heartbeat interval, set the value to 0s  4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the IX15 device erases system logs each time the device is powered off or rebooted.
  • Page 767 (config)> system log event dhcpserver status_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set the status interval to ten minutes, enter either 10m or 600s: Digi IX15 Gateway User Guide...
  • Page 768  7. Save the configuration and apply the change: (config)> save Configuration saved. >  8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi IX15 Gateway User Guide...

  • Page 769: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The IX15 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 770: Configure Packet Capture For The Network Analyzer

    To configure a packet capture configuration: É   WebUI  1. Log into the IX15 WebUI as a user with full Admin access rights.  2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.  3. Click Network > Analyzer.
  • Page 771 If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM.   During system maintenance: The capture filter will run during the system maintenance time window.  b. Enable the capture filter schedule. Digi IX15 Gateway User Guide...
  • Page 772  8. Click Apply to save the configuration and apply the change.   Command line  1. Log into the IX15 command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 773 For example, to set duration to ten minutes, enter either 10m or 600s: (config network analyzer name)> save_interval 600s (config network analyzer name)> Digi IX15 Gateway User Guide...

  • Page 774: Example Filters For Capturing Data Traffic

    1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp.   Capture traffic to and from a TCP port 80: ip proto tcp and port 80 Digi IX15 Gateway User Guide...

  • Page 775: Capture Packets From The Command Line

    To start packet capture from the command line:     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 776: Stop Capturing Packets

    To stop packet capture from the command line:     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 777: Show Captured Traffic Data

    To show captured data traffic:     Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.

  • Page 778: Save Captured Data Traffic To A File

        Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.  2. Type the following at the Admin CLI prompt: >...

  • Page 779: Download Captured Data To Your Pc

    WebUI or from the command line by using the (secure copy file) command. É   WebUI  1. Log into the IX15 WebUI as a user with Admin access.  2. On the menu, click System. Under Administration, click File System. The File System page appears. Digi IX15 Gateway User Guide...

  • Page 780: Clear Captured Data

     4. Select the saved analyzer report you want to download and click (download).   Command line  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 781 Analyze network traffic > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. Digi IX15 Gateway User Guide...

  • Page 782: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection:  1. Log into the IX15 command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI.
  • Page 783 Max wait for a response to a probe. (Default: 5) Example This example shows using traceroute to verify that the Digi IX15 Gateway device can route to host 8.8.8.8 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host:  1.
  • Page 784 Server Command Interface (SCI) This section describes using SCI with the IX15. Discover and retrieve the XBee network Retrieve XBee device settings Configure XBee device settings Retrieve XBee device settings Execute arbitrary commands Update an XBee device profile Reset an XBee device to factory defaults...

  • Page 785: Server Command Interface (Sci)

    Discover and retrieve the XBee network Discover and retrieve the XBee network The Digi Remote Manager API allows you to remotely retrieve the XBee network of your IX15. You can retrieve the current discovered network, perform a new discovery or clear the network before discovering it.

  • Page 786: Retrieve Xbee Device Settings

    </sci_reply> Retrieve XBee device settings The Digi Remote Manager API allows you to remotely retrieve the value of a predefined set of settings for an XBee device in a network. To do so:  1. Login to Digi Remote Manager: remotemanager.digi.com/ui/login.
  • Page 787 IX15's XBee device is used.  5. Click the Send button next to the URL field.  6. After a while, the Response Body field is populated with the response from the IX15 containing the list of settings and values for the XBee device: <sci_reply version="1.0">...

  • Page 788: Configure Xbee Device Settings

    Configure XBee device settings Retrieve XBee device settings The Digi Remote Manager API allows you to remotely set the value of a predefined set of settings for an XBee device of your network. To do so:  1. Login to Digi Remote Manager: remotemanager.digi.com/ui/login.

  • Page 789: Execute Arbitrary Commands

    Retrieve XBee device settings.  5. Click the Send button next to the URL field.  6. After a while, the Response Body field is populated with the response from the IX15 with an empty radio tag if the request was successful: <sci_reply version="1.0">...

  • Page 790: Set The Value Of An Xbee Setting

    If omitted, the configured XBee device read timeout is used. Click the Send button next to the URL field. After a while, the Response Body field is populated with the response from the IX15 containing the value of the requested setting: <sci_reply version="1.0">...

  • Page 791: Execute A Special Xbee Command

    If omitted, the configured XBee device read timeout is used. Click the Send button next to the URL field. After a while, the Response Body field populates with the response from the IX15 containing an empty radio_command tag if the request was successful: <sci_reply version="1.0">...

  • Page 792: Update An Xbee Device Profile

    Manager API. Before updating the profile, you need to make sure that the profile to update is located in the IX15 file system so that it can be applied. To remotely update the profile of an XBee device:  1. Login to Digi Remote Manager: remotemanager.digi.com/ui/login.

  • Page 793: Reset An Xbee Device To Factory Defaults

    IX15's XBee device is used.   file attribute specifies the full path in the IX15 of the profile to apply to the XBee device.  5. Click the Send button next to the URL field.  6. After a while, the Response Body field will be filled with the response from the IX15 containing an empty fw_update tag if the process succeeds: <sci_reply version="1.0">...
  • Page 794 XBee device is used. Click the Send button next to the URL field. After a while, the Response Body field will be filled with the response from the IX15 contianing an empty set_factory_default tag if the process succeed: <sci_reply version="1.0">...

  • Page 795: Troubleshooting

    Troubleshooting This section covers common issues and troubleshooting information for the IX15. System log Recover the local XBee Digi IX15 Gateway User Guide...

  • Page 796: System Log

    You can configure the logging level of the XBee interface from the Device Configuration page:  1. Access the IX15 local web interface.  a. Use an Ethernet cable to connect the IX15 to your local laptop or PC.  The factory default IP address is 192.168.2.1.

  • Page 797: Recover The Local Xbee

    Recover the local XBee Recover the local XBee If the local XBee of an IX15 does not respond because, for example, it has damaged firmware or the update process failed, the IX15 automatically tries to restore communication at startup. To recover a non-responding local XBee, reboot your IX15.
  • Page 798  7. Launch the xbeemgmt tool with the port that the XBee is attached to—/dev/ttyXBee—and the absolute path of the custom profile to use in the process: # xbeemgmt recover /dev/ttyXBee /etc/config/xbee-profiles/my_custom_ profile.xpro  8. When the process finishes, reboot the IX15. Digi IX15 Gateway User Guide...
  • Page 799 This section contains the following topics: Get the IX15 IP A remote XBee is not listed in the IX15 network PyCharm: My IX15 is not listed in Digi Device Selector Digi IX15 Gateway User Guide...

  • Page 800: Get The Ix15 Ip

    Get the IX15 IP Get the IX15 IP Use the CLI over the serial port to learn the IP assigned to your IX15:  1. Access to the CLI via serial. See Access the command line interface.  2. At the CLI prompt, you can get:  ...
  • Page 801 PyCharm: My IX15 is not listed in Digi Device Selector Digi IX15 Gateway User Guide...
  • Page 802 Digi IX15 regulatory and safety statements This section contains the following topics: RF exposure statement FCC (USA) exposure notice FCC Part 15 Class A Radio Frequency Interference (RFI) (FCC 15.105) European Community - CE Mark Declaration of Conformity (DoC) Maximum transmit power for radio frequencies...

  • Page 803: Rf Exposure Statement

    Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX15 has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.

  • Page 804: Maximum Transmit Power For Radio Frequencies

    Digi IX15 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...

  • Page 805: Rohs Compliance Statement

    RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments of...

  • Page 806: Safety Statements

    PRUDENCE! Surface chaude! Pour éviter les brûlures lors de la manipulation de la surface de l'appareil, attendez au moins une demi-heure après avoir éteint l'appareil avant de manipuler la surface. Digi IX15 Gateway User Guide...

  • Page 807: Digi Ix15 Gateway Hazardous Locations Information

    Class I Division 2, Groups A,B,C,D Temperature Code: T4 WARNING! The Digi IX15 Gateway is suitable for use in Class I, Division 2, Groups A, B, C, and D or Non-hazardous locations only. These devices are open-type devices that are to be installed in a tool only accessible enclosure suitable for the environment.

  • Page 808: Special Safety Notes For Wireless Routers

    However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance. Digi International assumes no liability for an end user’s failure to comply with these precautions.
  • Page 809 At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information.   Digi International Ltd WEEE Registration number: WEE/HF1515VU Digi IX15 Gateway User Guide...

  • Page 810: Digi Ix15 Certifications

    Digi IX15 certifications International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards  ...

Table of Contents