Download Print this page

Digi Connect EZ 4 User Manual

Digi Connect EZ 4 User Manual

Hide thumbs Also See for Connect EZ 4:

User manual (1045 pages)

Table Of Contents

page of 932

/ 932
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Connect EZ 4/4i

User Guide

Firmware version 22.2

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the Connect EZ 4 and is the answer not in the manual?

Questions and answers

Summary of Contents for Digi Connect EZ 4

Page 1 Connect EZ 4/4i User Guide Firmware version 22.2...
Page 2 Revision history—90002459 Revision Date Description Release of Digi Connect EZ firmware version 22.2: March 2022 VPN enhancements: Renamed VPN > IPsec > Tunnels > Policies > Local network setting to Local traffic selector and added Remote traffic selector. Added a Dynamic option to the Local traffic selector to configuration of a local network by protocol and/or port instead of a network address range.
Page 3 Initial release of the document. 2021 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 4 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect EZ 4/4i User Guide, 90002459 A) in the subject line of your email. Digi Connect EZ 4/4i User Guide...
Page 5: Table Of Contents
Connect the Wi-Fi antenna Enable Wi-Fi Configure Wi-Fi on the device Step 5: Discover the IP address using the Digi Navigator Step 6: Configure RealPort from the Digi Navigator Step 7: Connect to the web UI and update the Connect EZ firmware...
Page 6 Show WAN and WWAN status and statistics Delete a WAN or WWAN Default outbound WAN/WWAN ports Local Area Networks (LANs) About Local Area Networks (LANs) Configure a LAN Example: Configure two LANs Show LAN status and statistics Delete a LAN Digi Connect EZ 4/4i User Guide...
Page 7 Show serial status and statistics Log serial port messages Digi Navigator application Step 6: Configure RealPort from the Digi Navigator Step 5: Discover the IP address using the Digi Navigator Install the Digi Navigator Digi Navigator features Connect to and access the Digi Navigator...
Page 8 Show the routing table Dynamic DNS Configure dynamic DNS Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Configure device two (backup device) Show VRRP status and statistics Digi Connect EZ 4/4i User Guide...
Page 9 Configure SSH access Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Show DNS server Simple Network Management Protocol (SNMP) SNMP Security Configure Simple Network Management Protocol (SNMP) Download MIBs Digi Connect EZ 4/4i User Guide...
Page 10 Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window...
Page 11 Delete a packet filtering rule Configure custom firewall rules Configure captive portals Delete captive portals Configure Quality of Service options System administration Review device status Configure system information Update system firmware Manage firmware updates using Digi Remote Manager Digi Connect EZ 4/4i User Guide...
Page 12 Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 13 Display help for the config command from the root Admin CLI prompt Configuration mode Enable configuration mode Enter configuration commands in configuration mode Save changes and exit configuration mode Exit configuration mode without saving changes Digi Connect EZ 4/4i User Guide...
Page 14 Digi Connect EZ 4/4i User Guide...
Page 15 Digi Connect EZ 4/4i User Guide...
Page 16 Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi Connect EZ regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class A European Community - CE Mark Declaration of Conformity (DoC) CE and UKCA OEM labeling requirements CE labeling requirements...
Page 17: Digi Connect Ez 4/4I User Guide
Digi Connect EZ is Digi’s next generation Device Server product line, providing connectivity for existing critical assets in business, commercial, and industrial automation applications. This product line builds on and extends the capabilities of our previous PortServer and Digi One products along with enhanced manageability, security, intelligence, and performance, while offering seamless connectivity for existing applications.
Page 18: Get Started With Connect Ez 4/4I
Step 3: Connect to site network using an Ethernet LAN Step 4: Connect the device to the network using Wi-Fi Step 5: Discover the IP address using the Digi Navigator Step 6: Configure RealPort from the Digi Navigator Step 7: Connect to the web UI and update the Connect EZ firmware Step 8: Connect to Digi Remote Manager...
Page 19: Connect Ez 4I Only: Review Installation Instructions For Hazardous Locations
Connect EZ 4i only: An industrial power connector is attached to the power jack. (Part number 18000724) Power Connect EZ 4 is intended to be powered by a locking barrel output transformer rated supply 100-240 VAC to 12 VDC, and with a 3 A output.
Page 20: Optional Additional Cellular Equipment
Get started with Connect EZ 4/4i Step 1: Verify product components Equipment Description (Connect EZ Use the included power supply (part number 24000141). For information about connecting the power supply, see Step 2: Connect the power supply. Ethernet CAT 6 Ethernet cable.
Page 21: Step 2: Connect The Power Supply
Step 2: Connect the power supply The power supply is included with the device. Connect EZ 4: Connect EZ 4 is intended to be powered by a locking barrel output transformer rated 100-240 VAC to 12 VDC, and with a 3 A output.
Page 22: Step 3: Connect To Site Network Using An Ethernet Lan
UI and configure it. NEXT STEP: If you are performing the initial device set-up, after you have configure Wi-Fi you can proceed to the next step: Step 5: Discover the IP address using the Digi Navigator. Connect the Wi-Fi antenna This section explains how to connect the Wi-Fi antenna to the Connect EZ hardware.
Page 23: Configure Wi-Fi On The Device
Ethernet cable. See Connect to and access the Digi Navigator. Note If you don't have access to the Digi Navigator, you can use a manual method to discover the IP address. See Discover the device's IP address: Additional methods. Download and install the Digi Navigator.
Page 24: Step 6: Configure Realport From The Digi Navigator
Specify a device: Expand the Specify a device section and enter the IP address or host name for the device. Select a device: From the list of devices shown in the Digi Navigator, expand the device that you want to configure.
Page 25: Step 7: Connect To The Web Ui And Update The Connect Ez Firmware
COM ports on your computer that are configured for RealPort from within the Digi Navigator. a. Launch the Digi Navigator if it is not currently open. A list of Connect EZ devices that have RealPort enabled and configured displays in the RealPort Devices section at the bottom of the application screen.
Page 26: Update The Firmware On The Connect Ez
Get started with Connect EZ 4/4i Step 7: Connect to the web UI and update the Connect EZ firmware Note You can also use the Digi Navigator to access the web UI and configure the device. See Access the web UI from the Digi Navigator.
Page 27: Step 8: Connect To Digi Remote Manager
Manager. Step 8: Connect to Digi Remote Manager Make user to connect your device to Digi Remote Manager to ensure that you receive automatic notification of firmware updates and security notices. From Remoter Manager, you can also easily update firmware, ensure consistent configuration across a large group of devices, and manage and monitor cellular connectivity.
Page 28: Connect Equipment To The Connect Ez Serial Port
To get to this page, choose Status > Connections > Serial. Serial Status page for more information. Serial connector pinout The Connect EZ 4/4i has an RJ50 serial connector. The table below contains the pinout information. EIA-422/485 EIA-485 Full-duplex...
Page 29: Serial Status Page
Log serial port messages for more information about the page. User When the port is connected to a terminal, SSH, TCP, or Telnet connection the name of the user logged into the device displays. Digi Connect EZ 4/4i User Guide...
Page 30 Displays the total number of bytes that have been transmitted and received. Signals Indicates the types of communication that the device is ready to send. DCD: Carrier Detected CTS: Clear to Send DTR: Data Terminal Ready RTS: Ready to Dend Digi Connect EZ 4/4i User Guide...
Page 31: Hardware
ETH1 network, using an Ethernet cable. The ETH1 LED shows the status of the connection. Yellow (left): There is activity on the port. Green (right): The port is in use. Digi Connect EZ 4/4i User Guide...
Page 32: Wi-Fi Led Descriptions
The SIM button is used to manually toggle between SIM button the two SIM slots included in the DIGI Core Module. Note This feature is useful only if you have connected the Digi CORE module. See Cellular connection: Insert the CORE module.
Page 33: Cell Service And Signal Led Descriptions
Modem signal strength: 1 bars Fast flash red Modem signal strength: 0 bars Modem signal strength: * Solid amber Cell service: 2G Solid green Cell service: 3G Solid blue Cell service: 4G Cell service: None Digi Connect EZ 4/4i User Guide...
Page 34: Back Panel
Back panel Back panel Name Description Digi Core Modem Insert a Digi Core Modem to complete a cellular connection. Connect hardware and connect to a cellular network. Antennas can be attached if the module is used to complete a WWAN-1 cellular connection.
Page 35: Change The Password On The Connect Ez
Prerequisites Activated SIM card from your cellular network provider. Digi CORE module. This may be included with your device. If it is not, you must purchase one separately. To connect the hardware and connect to the cellular network: Digi Connect EZ 4/4i User Guide...
Page 36: Connect Hardware And Connect To A Cellular Network
The second power cord can also be plugged in, but it is not required. It is available for power redundancy. 3. Plug the power supply unit into an AC power outlet to power up the Connect EZ. Mount the Connect EZ device There are two mounting options available: Digi Connect EZ 4/4i User Guide...
Page 37: Attach To A Mounting Surface Using The Two Mounting Tabs
5. Set the device onto a DIN rail and gently press until the clip snaps into the rail. Use the ERASE button to reset your device to the factory defaults You can reset the Connect EZ to the factory default settings. Resetting the device to factory defaults performs the following actions: Digi Connect EZ 4/4i User Guide...
Page 38: Discover The Device's Ip Address: Additional Methods
Type a to enter the Admin CLI. d. Type show network to show all devices currently connected to the network. e. Scroll down until you discover the Connect EZ. f. Write down the IP address shown for the device. Digi Connect EZ 4/4i User Guide...
Page 39: Manually Configure The Pc And Assign An Ip Address To The Device
IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process. 5. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect EZ 4/4i User Guide...
Page 40: Loose Label Sample
Enter the original IP address entries for IP address, Subnet mask, and Default gateway. c. Click OK. Loose label sample A loose label sticker that includes information about the device is included in the box. You should retain this label sticker with your hardware records. Digi Connect EZ 4/4i User Guide...
Page 41 The unique serial number assigned to the device. The SN is needed when submitting a Digi support ticket. Device kit part The part number and revision level of the device kit. number and revision level Digi Connect EZ 4/4i User Guide...
Page 42 Use the local REST API to configure the Connect EZ device Access the terminal screen from the web UI Using the command line Access the command line interface Log in to the command line interface Exit the command line interface Digi Connect EZ 4/4i User Guide...
Page 43: Configuration And Management
Configuration and management Review Connect EZ default settings Review Connect EZ default settings You can review the default settings for your Connect EZ device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect EZ WebUI as a user with Admin access.
Page 44: Other Default Configuration Settings
Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Set up Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Change the default password for the admin user The unique, factory-assigned password for the default admin user account is printed on the bottom label of the device and on the loose label included in the package.
Page 45: Reset Default Ssid And Pre-Shared Key For The Preconfigured Wi-Fi Access Point
Type quit to disconnect from the device. Reset default SSID and pre-shared key for the preconfigured Wi- Fi access point By default, the SSID and pre-shared key for the preconfigured Wi-Fi access point are: Digi Connect EZ 4/4i User Guide...
Page 46 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Wi-Fi > Digi AP. 4. Enter a new SSID and Pre-shared key. 5. Click Apply to save the configuration and apply the change.
Page 47: Configuration Methods
Note Changes made to the device's configuration by using the local web interface will not be automatically reflected in Digi Remote Manager. You must manually refresh Remote Manager for the changes to be displayed. Web-based instructions in this guide are applicable to both the Remote Manager and the local web interface.
Page 48 In this guide, task topics show how to perform tasks:  WebUI Shows how to perform a task by using the local web interface.  Command line Shows how to perform a task by using the command line interface. Digi Connect EZ 4/4i User Guide...
Page 49: Using Digi Remote Manager
Using Digi Remote Manager Using Digi Remote Manager By default, your Connect EZ device is configured to use Digi Remote Manager as its central management server. No configuration changes are required to begin using the Remote Manager. For information about configuring central management for your Connect EZ device, see Central management.
Page 50: Log Out Of The Web Interface
2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type ? (question mark): (config)> ? auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System Digi Connect EZ 4/4i User Guide...
Page 51 $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh - X GET Enter host password for user 'admin': ok": true, "result": { "type": "object", "path": "service.ssh" "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge" "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" Digi Connect EZ 4/4i User Guide...
Page 52: Use The Post Method To Modify Device Configuration Parameters And List Arrays
To add items to a list array, use the POST method with the path and append parameters. For example, to add the external firewall zone to the ssh service: $ curl -k -u admin "https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.acl.zone&append=true&value=external" -X POST Enter host password for user 'admin': { "ok": true, "result": "service.ssh.acl.zone.4" } Digi Connect EZ 4/4i User Guide...
Page 53: Use The Delete Method To Remove Items From A List Array
"2": "ipsec" "3": "setup" "4": "external" 2. Use the DELETE method to remove the external zone (list item 4). $ curl -k -u admin https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.acl.zone.4 -X DELETE Enter host password for user 'admin': Digi Connect EZ 4/4i User Guide...
Page 54: Access The Terminal Screen From The Web Ui
6. Enter ~b? to display additional commands. Command Description Disconnect from the port. Send a BREAK sequence. Clear the history buffer. Send a DTR reset sequence. Display a list of commands. 7. Enter ~b. to disconnect from the port. Digi Connect EZ 4/4i User Guide...
Page 55: Using The Command Line
You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 56: Exit The Command Line Interface
2. Depending on the device configuration, you may be presented with another menu, for example: Access selection menu: a: Admin CLI q: Quit Select access or quit [admin] : Type q or quit to exit. Digi Connect EZ 4/4i User Guide...
Page 57: Interfaces
Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs) Bridging Show Surelink status and statistics Digi Connect EZ 4/4i User Guide...
Page 58: Wide Area Networks (Wans)
Using cellular modems in a Wireless WAN (WWAN) Configure a Wide Area Network (WAN) Configure a Wireless Wide Area Network (WWAN) Show WAN and WWAN status and statistics Delete a WAN or WWAN Default outbound WAN/WWAN ports Digi Connect EZ 4/4i User Guide...
Page 59: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)
The metric for each WAN.  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 60 (config)> network interface modem ipv6 metric 1 (config)> 4. Set the metrics for ETH1: a. Set the IPv4 metric for ETH1 to 2: (config)> network interface eth1 ipv4 metric 2 (config)> b. Set the IPv6 metric for ETH1 to 1: Digi Connect EZ 4/4i User Guide...
Page 61: Wan/Wwan Failover
By default, these tests will be performed every 15 minutes, with a response timeout of 15 seconds. If the tests fail three consecutive times, the device will reset the network interface to attempt to recover the connection. Digi Connect EZ 4/4i User Guide...
Page 62: Configure Surelink Active Recovery To Detect Wan/Wwan Failures
WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network. Using Digi SureLink, you can configure the Connect EZ device to regularly probe connections through the WAN to determine if the WAN has failed.
Page 63 The Switch SIM behavior only applies if the modem is connected, but SureLink tests are failing. If the modem is not connected, SIM failover applies. See Configure a Wireless Wide Area Network (WWAN) for more information about the SIM failover option. Digi Connect EZ 4/4i User Guide...
Page 64 7. Restart interface is enabled by default. (Optional) For Restart fail count, type or select the number of times that the Surelink test must fail before the interface is restarted. The default is 1. Digi Connect EZ 4/4i User Guide...
Page 65 Web servers. The URL should take the format of http[s]://hostname/ [path]. Test DNS servers configured for this interface: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. Digi Connect EZ 4/4i User Guide...
Page 66 16. Click Apply to save the configuration and apply the change.  Command line Active recovery can be configured for both IPv4 and IPv6. These instructions are for IPv4; to configure IPv6 active recovery, replace ipv4 in the command line with ipv6. Digi Connect EZ 4/4i User Guide...
Page 67 0. The default is 1. 6. (Optional) If the interface is a WWAN, set the device to reset the modem: (config network interface my_wan ipv4 surelink)> reset_modem true (config network interface my_wan ipv4 surelink> Digi Connect EZ 4/4i User Guide...
Page 68 (config network interface my_wan)> add ipv4 surelink target end (config network interface my_wan ipv4 surelink target 0)> 10. Set the test type: (config network interface my_wan ipv4 surelink target 0)> test value (config network interface my_wan ipv4 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 69 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink target 0)> interface_down_time 600s (config network interface my_wan ipv4 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 70 (config network interface my_wan ipv4 surelink target 0)> where value is either up or down. For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. Digi Connect EZ 4/4i User Guide...
Page 71 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 12. (Optional) Repeat this procedure for IPv6. Digi Connect EZ 4/4i User Guide...
Page 72: Configure The Device To Reboot When A Failure Is Detected
Additional configuration items Configure SureLink active recovery to detect WAN/WWAN failures for optional SureLink configuration parameters. Digi Connect EZ 4/4i User Guide...
Page 73 (Optional) For Restart fail count, type or select the number of times that the Surelink test must fail before the interface is restarted. The default is 1. 8. Enable Reboot device. If Reboot device is enabled at the same time as Restart interface, Reboot device takes precedence. Digi Connect EZ 4/4i User Guide...
Page 74 The default is 60 seconds. 12. Optional active recovery configuration parameters: a. Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 75 To edit an existing interface, change to the interface's node in the configuration schema. For example, for a interface named my_wan, change to the my_wan node in the configuration schema: (config)> network interface my_wan (config network interface my_wan)> Digi Connect EZ 4/4i User Guide...
Page 76 (config network interface my_wan)> add ipv4 surelink target end (config network interface my_wan ipv4 surelink target 0)> 8. Set the test type: (config network interface my_wan ipv4 surelink target 0)> test value (config network interface my_wan ipv4 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 77 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink target 0)> interface_down_time 600s (config network interface my_wan ipv4 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 78 (config network interface my_wan ipv4 surelink target 0)> where value is either up or down. For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. Digi Connect EZ 4/4i User Guide...
Page 79 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 10. (Optional) Repeat this procedure for IPv6. Digi Connect EZ 4/4i User Guide...
Page 80: Disable Surelink
4. Select the appropriate WAN or WWAN on which SureLink should be disabled.. 5. After selecting the WAN or WWAN, click IPv4 > SureLink. 6. Toggle off Enable to disable SureLink. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 81 SureLink interface test. The SureLink interface test determines if the interface has an IP address assigned to it, that the physical link is up, and that a route is present to send traffic out of the network interface.  WebUI Digi Connect EZ 4/4i User Guide...
Page 82 7. Click to expand the second test target. This test target has its Test type set to Test DNS servers configured for this interface. 8. Click the menu icon (...) next to the target and select Delete. 9. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 83: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular
It continues to regularly test the connection to ETH1, and when tests on ETH1 succeed, the device falls back to ETH1. To achieve this WAN failover from the ETH1 to the Modem interface, the WAN failover configuration is: Digi Connect EZ 4/4i User Guide...
Page 84 Click the menu icon (...) next to each target and select Delete. e. For Add Test Target, click . f. For Test type, select Ping test. g. For Ping host, type 43.66.93.111. h. For Ping payload size, type 256. Digi Connect EZ 4/4i User Guide...
Page 85 (config network interface eth1 ipv4 surelink target 0)> ping_host 43.66.93.111 (config network interface eth1 ipv4 surelink target 0)> 1. Repeat the above step for the cellular Modem (modem) interface to enable SureLink on that interface. Digi Connect EZ 4/4i User Guide...
Page 86: Using Ethernet Devices In A Wan
Configure the maximum number of interfaces that can use the modem. Enable carrier switching, which allows the modem to automatically match the carrier for the active SIM. Carrier switching is enabled by default. Configure the access technology. Determine which cellular antennas to use. Digi Connect EZ 4/4i User Guide...
Page 87 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 88 Carrier switching is enabled by default. To disable: (config)> network modem modem carrier_switch false (config)> 8. Set the type of cellular technology that this modem should use to access the cellular network: (config)> network modem modem access_tech value (config)> Digi Connect EZ 4/4i User Guide...
Page 89 After the device has successfully connected, it will remember the correct APN. As a result, it is generally not necessary to configure APNs. However, you can configure the system to use a specified APN. To configure the APN:  WebUI Digi Connect EZ 4/4i User Guide...
Page 90 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 91 (config)> network interface modem modem apn 0 username name (config)> network interface modem modem apn 0 password pwd (config)> The default is none. 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: Digi Connect EZ 4/4i User Guide...
Page 92 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Increase the maximum number of interfaces allowed for the modem: a. Click Network > Modems > Modem. b. For Maximum number of interfaces, type 2. Digi Connect EZ 4/4i User Guide...
Page 93 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: a. Click Network > Routes > Policy-based routing. b. Click the  to add a new route policy. c. For Label, enter Route through public APN. Digi Connect EZ 4/4i User Guide...
Page 94 For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. iii. For Interface, select Interface: WWAN_Private. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 95 Use to periods (..) to move back one level in the configuration: (config network interface WWANPublic)> .. (config network interface)> f. Create the WWANPrivate interface: (config network interface)> add WWANPrivate (config network interface WWANPrivate)> g. Set the interface type to modem: Digi Connect EZ 4/4i User Guide...
Page 96 (config network route policy 0)> src interface LAN1 (config network route policy 0)> e. Configure the destination address: i. Set the type to interface: (config network route policy 0)> dst type interface (config network route policy 0)> Digi Connect EZ 4/4i User Guide...
Page 97 Set the type to interface: (config network route policy 1)> dst type interface (config network route policy 1)> ii. Set the interface to WWANPrivate : (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> Digi Connect EZ 4/4i User Guide...
Page 98 4. If Manual or Manual/Automatic are selected for Carrier section mode, enter the Network PLMN ID. Note You can use themodem scan command at the Admin CLI to scan for available carriers and determine their PLMN ID. See Scan for available cellular carriers for details. Digi Connect EZ 4/4i User Guide...
Page 99 Type quit to disconnect from the device. Scan for available cellular carriers You can scan for available carriers and determine their network PLMN ID by using the modem scan command at the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 100 Issuing network scan, this may take some time... Status Carrier PLMN ID Technology --------- -------- ------- ---------- Available T-Mobile 310260 Available T-Mobile 310260 Available AT&T 310410 Available Verizon 311480 Available 311 490 311490 Available 313 100 313100 > Digi Connect EZ 4/4i User Guide...
Page 101 : 24.01.541_ATT Revision : 24.01.541 Status ------ State : connected Signal Strength : Good (-85 dBm) Bars : 2/5 Access Mode : 4G Network Technology (CNTI): LTE Band : B2 Temperature : 34C wwan1 Interface Digi Connect EZ 4/4i User Guide...
Page 102 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, use the modem puk unlock command to set a new PIN for the SIM card: Digi Connect EZ 4/4i User Guide...
Page 103 Move the Connect EZ device to another location. Try connecting a different set of antennas, if available. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1m Antenna Extender Kit, 3m Digi Connect EZ 4/4i User Guide...
Page 104 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 105: Configure A Wide Area Network (Wan)
Whether to include the Connect EZ device's hostname in DHCP requests. Active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information. MAC address denylist and allowlist. To create a new WAN or edit an existing WAN:  WebUI Digi Connect EZ 4/4i User Guide...
Page 106 Type the Server Password for the authentication server. f. Set the Reauth period. g. (Optional) Click to expand Accounting. h. Click Enable server to enable 802.1x authentication auditing on the Connect EZ device. Digi Connect EZ 4/4i User Guide...
Page 107 For Prefix ID, type the identifier used to extend the prefix to the assigned length. Leave blank to use a random identifier. Digi Connect EZ 4/4i User Guide...
Page 108 If allowlist entries are specified, incoming packets will only be accepted from the listed MAC addresses. a. Click to expand MAC address allowlist. b. For Add MAC address, click . c. Type the MAC address. 13. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 109 IPv4 support is enabled by default. To disable: (config network interface my_wan)> ipv4 enable false (config network interface my_wan)> Configure the WAN to be a DHCP client: (config network interface my_wan)> ipv4 type dhcp (config network interface my_wan)> Digi Connect EZ 4/4i User Guide...
Page 110 IP address with an associated DNS server. (config network interface my_wan)> ipv4 dhcp_hostname true (config network interface my_wan)> RFC4702 for further information about DHCP server support for the Client FQDN option. Digi Connect EZ 4/4i User Guide...
Page 111 (config network interface my_wan)> ipv6 metric 1 (config network interface my_wan)> If the minimum length is not available, then a longer prefix will be used. Configure WAN/WWAN priority and default route metrics for further information about metrics. Digi Connect EZ 4/4i User Guide...
Page 112 Set the IP address of the accounting server: (config network interface my_wan)> 802_1x accounting ip IPv4_ address (config network interface my_wan)> iii. Set the password for the accounting server: (config network interface my_wan)> 802_1x accounting password password (config network interface my_wan)> Digi Connect EZ 4/4i User Guide...
Page 113: Configure A Wireless Wide Area Network (Wwan)
Configuring a Wireless Wide Area Network (WWAN) involves configuring the following items: Required configuration items The interface type: Modem. The firewall zone: External. The cellular modem that is used by the WWAN. Additional configuration items SIM selection for this WWAN. The SIM PIN. Digi Connect EZ 4/4i User Guide...
Page 114 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Interfaces. Digi Connect EZ 4/4i User Guide...
Page 115 For Network PLMN ID, type the PLMN ID for the cellular network. b. For Network technology, select the technology that should be used. The default is All technologies, which means that the best available technology will be used. Digi Connect EZ 4/4i User Guide...
Page 116 Set the MTU. g. For Use DNS: Always: DNS will always be used for this WWAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS Digi Connect EZ 4/4i User Guide...
Page 117 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create a new WWAN or edit an existing one: To create a new WWAN named my_wwan: (config)> add network interface my_wwan (config network interface my_wwan)> Digi Connect EZ 4/4i User Guide...
Page 118 Use ? to determine available carriers: (config network interface my_wwan)> modem carrier Match SIM carrier: The SIM carrier match criteria. This interface is applied when the SIM card is provisioned from the carrier. Format: AT&T Rogers Sprint T-Mobile Digi Connect EZ 4/4i User Guide...
Page 119 (config network interface my_wwan)> Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. Digi Connect EZ 4/4i User Guide...
Page 120 11. SIM failover is enabled by default, which means that the modem will automatically fail over from the active SIM to the next available SIM when the active SIM fails to connect. To disable: (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> Digi Connect EZ 4/4i User Guide...
Page 121 IPv4 support is enabled by default. To disable: (config network interface my_wwan)> ipv4 enable false (config network interface my_wwan)> b. Set the metric: (config network interface my_wwan)> ipv4 metric num (config network interface my_wwan)> Digi Connect EZ 4/4i User Guide...
Page 122 Set the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, the weight is used to load balance traffic to the interfaces. (config network interface my_wwan)> ipv4 weight num (config network interface my_wwan)> Digi Connect EZ 4/4i User Guide...
Page 123: Show Wan And Wwan Status And Statistics
Type admin to access the Admin CLI. 2. Enter the show network command at the Admin CLI prompt: > show network Interface Proto Status Address ---------------- ----- ------- ------------------------------- defaultip IPv4 192.168.210.1/24 defaultlinklocal IPv4 169.254.100.100/16 Digi Connect EZ 4/4i User Guide...
Page 124 : 1500 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) : 10.10.10.2, 10.10.10.3 IPv6 Status : up IPv6 Type : dhcpv6 IPv6 Address(es) : fe00:2404::240:f4ff:fe80:120/64 IPv6 Gateway : ff80::234:f3ff:ff0e:4320 IPv6 MTU : 1500 Digi Connect EZ 4/4i User Guide...
Page 125: Delete A Wan Or Wwan
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 126: Default Outbound Wan/Wwan Ports
The following table lists the default outbound network communications for Connect EZ WAN/WWAN interfaces: Description TCP/UDP Port number Digi Remote Manager connection to my.devicecloud.com 3199 NTP date/time sync to time.devicecloud.com DNS resolution using WAN-provided DNS servers HTTPS for modem firmware downloads from firmware.accns.com Digi Connect EZ 4/4i User Guide...
Page 127: Local Area Networks (Lans)
This section contains the following topics: About Local Area Networks (LANs) Configure a LAN Example: Configure two LANs Show LAN status and statistics Delete a LAN DHCP servers Create a Virtual LAN (VLAN) route Default services listening on LAN ports Digi Connect EZ 4/4i User Guide...
Page 128: About Local Area Networks (Lans)
A Local Area Network (LAN) connects network devices together, such as Ethernet or Wi-Fi, in a logical Layer-2 network. The following diagram shows a LAN connected to the ETH2 Ethernet device and the Digi AP access point. Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
Page 129 The Connect EZ can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the Connect EZ device. c. Type the Server IP address of the authentication server. Digi Connect EZ 4/4i User Guide...
Page 130 Set the Metric. g. For Weight, type the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, Weight is used to load balance traffic to the interfaces. Digi Connect EZ 4/4i User Guide...
Page 131 To create a new LAN named my_lan: (config)> add network interface my_lan (config network interface my_lan)> To edit an existing LAN named my_lan, change to the my_lan node in the configuration schema: (config)> network interface my_lan (config network interface my_lan)> Digi Connect EZ 4/4i User Guide...
Page 132 (config network interface my_lan)> ii. Set the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, the weight is used to load balance traffic to the interfaces. Digi Connect EZ 4/4i User Guide...
Page 133 (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value --------------------------------------------------------------------- ---------- enable true Enable metric Metric mgmt Management priority 1500 prefix_id Prefix ID prefix_length Prefix length type prefix_delegation Type weight Weight Additional Configuration --------------------------------------------------------------------- ---------- Digi Connect EZ 4/4i User Guide...
Page 134 Set the IP address of the authentication server: (config network interface my_lan)> 802_1x authentication ip IPv4_ address (config network interface my_lan)> c. Set the password for the authentication server: (config network interface my_lan)> 802_1x authentication password password (config network interface my_lan)> Digi Connect EZ 4/4i User Guide...
Page 135 MAC address, for example, 32-A6-84-2E-81-58. b. Repeat for each additional MAC address. 10. (Optional) Configure the MAC address allowlist. If allowlist entries are specified, incoming packets will only be accepted from the listed MAC addresses. Digi Connect EZ 4/4i User Guide...
Page 136: Example: Configure Two Lans
The default configuration of the Connect EZ consists of one WAN (named ETH1), one WWAN (Modem), and one LAN (ETH2). For Connect EZW Wi-Fi enabled devices, the default configuration of the ETH2 uses a bridge that consists of two devices, the ETH2 Ethernet device and the Digi AP Wi-Fi access point.
Page 137 4. Set the SSID for the Wi-Fi access point. Up to 32 characters are allowed. (config network wifi ap Example_AP)> ssid Example_SSID (config network wifi ap Example_AP)> SSID broadcasting is enabled by default for new access points. Digi Connect EZ 4/4i User Guide...
Page 138 3. Click Network > Bridges. 4. For Add Bridge, type Example_bridge and click . The new bridge configuration window is displayed. 5. Click to expand Devices. 6. For Add Device, click . 7. For Device, select Ethernet: ETH1. Digi Connect EZ 4/4i User Guide...
Page 139 New access points are enabled by default. 4. Use the Tab key (twice) to determine available devices: (config network bridge Example_bridge)> add device end [TAB][TAB] /network/device/eth1 /network/device/eth2 /network/device/loopback /network/bridge/lan /network/wifi/ap/digi_ap /network/wifi/ap/Example_AP (config network bridge Example_bridge)> add device end /network/ Digi Connect EZ 4/4i User Guide...
Page 140 Task three: Create the LANs  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 141 For Device, select Ethernet: ETH2. e. Click to expand IPv4. f. For Address, type 192.168.4.1/24. g. Click to expand DHCP server. h. Click Enable. 5. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 142 If you are configuring a non-Wi-Fi Connect EZ, set the device to /network/device/eth1 . (config network interface LAN1)> device /network/device/eth1 (config network interface LAN1)> c. Configure the firewall zone for the LAN1 interface to internal: (config network interface LAN1)> zone internal (config network interface LAN1)> Digi Connect EZ 4/4i User Guide...
Page 143 Configure the IPv4 address for the LAN2 interface: (config network interface LAN2)> ipv4 address 192.168.4.1/24 (config network interface LAN2)> e. Enable the DHCP server for the LAN2 interface: (config network interface LAN2)> ipv4 dhcp_server enable true (config network interface LAN2)> Digi Connect EZ 4/4i User Guide...
Page 144: Show Lan Status And Statistics
Admin CLI prompt: > show network Interface Proto Status Address ---------------- ----- ------- ------------------------------- defaultip IPv4 192.168.210.1/24 defaultlinklocal IPv4 169.254.100.100/16 eth2 IPv4 192.168.2.1/24 eth2 IPv6 fd00:2704::1/48 loopback IPv4 127.0.0.1/8 Digi Connect EZ 4/4i User Guide...
Page 145 IPv4 Weight : 10 IPv4 DNS Server(s) IPv6 Status : up IPv6 Type : prefix IPv6 Address(es) : fd00:2704::1/48 IPv6 Gateway IPv6 MTU : 1500 IPv6 Metric IPv6 Weight : 10 IPv6 DNS Server(s) Digi Connect EZ 4/4i User Guide...
Page 146: Delete A Lan
3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 147: Dhcp Servers
Enable the DHCP server. Additional configuration items The lease address pool: the range of IP addresses issued by the DHCP server to clients. Lease time: The length, in minutes, of the leases issued by the DHCP server. Digi Connect EZ 4/4i User Guide...
Page 148 Click to expand Advanced settings. b. For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the Connect EZ device's gateway. Digi Connect EZ 4/4i User Guide...
Page 149 (config)> network interface my_lan ipv4 dhcp_server enable true (config)> Configure a LAN for information about creating a LAN. 4. (Optional) Set the amount of time that a DHCP lease is valid: (config)> network interface my_lan ipv4 dhcp_server lease_time value (config)> Digi Connect EZ 4/4i User Guide...
Page 150 (config)> network interface my_lan ipv4 dhcp_server advanced mtu value (config)> where value is one of: none: An MTU of length 0 is broadcast. This is not recommended. auto: No MTU is broadcast and clients will determine their own MTU. Digi Connect EZ 4/4i User Guide...
Page 151 Set the IP address or host name of the TFTP server: (config)> network interface my_lan ipv4 dhcp_server advanced nftp_ server ip_address (config)> g. Set the relative path and file name of the bootfile on the TFTP server: Digi Connect EZ 4/4i User Guide...
Page 152 5. Click to expand IPv4 > DHCP server > Advanced settings > Static leases. 6. For Add Static lease, click . 7. Type the MAC address of the device associated with this static lease. Digi Connect EZ 4/4i User Guide...
Page 153 (network interface my_lan ipv4 dhcp_server advanced static_lease 0)> Note The IP address here should be outside of the DHCP server's configured lease range. See Configure a DHCP server for further information about the lease range. Digi Connect EZ 4/4i User Guide...
Page 154 3. Show the static lease configuration. For example, to show the static leases for a lan named my_lan: (config)> show network interface my_lan ipv4 dhcp_server advanced static_ lease ip 192.168.2.10 mac BF:C3:46:24:0E:D9 no name ip 192.168.2.11 mac E3:C1:1F:65:C3:0E Digi Connect EZ 4/4i User Guide...
Page 155 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 156 DHCP options can be set on a per-LAN basis, or can be set for all LANs. A total of 32 DHCP options can be configured. Required configuration items DHCP option number. Value for the DHCP option. Digi Connect EZ 4/4i User Guide...
Page 157 Interfaces Local Area Networks (LANs) Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi Connect EZ 4/4i User Guide...
Page 158 LAN named my_lan: (config)> add network interface my_lan ipv4 dhcp_server advanced custom_ option end (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> Configure a LAN for information about creating a LAN. Digi Connect EZ 4/4i User Guide...
Page 159 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte 4byte ipv4 The default is str. Digi Connect EZ 4/4i User Guide...
Page 160 Configure a LAN. 5. Disable the DHCP server, if it is enabled: a. Click to expand IPv4 > DHCP server. b. Click Enable to toggle off the DHCP server. 6. Click to expand DHCP relay. Digi Connect EZ 4/4i User Guide...
Page 161 (config network interface lan1 ipv4 dhcp_relay 1)> c. Set the IP address of the DHCP relay server: (config network interface my_lan ipv4 dhcp_relay 1)> address 10.10.10.11 (config network interface my_lan ipv4 dhcp_relay 1)> d. Repeat for each additional relay server. Digi Connect EZ 4/4i User Guide...
Page 162 192.168.2.195 MTK-ENG-USER2 > 3. Additional information can be returned by using the show dhcp-lease verbose command: > show dhcp-lease verbose IP Address Hostname Expires Type Active MAC Address ------------- -------- ------------------------ ------- ------ ----------------- Digi Connect EZ 4/4i User Guide...
Page 163: Create A Virtual Lan (Vlan) Route
LAN. Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. Digi Connect EZ 4/4i User Guide...
Page 164 4. Type a name for the VLAN and click . 5. Select the Device. 6. Type or select a unique numeric ID for the VLAN ID. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 165 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 166: Default Services Listening On Lan Ports
The following table lists the default services listening on the specified ports on the Connect EZ LAN interfaces: Description TCP/UDP Port numbers DNS server DHCP server 67 and 68 SSH server Web UI 443 (also listens on port 80, then redirects to port 443 Digi Connect EZ 4/4i User Guide...
Page 167: Bridging
Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. This section contains the following topics: Configure a bridge Digi Connect EZ 4/4i User Guide...
Page 168: Configure A Bridge
For Forwarding delay, enter the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data. The default is 2 seconds. 8. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 169 Interfaces Bridging Digi Connect EZ 4/4i User Guide...
Page 170 (config network bridge my_bridge)> ..interface lan device ? Default value: /network/lan Current value: /network/lan (config network bridge my_bridge)> b. Add the appropriate device. For example, to add the Digi AP Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap (config)>...
Page 171: Show Surelink Status And Statistics
IPv4 114 seconds Passing > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 172: Show Surelink Status For A Specific Interface
21 seconds Waiting for result > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 173: Show Surelink Status For A Specific Ipsec Tunnel
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Surelink status for a specific OpenVPN client To show the Surelink status a specific OpenVPN client, use the show surelink openvpn client name command: Digi Connect EZ 4/4i User Guide...
Page 174 194.43.79.75 (Ping) 5 seconds Passed > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 175: Serial Port
Access: Provides socket level access to ports. Application: Provides access to the serial device from Python applications. RealPort: Used in conjunction with the Digi RealPort driver. RealPort can also be configured using the Digi Navigator. For more information about configuring RealPort, see Digi Navigator application.
Page 176: Configure Login Mode
5. Enable Altpin to use the Altpin feature. Altpin is disabled by default. This feature should be enabled when you are using a modem and an 8-pin cable and you need CD (Carrier Detect). When enabled, the DTR on pin 1 drives DCD. Digi Connect EZ 4/4i User Guide...
Page 177 9. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. Digi Connect EZ 4/4i User Guide...
Page 178 For rts_post_delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms: (config)> serial port1 rts_post_delay value (config)> rs-422 Enable Termination if you want to enable electrical termination on this serial port. Digi Connect EZ 4/4i User Guide...
Page 179 The default is none. 11. Set the stop bits used by the device to which you want to connect: (config)>path-paramstopbits bits (config)> 12. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 180: Configure Remote Access Mode
DCD is not required, and DSR is needed instead. 6. (Optional) For Label, enter a label that will be used when referring to this port. 7. For Signalling, select the electrical signaling interface type used on this serial port: Digi Connect EZ 4/4i User Guide...
Page 181 13. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. 14. Expand Service Settings. All service settings are disabled by default. Click available options to toggle them to enabled, and set the IP ports as appropriate. Digi Connect EZ 4/4i User Guide...
Page 182 18. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. Digi Connect EZ 4/4i User Guide...
Page 183 If enabled, this setting overrides RTS\CTS flow control: (config)> serial port1 rts_toggle true (config)> For rts_pre_delay, enter the amount of time RTS is asserted before starting data transmission. The time is measured in milliseconds. The default is 0ms: Digi Connect EZ 4/4i User Guide...
Page 184 9. Set the number of data bits used by the device to which you want to connect: (config)>path-paramdatabits bits (config)> 10. Set the type of parity used by the device to which you want to connect: (config)>path-paramparity parity (config)> Allowed values are: even none The default is none. Digi Connect EZ 4/4i User Guide...
Page 185 (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config)>path-parammonitor cts true (config) b. (Optional) Enable monitoring of DCD (Data Carrier Detect) changes on this port: (config)>path-parammonitor dcd true (config) Digi Connect EZ 4/4i User Guide...
Page 186: Configure Application Mode
6. Enable Altpin to use the Altpin feature. Altpin is disabled by default. This feature should be enabled when you are using a modem and an 8-pin cable and you need CD (Carrier Detect). When enabled, the DTR on pin 1 drives DCD. Digi Connect EZ 4/4i User Guide...
Page 187 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. The serial port is enabled by default. To disable: (config)> serial port1 enable false (config)> Digi Connect EZ 4/4i User Guide...
Page 188 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Enable full_duplex if you want to enable full duplex communication on this serial port: (config)> serial port1 full_duplex true (config)> The default is rs-232. Digi Connect EZ 4/4i User Guide...
Page 189: Configure Realport Mode
You can configure the Connect EZ to communicate with your computer using RealPort. Note If you are using the Windows OS, you can also enable and configure RealPort mode for the Connect EZ device and your computer from the Digi Navigator. See Digi Navigator application.
Page 190 Serial port Configure RealPort mode 4. When the download is complete, open the .zip file and click the setup.exe file. The Digi RealPort Setup Wizard appears. 5. Select Add a New Device. 6. Follow the steps in the wizard to install RealPort.
Page 191: Configure The Serial Port For Realport Mode
Device Configuration or Serial Configuration will be reflected in both. 3. Click the name of the port that you want to configure. The serial port is enabled by default. To disable, toggle off Enable. 4. For Mode, select RealPort. Digi Connect EZ 4/4i User Guide...
Page 192 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 193 (config)> serial port1 altpin true (config)> This feature should be enabled when you are using a modem and an 8-pin cable and you need CD (Carrier Detect). When enabled, the DTR on pin 1 drives DCD. Digi Connect EZ 4/4i User Guide...
Page 194: Configure The Realport Service
12. Click Apply to save the configuration and apply the change. The Apply button is located at the top of the WebUI page. You may need to scroll to the top of the page to locate it. Digi Connect EZ 4/4i User Guide...
Page 195: Configure Udp Serial Mode
The time is measured in milliseconds. The default is 0ms. For RTS Post-delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms. Digi Connect EZ 4/4i User Guide...
Page 196 For End Pattern, enter the end pattern. The packet is sent when this pattern is received from the serial port. e. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. Digi Connect EZ 4/4i User Guide...
Page 197 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 198 Enable Termination if you want to enable electrical termination on this serial port. rs-485 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Digi Connect EZ 4/4i User Guide...
Page 199 (config)> 12. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Allowed values are: none rts/cts xon/xoff The default is none. Digi Connect EZ 4/4i User Guide...
Page 200 (config)> add serial port1 upd destination end (config serial port1 udp destination 0)> ii. (Optional) Enter a description of the destination: (config serial port1 udp destination 0)> description string (config serial port1 udp destination 0)> Digi Connect EZ 4/4i User Guide...
Page 201: Configure Modbus Mode
The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both. Digi Connect EZ 4/4i User Guide...
Page 202 Parity: For Parity, select the type of parity used by the device to which you want to connect. The default is None. d. Stop bits: For Stop bits, select the number of stop bits used by the device to which you want to connect. The default is 1. Digi Connect EZ 4/4i User Guide...
Page 203 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 204 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Enable full_duplex if you want to enable full duplex communication on this serial port: (config)> serial port1 full_duplex true (config)> Digi Connect EZ 4/4i User Guide...
Page 205 The default is none. 4. Set the stop bits used by the device to which you want to connect: (config)>path-paramstopbits bits (config)> 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 206: Show Serial Status And Statistics
5. Click Start to start serial port logging. 6. Click Stop to stop serial port logging if it has been started. 7. Click Refresh to refresh the log display. 8. Click Download to download the serial port log. Digi Connect EZ 4/4i User Guide...
Page 207: Digi Navigator Application
9. (Optional) For Log size, configure the maximum allowed log size for the serial port log. The default is 65536. Digi Navigator application You can use the Digi Navigator application with the Connect EZ device to discover device IP addresses, install and configure RealPort, and verify connection to the network. Before you begin...
Page 208 Serial port Digi Navigator application Select a device: From the list of devices shown in the Digi Navigator, expand the device that you want to configure. 5. Configure RealPort on the device. a. Click the Configure device for RealPort button. A login screen displays.
Page 209: Step 5: Discover The Ip Address Using The Digi Navigator
COM ports on your computer that are configured for RealPort from within the Digi Navigator. a. Launch the Digi Navigator if it is not currently open. A list of Connect EZ devices that have RealPort enabled and configured displays in the RealPort Devices section at the bottom of the application screen.
Page 210: Digi Navigator Features
Note Microsoft Visual C++ must be installed to ensure that Realport can be installed. Microsoft Visual C++ is installed by default during the Digi Navigator install process, if it is not already installed on your computer. 1. Navigate to the Digi Connect EZ drivers support page.
Page 211: Connect To And Access The Digi Navigator
RealPort. Connect to and access the Digi Navigator Your device must be connected to your network or a laptop before you can access the Digi Navigator. 1. Connect a power supply to the device and power it on.
Page 212: Discover The Ip Address When Not On A Network
After you have enabled and configured RealPort on at least one Connect EZ device, a list of configured devices displays at the bottom of the Digi Navigator application screen. Using the available buttons, you can refresh the list and easily access the COM port configuration on your computer.
Page 213: Access The Web Ui From The Digi Navigator
Navigator. 2. Launch the Digi Navigator. 3. From the list of devices shown in the Digi Navigator, expand the device that you want to configure. 4. Click Open next to the IP address you want to use. The login screen for the web UI launches.
Page 214: Access Digi Remote Manager From The Digi Navigator
Access Digi Remote Manager from the Digi Navigator You can access Digi Remote Manager from the Digi Navigator. Within the Remote Manager, you can configure and monitor your Connect EZ. For information about using Digi Remote Manager, refer to the Digi Remote Manager User Guide.
Page 215 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics Digi Connect EZ 4/4i User Guide...
Page 216: Wi-Fi
Reset default SSID and pre-shared key for the preconfigured Wi-Fi access point for information about changing the default SSID and password. Default Wi-Fi configuration The default Wi-Fi configuration of the Connect EZ device is: Digi Connect EZ 4/4i User Guide...
Page 217 Enabled or disabled Enabled SSID Digi-Connect EZ-serial_number SSID broadcast Enabled Encyrption WAP2 Personal (PSK) Pre-shared key The unique password printed on the bottom label of the device. Group rekey interval 10 minutes Client mode connections: none. Digi Connect EZ 4/4i User Guide...
Page 218: Configure The Wi-Fi Radio's Channel
1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 219: Configure The Wi-Fi Radio To Support Dfs Channels In Client Mode
DFS channels 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, and 144 Higher 5GHz non-DFS channels 149, 153, 157, 161, and 165 The Wi-Fi access point must also support connections on these channels. Digi Connect EZ 4/4i User Guide...
Page 220: Required Configuration Items
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 221: Configure The Wi-Fi Radio's Band And Protocol
3. Click Network > WiFi. 4. For Frequency band, select either 2.4 GHz or 5 GHz. 5. For Access point mode, select the appropriate mode. Only modes appropriate for the selected band are displayed. Digi Connect EZ 4/4i User Guide...
Page 222 If the Wi-Fi radio has a band of 5000mhz: (config)> network wifi radio phy0 5000mhz mode value (config)> where value is one of ac, acn, or n. Digi Connect EZ 4/4i User Guide...
Page 223: Configure The Wi-Fi Radio's Transmit Power
3. Click Network > WiFi. 4. For Tx power percentage, type or select the appropriate percentage for the Wi-Fi radio's transmit power. 5. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 224: Configure An Open Wi-Fi Access Point
This procedure configures a Wi-Fi access point that does not require a password for client connections. By default, the Connect EZ device comes with one preconfigured access point, Digi AP. You cannot delete default access points, but you can modify them or you can create your own access points.
Page 225 Wi-Fi networks that do not use password protection. Note Only select WPA3 Enhanced Open (OWE) if you know that all Wi-Fi clients connecting to this device will have WPA3 capabilities. Digi Connect EZ 4/4i User Guide...
Page 226 4. Set the SSID for the Wi-Fi access point. Up to 32 characters are allowed. (config network wifi ap new_AP)> ssid my_SSID (config network wifi ap new_AP)> SSID broadcasting is enabled by default for new access points. Digi Connect EZ 4/4i User Guide...
Page 227 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 2. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 228 Only select owe if you know that all Wi-Fi clients connecting to this device will have WPA3 capabilities. 7. (Optional) Determine whether to prevent clients that are connected to this access point from communicating with each other: Digi Connect EZ 4/4i User Guide...
Page 229: Configure A Wi-Fi Access Point With Personal Security
By default, the Connect EZ device comes with one preconfigured access point, Digi AP. You cannot delete default access points, but you can modify them or you can create your own access points.
Page 230 . To modify an existing access point, click to expand the access point. The Wi-Fi access point configuration window is displayed. 5. For SSID, type the SSID. Up to 32 characters are allowed. Digi Connect EZ 4/4i User Guide...
Page 231 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 12. Click Apply to save the configuration and apply the change.  Command line Configure a new Access point Digi Connect EZ 4/4i User Guide...
Page 232 6. (Optional) Determine whether to prevent clients that are connected to this access point from communicating with each other: (config)> network wifi ap digi_ap isolate_clients true (config)> Isolate Wi-Fi clients for information about how to prevent clients connected to different access points from communicating with each other. Digi Connect EZ 4/4i User Guide...
Page 233 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 2. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 234 WPA2 are able to authenticate. psk2: Uses WPA2 Personal (PSK) mode. All Wi-Fi clients must support WPA2 to be able to authenticate. psk2sae: Uses WPA2-PSK/WPA3-AES mixed mode. Wi-Fi clients that support WPA2 and WPA3 are able to authenticate. Digi Connect EZ 4/4i User Guide...
Page 235 The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. 2. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 236: Configure A Wi-Fi Access Point With Enterprise Security
RADIUS server, rather than using preshared key on the Connect EZ device. By default, the Connect EZ device comes with one preconfigured access point, Digi AP. You cannot delete default access points, but you can modify them or you can create your own access points.
Page 237 For RADIUS IP/hostname, type the IP address or hostname of the RADIUS server. d. (Optional) Change the RADIUS port. The default port is 1812. e. For RADIUS secret key, type the secret key as configured on the RADIUS server. Digi Connect EZ 4/4i User Guide...
Page 238 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create a new access point: (config)> add network wifi ap new_AP (config network wifi ap new_AP)> New access points are enabled by default. Digi Connect EZ 4/4i User Guide...
Page 239 (config network wifi ap new_AP encryption radius_servers 1)> host IP_address (config network wifi ap new_AP encryption radius_servers 1)> iii. Repeat for additional radius servers. 8. (Optional) Set the amount of time to wait before changing the group key. Digi Connect EZ 4/4i User Guide...
Page 240 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Show available access points: (config)> network wifi ap ? Additional Configuration ------------------------------------------------------------------------ ------- digi_ap Digi AP Digi Connect EZ 4/4i User Guide...
Page 241 (config)> network wifi ap digi_ap encryption group_rekey value (config)> where value is any number of days, hours, minutes, or seconds, and takes the format number {d|h|m|s}. For example, to set group rekey interval to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 242 (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 243: Isolate Wi-Fi Clients
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 244: Isolate Clients Connected To Different Access Points
3. Configure the firewall: a. Click Firewall > Zones. b. In Add Zone, enter LAN2_isolation_zone for the name of the zone and click . Note We will be creating LAN2 later in the procedure. Digi Connect EZ 4/4i User Guide...
Page 245 By default, the Connect EZ device comes with one preconfigured LAN, which includes the default access point. We will use that LAN for the access point, and create a new LAN for the access point. Digi Connect EZ 4/4i User Guide...
Page 246 (config network wifi ap new_AP)> ssid my_SSID (config network wifi ap new_AP)> c. Set the security for the access point: (config network wifi ap new_AP)> encryption type value (config network wifi ap new_AP)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 247 Firewall filters are applied in the order that they are listed. As a result, in order to drop traffic from the Internal zone to the LAN2_isolation_zone, this filter must be added before the Allow all outgoing traffic filter, which allows the Internal zone to have access Digi Connect EZ 4/4i User Guide...
Page 248 (config network interface LAN2)> c. Set the device to : (config network interface LAN2)> device /network/wifi/ap/ (config network interface LAN2)> d. Set the zone to LAN2_isolation_zone: (config network interface LAN2)> zone LAN2_isolation_zone (config network interface LAN2)> Digi Connect EZ 4/4i User Guide...
Page 249: Configure A Wi-Fi Client And Add Client Networks
The private key in PEM format. (Optional) The private key passphrase. PEAP: Username/password authentication. If PEAP is selected, identify the username and password. SCEP certificates: Simple Certificate Enrollment Protocol (SCEP) certificate management. If SCEP certificates is selected: Digi Connect EZ 4/4i User Guide...
Page 250 4. For Add WiFi client:, type the name of the client and click . The Wi-Fi client configuration window is displayed. New Wi-Fi clients are enabled by default. To disable, or to enable a client if it has been disabled, click Enable. Digi Connect EZ 4/4i User Guide...
Page 251 If the signal strength from the access point to which the client is currently connected is below the Scan threshold, it will use the Short interval to determine how often to scan for available access points. Digi Connect EZ 4/4i User Guide...
Page 252 To delete a preconfigured channel, click the menu icon (...) next to the channel and select Delete. h. To add a channel, click Add Scan frequency and select the appropriate channel. 7. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 253 (config network wifi client new_client)> ssid 0 encryption key_ psk2 password (config network wifi client new_client)> Digi Connect EZ 4/4i User Guide...
Page 254 SCEP Client: The SCEP client which this Wi-Fi client will use to download the necessary keys and certificates from the SCEP server. Format: SCEP_test_client SCEP_test_client1 Current value: (config network wifi client new_client)> ii. Set the SCEP client, for example: Digi Connect EZ 4/4i User Guide...
Page 255 Enable background scanning: (config network wifi client new_client)> background_scanning enable true (config network wifi client new_client)> b. Set the scan threshold (bgscan_strength), in dB, that is used to determine the scanning frequency. Digi Connect EZ 4/4i User Guide...
Page 256 You can delete the preconfigured frequencies and add additional frequencies. At least one frequencies is required. f. To delete a preconfigured frequencies: i. Use the show command to determine the index number of the channel to be deleted: (config network wifi client new_client)> show background_scanning scan_freq Digi Connect EZ 4/4i User Guide...
Page 257 (config network wireless client new_client)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 258: Show Wi-Fi Access Point Status And Statistics
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 259: Show Wi-Fi Client Status And Statistics
Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type show wifi client: > show wifi client Client Enabled SSID Status Signal MAC Address --------- ------- -------- ------ ------ ----------------- my_client true my_SSID 91:fe:86:d1:0e:81 Digi Connect EZ 4/4i User Guide...
Page 260 Enabled : true SSID : my_SSID Status : up Signal : -43 MAC Address : 91:fe:86:d1:0e:81 Channel : 48 Radio : wifi1 TX Power : 23 Link Quality : 67/70 BSSID : 6D:B9:DD:BD:EE:C4 > Digi Connect EZ 4/4i User Guide...
Page 261 This chapter contains the following topics: Hotspot authentication modes Hotspot DHCP server Hotspot security Hotspot configuration Show hotspot status and statistics Customize the hotspot login page Hotspot RADIUS attributes Digi Connect EZ 4/4i User Guide...
Page 262: Hotspot Authentication Modes
SSL certificate for the requested domain. Requests made via any other protocol will also time out. Most operating systems will detect this scenario and automatically notify users to open the login page in a web browser. Digi Connect EZ 4/4i User Guide...
Page 263: Hotspot Dhcp Server
(such as the LAN and VPN interfaces). Additionally, the hotspot zone prevents hotspot clients from accessing the device itself (for example, via the web interface or SSH). Digi Connect EZ 4/4i User Guide...
Page 264: Hotspot Configuration
Create a new hotspot Configure the hotspot to use local shared password authentication Configure the hotspot to use RADIUS shared password authentication Configure the hotspot to use RADIUS users authentication Configure the hotspot to use HotspotSystem authentication Digi Connect EZ 4/4i User Guide...
Page 265: Enable Hotspot Using The Default Configuration
Bandwidth limits: Maximum download speed: 10000 Kbps Maximum upload speed: 10000 Kbps Bridge Name: hotspot_bridge Disabled 2.4 GHz Wi-Fi access point: Digi Hotspot AP (Wi- Fi1) Access points Name: Digi Hotspot AP (Wi-Fi1) Disabled SSID: Digi Hotspot Encryption: Open (unencrypted) Hotspot access points should be set to open (unencrypted).
Page 266 3. Enable the hotspot: a. Click Network > Hotspots > hotspot. b. Click Enable hotspot. 4. Enable the hotspot access points: a. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi1). b. Click Enable. Digi Connect EZ 4/4i User Guide...
Page 267 Click Network > Bridges > hotspot_bridge. b. Click Enable. 6. Enable the hotspot LAN: a. Click Network > Interface > LAN > LAN hotspot. b. Click Enable. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 268 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 269: Change The Default Hotspot Ssid
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi1). 4. Change the default SSID, Digi Hotspot, to your preferred value.
Page 270: Change The Default Hotspot Ip Address And Subnet
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Hotspots > hotspot. 4. Click to expand IPv4. Digi Connect EZ 4/4i User Guide...
Page 271 IP address. The default is 250. 7. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 272 IP address, and is combined with the subnet of the hotspot's static IP address. (config)> network hotspot hotspot ipv4 address dhcp_server lease_end value (config)> where value is any integer between 1 and 254. The default is 250. Digi Connect EZ 4/4i User Guide...
Page 273: Change The Default Hotspot Bandwidth Limits
4. For Maximum download speed, type the maximum download speed in kilobytes per second (Kbps). 5. For Maximum upload speed, type the maximum upload speed in kilobytes per second (Kbps). 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 274: Add An Ethernet Port To The Default Hotspot
Required configuration items Enable default hotspot configuration. See Enable hotspot using the default configuration instructions. Ethernet port to be added to the hotspot. To add an Ethernet port to the default hotspot:  WebUI Digi Connect EZ 4/4i User Guide...
Page 275 Click Network > Bridges > LAN1 > Devices. b. Click the ... menu icon next to the Ethernet: ETH2 device entry and select Delete. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 276 Use the index number, 0, to remove the ETH2 device from the LAN1 bridge: (config)> del network bridge lan1 device 0 (config)> 5. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 277: Use Policy Routes With Hotspot
(config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 278: Create A New Hotspot
Subnets that clients connected to the hotspot can access prior to the client being authenticated. Maximum download speed, in Kbps. Maximum upload speed, in Kbps. Enable verbose logging. To create a new hotspot:  WebUI Digi Connect EZ 4/4i User Guide...
Page 279 For Device, select the bridge created above. iv. Click to expand IPv4. v. For Address, enter an IP address and subnet mask for the LAN. This IP address must be unique from all other interfaces. Digi Connect EZ 4/4i User Guide...
Page 280 RADIUS shared password authentication. RADIUS users: Requires each user to enter username and password credentials that are established on an external RADIUS server. The credentials are validated by the RADIUS server. Digi Connect EZ 4/4i User Guide...
Page 281 The hotspot DHCP server is automatically enabled and cannot be disabled. i. Click to expand DHCP server. ii. For Lease time, type the amount of time that a client DHCP lease is valid. The default is 10 minutes. Digi Connect EZ 4/4i User Guide...
Page 282 17. (Optional) For Maximum download speed, type the maximum download speed in kilobytes per second (Kbps). 18. (Optional) For Maximum upload speed, type the maximum upload speed in kilobytes per second (Kbps). 19. (Optional) Click Debug to enable verbose logging to the system log. Digi Connect EZ 4/4i User Guide...
Page 283 Type ... to return to the config prompt: (config network wifi ap new_hotspot_AP1)> ... (config)> e. Add additional access points by following the above instructions. 4. (Optional) Create a new bridge and interface for the hotspot. Digi Connect EZ 4/4i User Guide...
Page 284 ? Default value: /network/lan Current value: /network/lan (config network bridge new_hotspot_bridge)> ii. Add the appropriate device. For example, to add the Digi AP Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap (config)> c. Type ... to return to the config prompt: (config network bridge new_hotspot_bridge)>...
Page 285 (config network bridge new_hotspot_bridge)> ..interface lan device Default value: /network/lan Current value: /network/lan (config network bridge new_hotspot_bridge)> b. Add the appropriate device. For example, to add the Digi AP Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap (config)>...
Page 286 /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time. remote: Uses an HTML page for authentication that is served by a remote web server. Digi Connect EZ 4/4i User Guide...
Page 287 (config network hotspot new_hotspot)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set lease_time to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 288 16. (Optional) Change the default maximum download speed: (config network hotspot new_hotspot)> bandwidth_max_down value (config network hotspot new_hotspot)> where value is an integer between 1 and 100000 and represents the maximum download speed in Kbps. Digi Connect EZ 4/4i User Guide...
Page 289: Configure The Hotspot To Use Local Shared Password Authentication
HTML authentication page and include that server in the "white list" of servers that unauthenticated hotspot clients can access. See Customize the hotspot login page for further information. Hotspot LAN configuration:  Configure hotspot for local shared password authentication from the WebUI Digi Connect EZ 4/4i User Guide...
Page 290 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 291: Configure The Hotspot To Use Radius Shared Password Authentication
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Create a new hotspot Enable hotspot using the default configuration. Digi Connect EZ 4/4i User Guide...
Page 292 Repeat to add additional subnets. 7. Click Apply to save the configuration and apply the change.  Configure hotspot for RADIUS shared password authentication from the Command line Digi Connect EZ 4/4i User Guide...
Page 293 Set the shared secret for the RADIUS server. This is configured on the RADIUS server. (config)> network hotspot hotspot_name radius secret secret (config)> f. Set the unique Network Access Server (NAS) identifier used by the RADIUS server: (config)> network hotspot hotspot_name radius nas_id id (config)> The default is hotspot. Digi Connect EZ 4/4i User Guide...
Page 294: Configure The Hotspot To Use Radius Users Authentication
By default, the router redirects unauthenticated users to the HTML authentication page located on the router at etc/config/hotspot/login.html. You can customize the authentication page as needed, or host an authentication page on a remote server. See Customize the hotspot login page for further information. Digi Connect EZ 4/4i User Guide...
Page 295 (Optional) For Port, type the port number to use for RADIUS authentication requests. The default is 1812. d. (Optional) For Accounting port, type the port number to use for RADIUS accounting requests. The default is 1813. Digi Connect EZ 4/4i User Guide...
Page 296 2. At the command line, type config to enter configuration mode: > config (config)> Create a new hotspot Enable hotspot using the default configuration. 4. Set the authentication mode to radius-users: (config)> network hotspot hotspot_name auth radius-users (config)> Digi Connect EZ 4/4i User Guide...
Page 297 6. Set walled garden settings. Walled garden settings define the "white list" of domains and subnets that unauthenticated clients are able to access. Include the domain or subnet of the RADIUS server(s) that are being used for authentication. Digi Connect EZ 4/4i User Guide...
Page 298: Configure The Hotspot To Use Hotspotsystem Authentication
Modify the local HTML authentication page, /etc/config/hotspot/login.html, or enter the name of an alternative HTML authentication page stored in the same directory, or identify a remote web server to host the HTML authentication page and include that server in the "white Digi Connect EZ 4/4i User Guide...
Page 299 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Create a new hotspot Enable hotspot using the default configuration. 4. During hotspot configuration, for Authentication mode, select HotspotSystem. Digi Connect EZ 4/4i User Guide...
Page 300 2. At the command line, type config to enter configuration mode: > config (config)> Create a new hotspot Enable hotspot using the default configuration. 4. Set the authentication mode to hotspotsystem: (config)> network hotspot hotspot_name auth hotspotsystem (config)> Digi Connect EZ 4/4i User Guide...
Page 301: Show Hotspot Status And Statistics
Type quit to disconnect from the device. Show hotspot status and statistics  WebUI 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the main menu, click Status Digi Connect EZ 4/4i User Guide...
Page 302 Hotspot Show hotspot status and statistics 3. Under Networking, click Hotspot. The Hotspot status page is displayed. Digi Connect EZ 4/4i User Guide...
Page 303 -------------------- 8C-2D-2D-C8-41-AA 10.1.0.101 mariev > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 304: Customize The Hotspot Login Page
Create a new hotspot for information about configuring the HTML page that the hotspot will use. This section contains the following topics: Edit sample hotspot HTML pages Upload custom hotspot HTML pages Restore hotspot default sample pages Digi Connect EZ 4/4i User Guide...
Page 305: Edit Sample Hotspot Html Pages
Use the local file system to browse to the location of the edited HTML file. Select the file and click Open to upload the file.  Command line Use the command to download and upload the sample HTML files using utilities. Digi Connect EZ 4/4i User Guide...
Page 306: Upload Custom Hotspot Html Pages
1. Upload your custom HTML file to the Connect EZ device's filesystem: a. Log into the Connect EZ WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. Digi Connect EZ 4/4i User Guide...
Page 307 Type config to change to configuration mode: > config (config)> b. Set login to local-page: (config)> network hotspot hotspot_name login local (config)> c. Set local-page to your custom HTML file: (config)> network hotspot hotspot_name local-page custom.html Digi Connect EZ 4/4i User Guide...
Page 308: Restore Hotspot Default Sample Pages
Save the configuration and apply the change: (config)> save Configuration saved. > d. Type config again to change to configuration mode: > config (config)> e. Reenable the hotspot: (config)> network hotspot hotspot_name enabled true (config)> Digi Connect EZ 4/4i User Guide...
Page 309: Hotspot Radius Attributes
Also, if the RADIUS server requests it, the hotspot will send accounting information back to the RADIUS server. For example, here are some of the RADIUS attributes that the hotspot sends: Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Input-Gigawords Acct-Output-Gigawords Digi Connect EZ 4/4i User Guide...
Page 310: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi Connect EZ 4/4i User Guide...
Page 311: Ip Routing
5. If there are two or more routes to a destination with the same mask, the device uses the route with the lowest metric. This section contains the following topics: Configure a static route Delete a static route Policy-based routing Configure a routing policy Routing services Configure routing services Digi Connect EZ 4/4i User Guide...
Page 312: Configure A Static Route
4. Click the  to add a new static route. The new static route configuration page is displayed: New static route configurations are enabled by default. To disable, click to toggle Enable to off. Digi Connect EZ 4/4i User Guide...
Page 313 (config network route static 0)> label "route to accounting network" (config network route static 0)> 5. Set the IP address or network of the destination of this route. For example: (config network route static 0)> destination ip_address[/netmask] (config network route static 0)> Digi Connect EZ 4/4i User Guide...
Page 314: Delete A Static Route
11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a static route  WebUI Digi Connect EZ 4/4i User Guide...
Page 315 3. Determine the index number of the static route to be deleted: (config)> show network route static dst 10.0.0.1 enable true no gateway interface /network/interface/lan1 label new_static_route metric 0 mtu 0 dst 192.168.5.1 enable true gateway 192.168.5.1 interface /network/interface/lan2 label new_static_route_1 Digi Connect EZ 4/4i User Guide...
Page 316: Policy-Based Routing
Required configuration items The packet matching parameters. It can any combination of the following: Source interface. Source address. This can be a firewall zone, an interface, a single IPv4/IPv6 address or network, or a MAC address. Digi Connect EZ 4/4i User Guide...
Page 317 9. For Protocol, select Any, TCP, UDP, or ICMP. If TCP or UDP is selected for Protocol, type the port numbers of the Source port and Destination port, or set to any to match for any port. Digi Connect EZ 4/4i User Guide...
Page 318 For Domain, type the domain name. iv. Repeat to add additional domains. Default route: Matches packets destined for the default route, excluding routes for local networks. 13. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 319 (config network route policy 0)> exclusive true (config network route policy 0)> 7. Select the IP version: (config network route policy 0)> ip_version value (config network route policy 0)> where value is one of any, ipv4, or ipv6. Digi Connect EZ 4/4i User Guide...
Page 320 ICMP type and optional code, or set to any to match for any ICMP type. 9. Set the source address type: (config network route policy 0)> src type value (config network route policy 0)> Digi Connect EZ 4/4i User Guide...
Page 321 (config network route policy 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Matches the source IPv6 address to the specified IP address or network. Set the address that will be matched: Digi Connect EZ 4/4i User Guide...
Page 322 (config network route policy 0)> dst zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the destination IP address to the selected interface's network address. Set the interface: Digi Connect EZ 4/4i User Guide...
Page 323 (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 324: Routing Services
The Border Gateway Protocol (BGP) service supports BGP-4 ( IS-IS The IPv4 and IPv6 Intermediate System to Intermediate System (IS-IS) service. Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. Digi Connect EZ 4/4i User Guide...
Page 325 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 326 Complete the configuration of the routing service. For example, use the ? to view the available parameters for the RIP service: (config)> network route service rip ? Parameters Current Value --------------------------------------------------------------------- ---------- ecmp false Allow ECMP enable true Enable Additional Configuration --------------------------------------------------------------------- ---------- interface Interfaces neighbour Neighbours Digi Connect EZ 4/4i User Guide...
Page 327: Show The Routing Table
3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 328: Dynamic Dns
The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. Digi Connect EZ 4/4i User Guide...
Page 329 10. (Optional) For Check Interval, type the amount of time to wait to check if the interface's IP address needs to be updated. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 330 (config network ddns new_ddns_instance)> 4. Set the interface for the Dynamic DNS instance: a. Use the ? to determine available interfaces: b. Set the interface. For example: (config network ddns new_ddns_instance)> interface eth1 (config network ddns new_ddns_instance)> Digi Connect EZ 4/4i User Guide...
Page 331 10. (Optional) Set the amount of time to wait to check if the interface's IP address needs to be updated: (config network ddns new_ddns_instance)> check_interval value (config network ddns new_ddns_instance)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 332 (config)> save Configuration saved. > 15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 333: Virtual Router Redundancy Protocol (Vrrp)
VRRP+, an extension to VRRP that uses network probing to monitor connections through VRRP-enabled devices and dynamically change the VRRP priorty of devices based on the status of their network connectivity.  WebUI Digi Connect EZ 4/4i User Guide...
Page 334 9. (Optional) For Password, type a password that will be used to authenticate this VRRP router with VRRP peers. If the password length exceeds 8 characters, it will be truncated to 8 characters. Digi Connect EZ 4/4i User Guide...
Page 335 6. Set the router ID. The Router ID must be the same on all VRRP devices that participate in the same VRRP device pool. Allowed values are from 1 and 255, and it is configured to 50 by default. Digi Connect EZ 4/4i User Guide...
Page 336: Configure Vrrp
SureLink tests. This section describes how to configure VRRP+ on a Connect EZ device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP. See Configure VRRP for information. Enable VRRP+. Digi Connect EZ 4/4i User Guide...
Page 337 3. Click Network > VRRP. 4. Create a new VRRP instance, or click to expand an existing VRRP instance. Configure VRRP for information about creating a new VRRP instance. 5. Click to expand VRRP+. 6. Click Enable. Digi Connect EZ 4/4i User Guide...
Page 338 Click to expand Network > Interfaces. b. Click to expand the appropriate VRRP interface (for example, LAN1). c. For backup devices, for Default Gateway, type the IP address of the VRRP interface on the master device. Digi Connect EZ 4/4i User Guide...
Page 339 Click to expand Test targets > Test target. v. Configure the test target. For example, to configure SureLink to verify internet connectivity on the LAN by pinging my.devicecloud.com: i. For Test Type, select Ping test. ii. For Ping host, type my.devicecloud.com. Digi Connect EZ 4/4i User Guide...
Page 340 (Optional) Repeat for additional interfaces. 6. Set the amount that the device's priority should be decreased or increased due to SureLink connectivity failure or success: (config)> network vrrp VRRP_test vrrp_plus weight value (config)> Digi Connect EZ 4/4i User Guide...
Page 341 Determine the VRRP interface. Generally, this should be a LAN interface; VRRP+ will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. Digi Connect EZ 4/4i User Guide...
Page 342 (config network interface eth2 ipv4 surelink target 0)> dns: Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. Digi Connect EZ 4/4i User Guide...
Page 343 (config network interface eth2 ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_timeout to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 344: Example: Vrrp/Vrrp+ Configuration
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP. 4. For Add VRRP instance, type a name for the VRRP instance and click . The new VRRP instance configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 345 6. For Priority modifier, type 30. Task 3: Configure the IP address for the VRRP interface, ETH2, on device one 1. Click Network > Interfaces > ETH2 > IPv4 2. For Address, type 192.168.3.1/24. Digi Connect EZ 4/4i User Guide...
Page 346 (config network vrrp VRRP_test)> 4. Enable the VRRP instance: (config network vrrp VRRP_test)> enable true (config network vrrp VRRP_test)> 5. Set the VRRP interface to ETH2: (config network vrrp VRRP_test)> interface /network/interface/eth2 (config network vrrp VRRP_test)> Digi Connect EZ 4/4i User Guide...
Page 347 1. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 100: (config)> network interface eth2 ipv4 dhcp_server lease_start 100 (config)> b. Set the end address to 199: (config)> network interface eth2 ipv4 dhcp_server lease_end 199 (config)> Digi Connect EZ 4/4i User Guide...
Page 348: Configure Device Two (Backup Device)
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > VRRP. 4. For Add VRRP instance, type a name for the VRRP instance and click . The new VRRP instance configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 349 1. Click Network > Interfaces > ETH2 > IPv4 2. For Address, type 192.168.3.2/24. 3. For Default gateway, type the IP address of the VRRP interface on the master device, configured above in Task 3, step 2 (192.168.3.1). Digi Connect EZ 4/4i User Guide...
Page 350 3. For Lease range end, type 250. 4. Click Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. 7. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 351 4. Set the amount that the device's priority should be decreased or increased due to SureLink connectivity failure or success to 30: (config network vrrp VRRP_test )> network vrrp VRRP_test vrrp_plus weight (config network vrrp VRRP_test )> Digi Connect EZ 4/4i User Guide...
Page 352 2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 200: (config)> network interface eth2 ipv4 dhcp_server lease_start 200 (config)> Digi Connect EZ 4/4i User Guide...
Page 353: Show Vrrp Status And Statistics
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Status > VRRP. The Virtual Router Redundancy Protocol window is displayed. Digi Connect EZ 4/4i User Guide...
Page 354 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > Digi Connect EZ 4/4i User Guide...
Page 355 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) L2TP L2TPv3 Ethernet NEMO Digi Connect EZ 4/4i User Guide...
Page 356: Ipsec
Diffie-Hellman key exchange. This creates the IKE SAs that are used to encrypt further IKE communications. For IKEv1, there are two modes for the phase 1 negotiation: Main mode and Aggressive mode. IKEv2 does not use these modes. Digi Connect EZ 4/4i User Guide...
Page 357: Authentication
Configuring an IPsec tunnel with a remote device involves configuring the following items: Required configuration items IPsec tunnel configuration items: The mode: either tunnel or transport. Enable the IPsec tunnel. The IPsec tunnel is enabled by default. Digi Connect EZ 4/4i User Guide...
Page 358 Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. Digi Connect EZ 4/4i User Guide...
Page 359 The Configuration window is displayed. 3. Click VPN > IPsec. 4. Click to expand Tunnels. 5. For Add IPsec tunnel, type a name for the tunnel and click . The new IPsec tunnel configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 360 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. 11. For Mode, select Tunnel mode. Transport mode is not currently supported. Digi Connect EZ 4/4i User Guide...
Page 361 Type the Private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. iii. For Certificate, paste the local X.509 certificate in PEM format. Digi Connect EZ 4/4i User Guide...
Page 362 For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. Digi Connect EZ 4/4i User Guide...
Page 363 RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. FQDN: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. Digi Connect EZ 4/4i User Guide...
Page 364 Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. Digi Connect EZ 4/4i User Guide...
Page 365 If supported by the peer: Send oversized IKE messages in fragments, if the peer supports receiving them. Always: Always send IKEv1 messages in fragments. For IKEv2, this option is equivalent to If supported by the peer. Never: Do not send oversized IKE messages in fragments. Digi Connect EZ 4/4i User Guide...
Page 366 22. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically restarted when failure occurs. Digi Connect EZ 4/4i User Guide...
Page 367 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 25. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 26. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 368 Format: dynamic_routes edge external internal ipsec loopback setup Default value: ipsec Current value: ipsec (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ 4/4i User Guide...
Page 369 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: Digi Connect EZ 4/4i User Guide...
Page 370 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: Digi Connect EZ 4/4i User Guide...
Page 371 (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ 4/4i User Guide...
Page 372 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. Digi Connect EZ 4/4i User Guide...
Page 373 Repeat for additional hostnames. b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 374 (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. Digi Connect EZ 4/4i User Guide...
Page 375 Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes. To disable: Digi Connect EZ 4/4i User Guide...
Page 376 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> Digi Connect EZ 4/4i User Guide...
Page 377 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal. iii. Repeat to add more phase 1 proposals. Digi Connect EZ 4/4i User Guide...
Page 378 Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> The default is modp2048. vi. (Optional) Add additional phase 2 proposals: Digi Connect EZ 4/4i User Guide...
Page 379 Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. Digi Connect EZ 4/4i User Guide...
Page 380 (config vpn ipsec tunnel ipsec_example policy 0)> where value is the IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. dynamic: Uses the address of the local endpoint. Digi Connect EZ 4/4i User Guide...
Page 381 (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: any: Matches any protocol. tcp: Matches TCP protocol only. udp: Matches UDP protocol only. icmp: Matches ICMP requests only. Digi Connect EZ 4/4i User Guide...
Page 382 Generally, the default settings for these should be sufficient. c. You can also enable debugging for IPsec: (config)> vpn ipsec advanced debug value (config)> where value is one of: none basic_auditing detailed_control generic_control raw_data sensitive_data Digi Connect EZ 4/4i User Guide...
Page 383 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 384: Configure Ipsec Failover
For example: Tunnel_1: Metric: 10 Local endpoint > Interface: ETH2 Remote endpoint > Hostname: 192.168.10.1 SureLink configuration: Restart Interface enabled Test target: Test type: Ping test Ping host: 192.168.10.2 Tunnel_2: Digi Connect EZ 4/4i User Guide...
Page 385 Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).  Command line Digi Connect EZ 4/4i User Guide...
Page 386 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation Digi Connect EZ 4/4i User Guide...
Page 387: Configure Surelink Active Recovery For Ipsec
The amount of time that the device should wait for a response to a probe attempt before considering it to have failed. To configure the Connect EZ device to regularly probe the IPsec connection:  WebUI Digi Connect EZ 4/4i User Guide...
Page 388 10. For Success condition, determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets. 11. For Attempts, type the number of probe attempts before the WAN is considered to have failed. Digi Connect EZ 4/4i User Guide...
Page 389 For example, to set Down time to ten minutes, enter 10m or 600s. The default is 60 seconds. Initial connection time: The amount of time to wait for an initial connection to the interface before this test is considered to have failed. Digi Connect EZ 4/4i User Guide...
Page 390 This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. 6. To configure the device to reboot when the interface is considered to have failed: (config vpn ipsec tunnel ipsec_example)> surelink reboot enable (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ 4/4i User Guide...
Page 391 (config vpn ipsec tunnel ipsec_example)> add surelink target end (config vpn ipsec tunnel ipsec_example surelink target 0)> b. Set the test type: (config vpn ipsec tunnel ipsec_example surelink target 0)> test value (config vpn ipsec tunnel ipsec_example surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 392 (config vpn ipsec tunnel ipsec_example surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 393 (config vpn ipsec tunnel ipsec_example surelink target 0)> other_ip_version value (config vpn ipsec tunnel ipsec_example surelink target 0)> where value is one of: any, both, ipv4, or ipv6. Set the expected status of the alternate interface: Digi Connect EZ 4/4i User Guide...
Page 394: Show Ipsec Status And Statistics
> show ipsec all Name Enable Status Hostname ------ ------ ------- --------------- ipsec1 true 192.168.2.1 vpn1 false pending 192.168.3.1 > 3. To display details about a specific tunnel: > show ipsec tunnel ipsec1 Tunnel : ipsec1 Digi Connect EZ 4/4i User Guide...
Page 395: Debug An Ipsec Configuration
Raw data: Includes raw data dumps in hexadecimal format. Sensitive material: Also includes sensitive material in dumps (for example, encryption keys). 6. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 396: Configure A Simple Certificate Enrollment Protocol Client
The challenge password provided by the SCEP server that the SCEP client will use when making SCEP requests. The distinguished name to be used for the CSR. The file name of the Certificate Revocation List (CRL) from the Certificate Authority (CA). Digi Connect EZ 4/4i User Guide...
Page 397 7. (Optional) For CRL file name, type the filename of the Certificate Revocation List (CRL) from the The CRL is stored on the Connect EZ device in the /etc/config/scep_client/client_name directory. 8. Click to expand SCEP server. Digi Connect EZ 4/4i User Guide...
Page 398 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a new SCEP client: (config)> add network scep_client scep_client_name (config network scep_client scep_client_name )> Digi Connect EZ 4/4i User Guide...
Page 399 Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: (config network scep_client scep_client_name)> distinguished_name st value (config network scep_clientscep_client_name )> d. Set the Locality: Digi Connect EZ 4/4i User Guide...
Page 400: Example: Scep Client Configuration With Fortinet Scep Server
Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the Connect EZ device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: Digi Connect EZ 4/4i User Guide...
Page 401 Renewable Time setting on the Connect EZ device must match the setting of this parameter. g. The remaining fields can be left at their defaults or changed as appropriate. h. Click OK. Connect EZ configuration On the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 402 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi Connect EZ 4/4i User Guide...
Page 403 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 404 Set the two letter Country Code: (config network scep_client Fortinet_SCEP_client)> distinguished_name c value (config network scep_client Fortinet_SCEP_client)> c. Set the State or Province: (config network scep_client Fortinet_SCEP_client)> distinguished_name st value (config network scep_client Fortinet_SCEP_client)> Digi Connect EZ 4/4i User Guide...
Page 405: Disable Hardware Cryptographic Acceleration
Type quit to disconnect from the device. Disable hardware cryptographic acceleration If you are experiencing problems when using IPSEC, such as the kernel crashing or unexpected package loss, disabling hardware cryptographic acceleration may correct the problem.  WebUI Digi Connect EZ 4/4i User Guide...
Page 406 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. The device must be rebooted for the change to take effect. See Reboot your Connect EZ device. Digi Connect EZ 4/4i User Guide...
Page 407: Openvpn
OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect EZ device supports two mechanisms for configuring an OpenVPN server in TAP mode: Digi Connect EZ 4/4i User Guide...
Page 408: Configure An Openvpn Server
If username and password authentication is used, you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificates and keys: The CA certificate (usually in a ca.crt file). The Public key (for example, server.crt) Digi Connect EZ 4/4i User Guide...
Page 409 3. Click VPN > OpenVPN > Servers. 4. For Add, type a name for the OpenVPN server and click . The new OpenVPN server configuration is displayed. The OpenVPN server is enabled by default. To disable, click Enable. Digi Connect EZ 4/4i User Guide...
Page 410 For Address, enter the IPv4 address or network that can access the device's service-type. Allowed values are: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Digi Connect EZ 4/4i User Guide...
Page 411 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 412 LAN devices. (config vpn openvpn server name)> zone value (config vpn openvpn server name)> To view a list of available zones: (config vpn openvpn server name)> firewall zone ? Digi Connect EZ 4/4i User Guide...
Page 413 99, the last client IP address will be 192.168.1.80. The default is from 80. 6. (Optional) Set the port that the OpenVPN server will use: (config vpn openvpn server name)> port port (config vpn openvpn server name)> The default is 1194. Digi Connect EZ 4/4i User Guide...
Page 414 Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: (config vpn openvpn server name)> server_key value (config vpn openvpn server name)> v. Paste the contents of the Diffie Hellman key (usually in dh2048.pem) into the value of the diffie parameter: Digi Connect EZ 4/4i User Guide...
Page 415 Display a list of available firewall zones: Type ... firewall zone ? at the config prompt: (config vpn openvpn server name)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet Digi Connect EZ 4/4i User Guide...
Page 416: Configure An Openvpn Authentication Group And User
OpenVPN authentication group and user. Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password authentication. See Connect EZ user authentication for more information about creating authentication groups and users.  WebUI Digi Connect EZ 4/4i User Guide...
Page 417 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. Digi Connect EZ 4/4i User Guide...
Page 418 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 419 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 420: Configure An Openvpn Client By Using An .Ovpn File
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients. 4. For Add, type a name for the OpenVPN client and click . The new OpenVPN client configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 421 (config vpn openvpn client name)> zone value (config vpn openvpn client name)> To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Format: Digi Connect EZ 4/4i User Guide...
Page 422: Configure An Openvpn Client Without Using An .Ovpn File
The OpenVPN client is enabled by default. The mode used by the OpenVPN server, either routing (TUN), or bridging (TAP). The firewall zone to be used by the OpenVPN client. The IP address of the OpenVPN server. Digi Connect EZ 4/4i User Guide...
Page 423 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients. 4. For Add, type a name for the OpenVPN client and click . The new OpenVPN client configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 424 For OpenVPN parameters, type the additional OpenVPN parameters. For example, to override the configuration by using a configuration file, enter --config filename, for example, --config /etc/config/openvpn_config. 15. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 425 (config vpn openvpn client name)> To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Format: dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ 4/4i User Guide...
Page 426 (config vpn openvpn client name)> private_key value (config vpn openvpn client name)> 14. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn client name)> advanced_options enable true (config vpn openvpn client name)> Digi Connect EZ 4/4i User Guide...
Page 427: Configure Surelink Active Recovery For Openvpn
The amount of time that the device should wait for a response to a probe attempt before considering it to have failed. To configure the Connect EZ device to regularly probe the OpenVPN connection:  WebUI Digi Connect EZ 4/4i User Guide...
Page 428 For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. 10. For Success condition, determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets. Digi Connect EZ 4/4i User Guide...
Page 429 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. The default is 60 seconds. Digi Connect EZ 4/4i User Guide...
Page 430 5. To configure the device to restart the interface when its connection is considered to have failed: (config vpn openvpn client openvpn_client1)> surelink restart true (config vpn openvpn client openvpn_client1)> This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. Digi Connect EZ 4/4i User Guide...
Page 431 (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add surelink target end (config vpn openvpn client openvpn_client1 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 432 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi Connect EZ 4/4i User Guide...
Page 433 If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface /network/interface/eth1 Digi Connect EZ 4/4i User Guide...
Page 434: Show Openvpn Server Status And Statistics
2. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears. 3. To view configuration details about an OpenVPN server, click the  (configuration) icon in the upper right of the OpenVPN server's status pane.  Command line Digi Connect EZ 4/4i User Guide...
Page 435: Show Openvpn Client Status And Statistics
2. On the menu, select Status > OpenVPN > Clients. The OpenVPN Clients page appears. 3. To view configuration details about an OpenVPN client, click the  (configuration) icon in the upper right of the OpenVPN client's status pane.  Command line Digi Connect EZ 4/4i User Guide...
Page 436 : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 437: Generic Routing Encapsulation (Gre)
New interfaces are enabled by default. To disable, or to enable if it has been disabled, click Enable. 6. For Interface type, select Ethernet. 7. For Zone, select Internal. 8. For Device, select Ethernet: Loopback. Digi Connect EZ 4/4i User Guide...
Page 438 (config network interface gre_interface)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 439 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add the GRE endpoint tunnel. For example, to add a tunnel named gre_example: (config)> add vpn iptunnel gre_example (config vpn iptunnel gre_example)> Digi Connect EZ 4/4i User Guide...
Page 440 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 441: Show Gre Tunnels
2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane. Digi Connect EZ 4/4i User Guide...
Page 442: Example: Gre Tunnel Over An Ipsec Tunnel
Remote network set to the IP address of the remote GRE tunnel, 172.30.0.1/32. 2. Create an IPsec endpoint interface named ipsec_endpoint2: a. Zone set to Internal. b. Device set to Ethernet: Loopback. c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.2/32. Digi Connect EZ 4/4i User Guide...
Page 443 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the Connect EZ-2 device. 9. Click to expand Policies. Digi Connect EZ 4/4i User Guide...
Page 444 (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the Connect EZ-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)> Digi Connect EZ 4/4i User Guide...
Page 445 (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change: (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 446 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 447  WebUI 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). Digi Connect EZ 4/4i User Guide...
Page 448 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect EZ-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 449 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 450 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > IPsec > Tunnels. Digi Connect EZ 4/4i User Guide...
Page 451 13. For Address, type the IP address and subnet of the local GRE tunnel, 172.30.0.2/32. 14. For Remote network, type the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32. 15. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 452 172.30.0.1/32 (config vpn ipsec tunnel ipsec_gre2 policy 0)> 10. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_gre2 policy 0)> save Configuration saved. > Task two: Create an IPsec endpoint interface Digi Connect EZ 4/4i User Guide...
Page 453 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 454 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect EZ-1, 172.30.0.1. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 455 Configuration saved. > Task four: Create an interface for the GRE tunnel device  WebUI 1. Click Network > Interfaces. 2. For Add Interface, type gre_interface2 and click . 3. For Zone, select Internal. Digi Connect EZ 4/4i User Guide...
Page 456 (config network interface gre_interface2)> zone internal (config network interface gre_interface2)> 4. Set the device to the GRE tunnel created in Task three (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_ tunnel2 (config network interface gre_interface2)> Digi Connect EZ 4/4i User Guide...
Page 457: L2Tp
Enable custom PPP configuration options for the tunnel. Whether to override the default configuration and only use the custom options. Optional configuration data in the format of a pppd options file. SureLink options for the tunnel. Digi Connect EZ 4/4i User Guide...
Page 458 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 459 The keyword any, which means that the server will accept connections from any IP address. e. For Local IP address, type the IP address of the L2TP virtual network interface. f. For Remote IP address, type the IP address to assign to the remote peer. Digi Connect EZ 4/4i User Guide...
Page 460 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 461 To limit access based on firewall zones: (config)> add vpn l2tp acl zone end value Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect EZ 4/4i User Guide...
Page 462 (Optional) Set the UDP port to use to connect to the L2TP network server: (config vpn l2tp lac lac_tunnel)> port int (config vpn l2tp lac lac_tunnel)> where int is an integer between 1 and 65535. The default is 1701. Digi Connect EZ 4/4i User Guide...
Page 463 (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> h. (Optional): Custom PPP configuration: i. Enable custom PPP configuration: (config vpn l2tp lac lac_tunnel)> custom enable true (config vpn l2tp lac lac_tunnel)> Digi Connect EZ 4/4i User Guide...
Page 464 (config vpn l2tp lns lns_server)> d. Set the IP address to assign to the remote peer: (config vpn l2tp lns lns_server)> remote_address IP_address (config vpn l2tp lns lns_server)> e. (Optional) Set the authentication method: Digi Connect EZ 4/4i User Guide...
Page 465 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn l2tp lns lns_server)> Digi Connect EZ 4/4i User Guide...
Page 466: Configure Surelink Active Recovery For Ppp-Over-L2Tp
Reboot the device. Additional configuration items The interval between connectivity tests. Whether the interface should be considered to have failed if one of the test targets fails, or all of the test targets fail. Digi Connect EZ 4/4i User Guide...
Page 467 This is useful for interfaces that may regain connectivity after restarting, such as a cellular modem. 8. For Reboot device, enable to instruct the device to reboot when the WAN connection is considered to have failed. Digi Connect EZ 4/4i User Guide...
Page 468 URL specified in Web servers. The URL should take the format of http [s]://hostname/[path]. Test DNS servers configured for this interface: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. Digi Connect EZ 4/4i User Guide...
Page 469 4. Enable active recovery: (config vpn l2tp lac lac_tunnel)> surelink enable true (config vpn l2tp lac lac_tunnel)> 5. To configure the device to restart the interface when its connection is considered to have failed: Digi Connect EZ 4/4i User Guide...
Page 470 For example, to set interval to ten minutes, enter either 10m or 600s: (config vpn l2tp lac lac_tunnel)> surelink timeout 600s (config vpn l2tp lac lac_tunnel)> The default is 15 seconds. Digi Connect EZ 4/4i User Guide...
Page 471 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi Connect EZ 4/4i User Guide...
Page 472 (config vpn l2tp lac lac_tunnel surelink target 0)> other_interface /network/interface/eth1 (config vpn l2tp lac lac_tunnel surelink target 0)> Set the alternate interface's IP version. This allows you to determine the alternate interface's status for a particular IP version. Digi Connect EZ 4/4i User Guide...
Page 473: L2Tp With Ipsec
2. On the menu, select Status. Under VPN, select L2TP > Access Connectors. The L2TP Access Connectors page appears. 3. To view configuration details about an L2TP access connector, click the  (configuration) icon in the upper right of the tunnel's status pane. Digi Connect EZ 4/4i User Guide...
Page 474 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. To display details about all configured L2TP access connectors, type the following at the prompt: Digi Connect EZ 4/4i User Guide...
Page 475: L2Tpv3 Ethernet
The session ID. The peer session ID. Additional configuration items Encapsulation type. If UDP is selected: The ID for the tunnel. The ID of the peer's tunnel. Determine whether to enable UDP checksum. The session cookie. Digi Connect EZ 4/4i User Guide...
Page 476 For Sequence numbering control, determine the sequence number control to prevent or detect out of order packets. Allowed values are: None: No sequence numbering. Send: Add a sequence number to each outgoing packet. Receive: Reorder packets if they are received out of order. Digi Connect EZ 4/4i User Guide...
Page 477 6. Set the tunnel identifier for this tunnel. This must match the value for peer tunnel ID on the remote peer. (config vpn l2tpeth L2TPv3_example)> tunnel_id value (config vpn l2tpeth L2TPv3_example)> where value is any integer between 1 and 4294967295. Digi Connect EZ 4/4i User Guide...
Page 478 1 and 4294967295. 12. (Optional) Set the cookie value to be assigned to the session. (config vpn l2tpeth L2TPv3_example session_example)> cookie value (config vpn l2tpeth L2TPv3_example session_example)> Allowed value is 8 or 16 hex digits. Digi Connect EZ 4/4i User Guide...
Page 479: Show L2Tpv3 Tunnel Status
2. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears. 3. To view configuration details about an L2TPV3 tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.  Command line Digi Connect EZ 4/4i User Guide...
Page 480: Nemo
IP subnets of the LANs for remote access and device management. Dynamic Mobile Network Routing (DMNR) is the implementation of NEMO for Verizon Wireless Private Networks. DMNR support requires the use of Verizon SIM cards that have DMNR enabled. Digi Connect EZ 4/4i User Guide...
Page 481: Configure A Nemo Tunnel
If set to IP address, enter the IP address. The local network of the GRE endpoint negotiated by NEMO. If the local network is set to Interface, identify the local interface to be used.  WebUI Digi Connect EZ 4/4i User Guide...
Page 482 For Type, select the local endpoint of the GRE endpoint negotiated by NEMO. If Default route is selected, the network interface that is used will be the same as the default route. If Interface is selected, specify the local network interface. The default is Default route. Digi Connect EZ 4/4i User Guide...
Page 483 (config vpn nemo nemo_example)> home_agent IPv4_address (config vpn nemo nemo_example)> 6. Set the key used to authenticate to the home agent. This is provided by your cellular carrier. (config vpn nemo nemo_example)> key value (config vpn nemo nemo_example)> Digi Connect EZ 4/4i User Guide...
Page 484 Uses the same network interface as the default route. interface If interface is used, set the interface: i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config vpn nemo nemo_example)> coaddress interface eth1 (config vpn nemo nemo_example)> Digi Connect EZ 4/4i User Guide...
Page 485: Show Nemo Status
15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show NEMO status  WebUI Digi Connect EZ 4/4i User Guide...
Page 486 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 487 Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi Connect EZ 4/4i User Guide...
Page 488: Allow Remote Access For Web Administration And Ssh
The Configuration window is displayed. 3. Click Services > Web administration > Access Control List > Zones. 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 489 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Configuration > Services > SSH > Access Control List > Zones. Digi Connect EZ 4/4i User Guide...
Page 490 Services Allow remote access for web administration and SSH 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 491: Configure The Web Administration Service
An SSL certificate to use for communications with the service. Support for legacy encryption protocols. Set the idle timeout for Connect EZ users for information about setting the inactivity timeout for the web administration services. Digi Connect EZ 4/4i User Guide...
Page 492 3. Enable or disable the web administration service: To enable the service: (config)> service web_admin enable true (config)> To disable the sevice: (config)> service web_admin enable false (config)> 4. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 493 To limit access to hosts connected through a specified interface on the Connect EZ device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces. Digi Connect EZ 4/4i User Guide...
Page 494 For example: 8. For Allow legacy encryption protocols, enable this option to allow clients to connect to the HTTPS session by using encryption protocols older than TLS 1.2, in addition to TLS 1.2 and Digi Connect EZ 4/4i User Guide...
Page 495 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 496 Enclose the certificate and private key contents in quotes ("). (config)> service web_admin cert "ssl-cert-and-private-key" (config)> If SSL certificate is blank, the device will use an automatically-generated, self-signed certificate. The SSL certificate and private key must be in PEM format. Digi Connect EZ 4/4i User Guide...
Page 497 BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Digi Connect EZ 4/4i User Guide...
Page 498 TLS 1.2 and later encryption protocols are allowed with HTTPS connections. To enable legacy encryption protocols: (config)> service web_admin legacy_encryption true (config)> 8. (Optional) Disable legacy port redirection. Digi Connect EZ 4/4i User Guide...
Page 499 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 500: Configure Ssh Access
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > SSH. 4. Click Enable. 5. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 501 4. (Optional) For Port, enter the port number for the service. Normally this should not be changed. 5. Click Access control list to configure access control: To limit access to specified IPv4 addresses and networks: a. Click IPv4 Addresses. b. For Add Address, click . Digi Connect EZ 4/4i User Guide...
Page 502 For Override: If Override is enabled, entries in Configuration file will be used in place of the standard SSH configuration. If Override is not enabled, entries in Configuration file will be added to the standard SSH configuration. Digi Connect EZ 4/4i User Guide...
Page 503 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 504 DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: Digi Connect EZ 4/4i User Guide...
Page 505 OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1" (config)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 506 Services Configure SSH access 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 507: Use Ssh With Key Authentication
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Users. 4. Select an existing user or create a new user. See User authentication for information about creating a new user. Digi Connect EZ 4/4i User Guide...
Page 508 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 509: Configure Telnet Access
1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 510 No limit to IPv4 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: a. Click IPv6 Addresses. b. For Add Address, click . Digi Connect EZ 4/4i User Guide...
Page 511 2. At the command line, type config to enter configuration mode: > config (config)> 3. Configure access control: To limit access to specified IPv4 addresses and networks: (config)> add service telnet acl address end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 512 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external Digi Connect EZ 4/4i User Guide...
Page 513: Configure Dns
Whether the device should always perform DNS queries to all available DNS servers. Whether to prevent upstream DNS servers from returning private IP addresses. Additional DNS servers, in addition to the ones associated with the device's network interfaces. Digi Connect EZ 4/4i User Guide...
Page 514 Services Configure DNS Specific host names and their IP addresses. The device is configured by default with the hostname digi.device, which corresponds to the 192.168.210.1 IP address. To configure the DNS server:  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights.
Page 515 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 516 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Digi Connect EZ 4/4i User Guide...
Page 517 Real-time Black List (RBL) servers. To disable: (config)> service dns rebind_localhost_ok false (config)> 8. (Optional) Add additional DNS servers a. Add a DNS server: (config)> add service dns server end (config service dns server 0)> Digi Connect EZ 4/4i User Guide...
Page 518: Show Dns Server
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DNS server You can display status for DNS servers. This command is available only at the Admin CLI.  Command line Digi Connect EZ 4/4i User Guide...
Page 519 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 520: Simple Network Management Protocol (Snmp)
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > SNMP. 4. Click Enable. 5. Click Access control list to configure access control: Digi Connect EZ 4/4i User Guide...
Page 521 12. (Optional) Select the Privacy protocol, either DES or AES. The default is DES. 13. (Optional) Click Enable version 2c access to enable read-only access to SNMP version 2c. 14. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 522 Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: (config)> add service snmp acl interface end value (config)> Where value is an interface defined on your device. Digi Connect EZ 4/4i User Guide...
Page 523 8. (Optional) Configure Multicast DNS (mDNS) mDNS is a protocol that resolves host names in small networks that do not have a DNS server. For the SNMP agent, mDNS is disabled by default. To enable: Digi Connect EZ 4/4i User Guide...
Page 524: Download Mibs
1. Log into the Connect EZ WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the Connect EZ device. Digi Connect EZ 4/4i User Guide...
Page 525 3. On the main menu, click Status. Under Services, click SNMP. Note If you have recently enabled SNMP and the SNMP option is not visible, refresh your browser. The SNMP page is displayed. 4. Click Download. Digi Connect EZ 4/4i User Guide...
Page 526: Location Information
Configure the location service Configure the device to use a user-defined static location Configure the device to accept location messages from external sources Forward location information to a remote host Configure geofencing Show location information Digi Connect EZ 4/4i User Guide...
Page 527: Configure The Location Service
7. For information about configuring Destination servers, see Forward location information to a remote host. 8. For information about configuring Geofence, see Configure geofencing. 9. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 528: Configure The Device To Use A User-Defined Static Location
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure the device to use a user-defined static location You can configured your Connect EZ device to use a user-defined static location.  WebUI Digi Connect EZ 4/4i User Guide...
Page 529 (config)> 3. Add a location source: (config)> add service location source end (config service location source 0)> 4. (Optional) Set a label for this location source: (config service location source 0)> label "label" (config)> Digi Connect EZ 4/4i User Guide...
Page 530: Configure The Device To Accept Location Messages From External Sources
UDP port that the Connect EZ device will listen to for incoming location messages. Access control list configuration to provide access to the port through the firewall. To configure the device to accept location messages from external sources:  WebUI Digi Connect EZ 4/4i User Guide...
Page 531 For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces. To limit access based on firewall zones: a. Click Zones. b. For Add Zone, click . Digi Connect EZ 4/4i User Guide...
Page 532 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 533 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Digi Connect EZ 4/4i User Guide...
Page 534: Forward Location Information To A Remote Host
Configure the Connect EZ device to forward location information:  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. Digi Connect EZ 4/4i User Guide...
Page 535 CP: Compact position: reports time, latitude, and longitude. ID: Reports the vehicle ID. LN: Long navigation: reports the latitude, longitude, and altitude, the horizontal and vertical speed, and heading. PV: Position/velocity: reports the latitude, longitude, and heading. Digi Connect EZ 4/4i User Guide...
Page 536 (config service location forward 0)> server host (config service location forward 0)> 5. Set the communication protocol to either upd or tcp: (config service location forward 0)> protocol protocol (config service location forward 0)> Digi Connect EZ 4/4i User Guide...
Page 537 Set the talker ID: (config service location forward 0)> talker_id value (config service location forward 0)> The default setting is Default, which means that the talker ID provided by the source will be used. Digi Connect EZ 4/4i User Guide...
Page 538 Use the index number to delete the message type. For example, to delete the gsa (index number 2) message type: (config service location forward 0)> del filter_nmea 2 (config service location forward 0)> Digi Connect EZ 4/4i User Guide...
Page 539 (config service location forward 0 filter_taip)> b. Use the add command to add the message type. For example, to add the id message type: (config service location forward 0 filter_taip)> add id end (config service location forward 0 filter_taip)> Digi Connect EZ 4/4i User Guide...
Page 540 (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 541: Configure Geofencing
Whether the script should be executed within a sandbox that will prevent the script from affecting the system itself. Additional configuration items Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.  WebUI Digi Connect EZ 4/4i User Guide...
Page 542 Click  to add a point that represents a vertex of the polygon. A vertex is the point at which two sides of a polygon meet. c. Type the Latitude and Longitude of one of the vertices of the polygon. Allowed values are: Digi Connect EZ 4/4i User Guide...
Page 543 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
Page 544 Click to expand On exit. b. (Optional) Enable Bootup action to configure the device to perform the On exit actions if the device is inside the geofence when it boots. Digi Connect EZ 4/4i User Guide...
Page 545 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 546 Set the latitude and longitude of the center point of the circle: (config service location geofence test_geofence)> center latitude int (config service location geofence test_geofence)> center longitude int (config service location geofence test_geofence)> where int is: Digi Connect EZ 4/4i User Guide...
Page 547 (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int (config service location geofence test_geofence coordinates 1)> where int is: Digi Connect EZ 4/4i User Guide...
Page 548 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
Page 549 (config)> add service location geofence test_geofence on_ entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value Digi Connect EZ 4/4i User Guide...
Page 550 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> Digi Connect EZ 4/4i User Guide...
Page 551 (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> Digi Connect EZ 4/4i User Guide...
Page 552 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: Digi Connect EZ 4/4i User Guide...
Page 553: Show Location Information
> show location Location Status --------------- State : enabled Source : 192.168.2.3 Latitude : 44* 55' 14.809" N (44.92078) Longitude : 93* 24' 47.262" w (-93.413128) Altitude : 279 meters Velocity : 0 meters per second Digi Connect EZ 4/4i User Guide...
Page 554: Modbus Gateway
Connect EZ gateway allows for communication between buses and and networks that use the Modbus protocol. This section contains the following topics: Configure the Modbus gateway Show Modbus gateway status and statistics Digi Connect EZ 4/4i User Guide...
Page 555: Configure The Modbus Gateway
Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi Connect EZ 4/4i User Guide...
Page 556 3. The new Modbus gateway server is enabled by default. Toggle off Enable the server to disable. 4. For Connection type, select Socket or Serial. Available options in the gateway server configuration vary depending on this setting. Digi Connect EZ 4/4i User Guide...
Page 557 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 558 For Remote host, type the hostname or IP address of the remote host on which the Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect EZ device. Digi Connect EZ 4/4i User Guide...
Page 559 To limit access to hosts connected through a specified interface on the Connect EZ device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces. Digi Connect EZ 4/4i User Guide...
Page 560 Modbus address of 10, you can create two clients on the gateway: Client one: Modbus address filter set to 10. This will configure the gateway to deliver all messages that have the Modbus server address of 10 to this device. Digi Connect EZ 4/4i User Guide...
Page 561 The Modbus server is enabled by default. To disable: (config service modbus_gateway server test_modbus_server)> enable false (config service modbus_gateway server test_modbus_server)> b. Set the connection type: (config service modbus_gateway server test_modbus_server)> connection_ type type (config service modbus_gateway server test_modbus_server)> Digi Connect EZ 4/4i User Guide...
Page 562 15 minutes, and takes the format number{m|s}. For example, to set inactivity_timeout to ten minutes, enter either 10m or 600s: (config service modbus_gateway server test_modbus_server)> inactivity_timeout 600s (config service modbus_gateway server test_modbus_server)> Digi Connect EZ 4/4i User Guide...
Page 563 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway server test_modbus_server)> serial half_duplex true (config service modbus_gateway server test_modbus_server)> c. Repeat the above instructions for additional servers. Digi Connect EZ 4/4i User Guide...
Page 564 1 and 65535. The default is 502. iii. Set the packet mode: (config service modbus_gateway client test_modbus_client)> socket packet_mode value (config service modbus_gateway client test_modbus_client)> where value is either rtu or ascii. The default is rtu. Digi Connect EZ 4/4i User Guide...
Page 565 Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_ client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------- ------------------------ port1 Port 1 (config service modbus_gateway client test_modbus_ client)> Digi Connect EZ 4/4i User Guide...
Page 566 Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. For example, to set response_timeout to 100 milliseconds: (config service modbus_gateway client test_modbus_client)> response_ timeout 100ms (config service modbus_gateway client test_modbus_client)> The default is 700ms. Digi Connect EZ 4/4i User Guide...
Page 567 This allows you to configure clients on the gateway that will forward messages to remote devices with the same Modbus address on different buses. For example, if there are two devices on two Digi Connect EZ 4/4i User Guide...
Page 568: Show Modbus Gateway Status And Statistics
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 569 Client Configuration Failure Server Configuration Failure Configuration Load Failure Incoming Connections Internal Error Resource Shortages Servers ------- modbus_socket ------------- Client Lookup Errors Incoming Connections Packet Errors RX Broadcasts RX Requests : 12 TX Exceptions Digi Connect EZ 4/4i User Guide...
Page 570 TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 571: System Time
Services System time System time By default, the Connect EZ device synchronizes the system time by periodically connecting to the Digi NTP server, time.devicecloud.com. In this mode, the device queries the time server based on following events and schedule: At boot time.
Page 572 (config)> system time timezone ? Timezone: The timezone for the location of this device. This is used to adjust the time for log messages. It also affects actions that occur at a specific time of day. Digi Connect EZ 4/4i User Guide...
Page 573 Type quit to disconnect from the device. Test the connection to the NTP servers The following procedure tests the configured NTP servers for connectivity. This test does not affect the device's current local date and time.  Command line Digi Connect EZ 4/4i User Guide...
Page 574: Manually Set The System Date And Time
Manually set the system date and time If your network restricts access to NTP servers, use this procedure to set the local date and time. This procedure is available at the Admin CLI only.  Command line Digi Connect EZ 4/4i User Guide...
Page 575: Network Time Protocol
Configure the device as an NTP server Required Configuration Items Enable the NTP service. At least one upstream NTP server for synchronization. The default setting is the Digi NTP server, time.devicecloud.com. Additional Configuration Options Additional upstream NTP servers. Access control list to limit downstream access to the Connect EZ device's NTP service.
Page 576 For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. Digi Connect EZ 4/4i User Guide...
Page 577 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable the ntp service: (config)> service ntp enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 578 No limit to IPv4 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add service ntp acl address6 end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 579 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the Connect EZ device can use the NTP service. 7. (Optional) Set the timezone for the location of your Connect EZ device. The default is UTC. Digi Connect EZ 4/4i User Guide...
Page 580: Show Status And Statistics Of The Ntp Server
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 581: Configure A Multicast Route
6. Type the Source address for the route. This must be a multicast IP address between 224.0.0.1 and 239.255.255.255. 7. Select a Source interface where multicast packets will arrive. 8. To add one or more destination interface that the Connect EZ device will send mutlicast packets to: Digi Connect EZ 4/4i User Guide...
Page 582 (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 7. Set a destination interface that the Connect EZ device will send mutlicast packets to: a. Use the ? to determine available interfaces: b. Set the interface. For example: Digi Connect EZ 4/4i User Guide...
Page 583 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 584: Ethernet Network Bonding
This mode provides for fault tolerance. Round-robin: Alternates between bonded devices to provide load balancing as well as fault tolerance. 6. Click to expand Devices. Digi Connect EZ 4/4i User Guide...
Page 585 Transmits data on only one of the bonded devices at a time. When the active device fails, the next available device in the list is chosen. This mode provides for fault tolerance. round-robin: Alternates between bonded devices to provide load balancing as well as fault tolerance. Digi Connect EZ 4/4i User Guide...
Page 586: Enable Service Discovery (Mdns)
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Services > Service Discovery (mDNS). 4. Enable the mDNS service. 5. Click Access control list to configure access control: Digi Connect EZ 4/4i User Guide...
Page 587 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 588 To limit access based on firewall zones: (config)> add service mdns acl zone end value Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect EZ 4/4i User Guide...
Page 589: Use The Iperf Service
Using iPerf clients that are at a version earlier than iPerf3 to connect to the Connect EZ device's iPerf3 server may result in unpredictable results. As a result, Digi recommends using an iPerf client at version 3 or newer to connect to the Connect EZ device's iPerf3 server.
Page 590 When the iPerf server is enabled, the Connect EZ device will automatically configure its firewall rules to allow incoming connections on the configured listening port. You can restrict access by configuring the access control list for the iPerf server. Digi Connect EZ 4/4i User Guide...
Page 591 To limit access to hosts connected through a specified interface on the Connect EZ device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces. Digi Connect EZ 4/4i User Guide...
Page 592 No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add service iperf acl address6 end value (config)> Digi Connect EZ 4/4i User Guide...
Page 593 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to list additional firewall zones. Digi Connect EZ 4/4i User Guide...
Page 594: Example Performance Test Using Iperf3
You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones. To enable the iPerf3 server:  WebUI Digi Connect EZ 4/4i User Guide...
Page 595 To limit access based on firewall zones: a. Click Zones. b. For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. Digi Connect EZ 4/4i User Guide...
Page 596 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 597 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 598: Example Performance Test Using Iperf3
- - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. Digi Connect EZ 4/4i User Guide...
Page 599 Stop a script that is currently running Show script information Run a Python application at the shell prompt Start an interactive Python session Digidevice module Use Python to access serial ports Use the Paho MQTT python library Digi Connect EZ 4/4i User Guide...
Page 600: Configure Scripts To Run Automatically
Whether the script should run one time only. Task one: Upload the application  WebUI 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. Digi Connect EZ 4/4i User Guide...
Page 601 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Note You can also create scripts by using the vi command when logged in with shell access. Digi Connect EZ 4/4i User Guide...
Page 602: Task Two: Configure The Application To Run Automatically
Restart script: Runs the script repeatedly. Reboot: The device will reboot when the script completes. Interval: The script will start running at the specified interval, within 30 seconds after the configuration change is saved. Digi Connect EZ 4/4i User Guide...
Page 603 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 604 For example, to set on_interval to ten minutes, enter either 10m or 600s: (config system schedule script 0)> on_interval 600s (config system schedule script 0)> Digi Connect EZ 4/4i User Guide...
Page 605 (config system schedule script 0)> once true (config system schedule script 0)> If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Digi Connect EZ 4/4i User Guide...
Page 606: Configure Scripts To Run Manually
Whether to write the script output and errors to the system log. The memory available to be used by the script. Whether the script should run one time only. Task one: Upload the application  WebUI Digi Connect EZ 4/4i User Guide...
Page 607 Connect EZ device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the Connect EZ device, issue the following command: Digi Connect EZ 4/4i User Guide...
Page 608: Task Two: Configure The Application To Run Automatically
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click . The script configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 609 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Digi Connect EZ 4/4i User Guide...
Page 610 (config system schedule script 0)> once true (config system schedule script 0)> If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Digi Connect EZ 4/4i User Guide...
Page 611: Start A Manual Script
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 612: Stop A Script That Is Currently Running
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 613: Show Script Information
You can view status and statistics about location information from either the WebUI or the command line.  WebUI 1. Log into the Connect EZ WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays:  Command line Digi Connect EZ 4/4i User Guide...
Page 614: Run A Python Application At The Shell Prompt
1. Upload the Python application to the Connect EZ device:  WebUI a. Log into the Connect EZ WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. Digi Connect EZ 4/4i User Guide...
Page 615 Type shell to access the device shell. 3. Use the python command to run the Python application. In the following example, the Python application, test.py, takes 3 parameters: 120, ports and storage: # python /etc/config/scripts/test.py 120 ports storage Digi Connect EZ 4/4i User Guide...
Page 616: Start An Interactive Python Session
This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ 4/4i User Guide...
Page 617: Digidevice Module
Use Python to respond to Digi Remote Manager SCI requests Use digidevice runtime to access the runtime database Use Python to upload the device name to Digi Remote Manager Use Python to access the device location data Use Python to set the maintenance window...
Page 618: Use Digidevice.cli To Execute Cli Commands
: 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C >>> 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ 4/4i User Guide...
Page 619: Use Digidevice.datapoint To Upload Custom Datapoints To Digi Remote Manager
5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use the datapoint Python module to upload custom datapoints to Digi Remote Manager. The following characteristics can be defined for a datapoint: Stream ID...
Page 620 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.6.13 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> Digi Connect EZ 4/4i User Guide...
Page 621 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload and datapoint.upload_multiple: 1. Log into the Connect EZ command line as a user with shell access.
Page 622: Use Digidevice.config For Device Configuration
Return the entire configuration: >>> from pprint import pprint # use pprint vs. print to make the output easier to read >>> cfg = config.load() >>> pprint(cfg.dump().splitlines()) This returns the device configuration: network.interface.lan1.device=/network/bridge/lan1 Digi Connect EZ 4/4i User Guide...
Page 623 Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the config submodule: >>> from digidevice import config >>> 4. Use config.load(writable=True) to enable write mode for the configuration: >>> cfg = config.load(writable=True) >>> Digi Connect EZ 4/4i User Guide...
Page 624: Use Python To Respond To Digi Remote Manager Sci Requests
5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to respond to Digi Remote Manager SCI requests The device_request Python module allows you to interact with Digi Remote Manager by using Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices.
Page 625 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
Page 626 </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request In this example, we will use the digidevice.cli module in conjunction with the digidevice.device_ request module to return information about multiple devices to Remote Manager. Digi Connect EZ 4/4i User Guide...
Page 627 True: time.sleep(10) 2. Upload the showsystem.py application to the /etc/config/scripts directory on two or more Digi devices. In this example, we will upload it to two devices, and use the same request in Remote Manager to query both devices.
Page 628 Type admin to access the Admin CLI. ii. At the command line, type config to enter configuration mode: > config (config)> iii. Add an application entry: (config)> add system schedule script end (config system schedule script 0)> Digi Connect EZ 4/4i User Guide...
Page 629 Log into the Connect EZ command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell. ii. Type the following at the shell prompt: # python /etc/config/scripts/showsystem.py & Digi Connect EZ 4/4i User Guide...
Page 630 <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi Connect EZ Serial Number : Connect EZ-000068 Hostname : Connect EZ : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 22.2.9.85 Bootloader Version Digi Connect EZ 4/4i User Guide...
Page 631 : 0.10, 0.05, 0.00 RAM Usage : 85.176MB/250.484MB(34%) Disk /etc/config Usage : 0.068MB/13.416MB(1%) Disk /opt Usage : 47.724MB/5309.752MB(1%) Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_ request> </requests> Digi Connect EZ 4/4i User Guide...
Page 632 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Log into the Connect EZ command line as a user with shell access.
Page 633: Use Digidevice Runtime To Access The Runtime Database
['advanced', 'drm', 'firmware', 'location', 'manufacture', 'metrics', 'mm', 'network', 'pam', 'serial', 'system'] b. Print available keys for the system key: >>> print(runt.keys("system")) This will return the following: ['boot_count', 'chassis', 'cpu_temp', 'cpu_usage', 'disk', 'load_avg', 'local_time', 'mac', 'mcu', 'model', 'ram', 'serial', 'uptime'] Digi Connect EZ 4/4i User Guide...
Page 634 6. Use the get() method to verify the change: >>> print(runt.get("my-variable")) my-variable >>> 7. Close the runtime database: >>> runt.stop() >>> 8. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ 4/4i User Guide...
Page 635: Use Python To Upload The Device Name To Digi Remote Manager
Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
Page 636 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for uploading the device name to Digi Remote Manager Get help for uploading the device name to Digi Remote Managerby accessing help for digidevice.name: 1.
Page 637: Use Python To Access The Device Location Data
Python session: # python Python 3.6.13 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the location submodule: >>> from digidevice import location Digi Connect EZ 4/4i User Guide...
Page 638 Type shell to access the device shell. 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.6.13 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux Digi Connect EZ 4/4i User Guide...
Page 639 >>> import json 4. Import the location submodule: >>> from digidevice import location 5. Print the location data in json format: >>> geojson_data = location.Location().geojson >>> print(json.dumps(geojson_data, indent=4)) "type": "Feature", "geometry": { "type": "Point", "coordinates" [ Digi Connect EZ 4/4i User Guide...
Page 640 Type shell to access the device shell. 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.6.13 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux Digi Connect EZ 4/4i User Guide...
Page 641: Use Python To Set The Maintenance Window
Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the maintenance module: >>> from digidevice import maintenance >>> 4. To determine the current service state of the device: >>> maintenance.state() 'IN_SERVICE' >>> Digi Connect EZ 4/4i User Guide...
Page 642 4. Use the help command with maintenance : >>> help(maintenance ) Help on module digidevice.maintenance in digidevice: NAME digidevice.maintenance DESCRIPTION API for setting the device's service state. The service state is stored in runt. Digi Connect EZ 4/4i User Guide...
Page 643: Use Python To Send And Receive Sms Messages
You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
Page 644 > 1: dest = sys.argv[1] else: dest = '+15005550006' my_callback = Callback(sms_test_callback, metadata=True) send_sms(dest, 'Hello World!') print("Please send an SMS message now.") print("Execution halted until a message is received or 60 seconds have Digi Connect EZ 4/4i User Guide...
Page 645: Use Python To Access Serial Ports
5. You can now perform operations on the serial port. For example, to write a message to the serial port: >>> s = serial.Serial("/dev/serial/port1", 115200) >>> s.write(b"Hello from serial port") >>> 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ 4/4i User Guide...
Page 646: Use The Paho Mqtt Python Library
URI not passed") return HTTPStatus.BAD_REQUEST print("Request to update firmware with URI: {}".format(fw_uri)) try: fd, fname = tempfile.mkstemp() os.close(fd) try: urllib.request.urlretrieve(fw_uri, fname) except: print("Failed to download FW file from URI {}".format(fw_uri)) return HTTPStatus.NOT_FOUND try: Digi Connect EZ 4/4i User Guide...
Page 647 """ Supporting only a single topic for now, no need for filters Expects the following message format: "cid": "<client-id>", "cmd": "<command>", "params": { <optional_parameters> Supported commands: - "fw-update" params: - "uri": "<firmware_file_URL>" - "reboot" params: Digi Connect EZ 4/4i User Guide...
Page 648 = runt.get("system.load_avg").split(', ') ram_used = runt.get("system.ram.per") disk_opt = runt.get("system.disk./opt.per") disk_config = runt.get("system.disk./etc/config.per") msg = json.dumps({ "load_avg": { "1min": avg1, "5min": avg5, "15min": avg15 "disk_usage": { "/opt": disk_opt, "/etc/config:": disk_config, "ram": ram_used Digi Connect EZ 4/4i User Guide...
Page 649 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Digi Connect EZ 4/4i User Guide...
Page 650: User Authentication
Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for Connect EZ users Example user configuration Digi Connect EZ 4/4i User Guide...
Page 651: Connect Ez User Authentication
Configures support for LDAP (Lightweight Directory Access Protocol) servers and users. Serial Configures authentication for serial TCP and autoconnect services. configured. User authentication methods Authentication methods determine how users of the Connect EZ device are authenticated. Available authentication methods are: Digi Connect EZ 4/4i User Guide...
Page 652 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect EZ 4/4i User Guide...
Page 653: Add A New Authentication Method
Rearrange the position of authentication methods for information about how to reorder the authentication methods. 6. Repeat these steps to add additional methods. 7. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 654 To add the new authentication in another location in the list, use an index value to indicate the appropriate position. For example: (config)> add auth method 1 auth_type (config)> where auth_type is one of local, radius, tacacs+, or ldap. Digi Connect EZ 4/4i User Guide...
Page 655: Delete An Authentication Method
1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 656: Rearrange The Position Of Authentication Methods
For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: Digi Connect EZ 4/4i User Guide...
Page 657 3. Use the show command to display current configuration: (config)> show auth method 0 local 1 radius (config)> 4. Use the move command to rearrange the methods: (config)> move auth method 1 0 (config)> Digi Connect EZ 4/4i User Guide...
Page 658: Authentication Groups
The preconfigured authentication groups cannot be deleted, but the access rights defined for the group are configurable. This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group Digi Connect EZ 4/4i User Guide...
Page 659: Change The Access Rights For A Predefined Group
The default is Full access. Interactive shell access Shell access is not available if the Allow shell parameter has been disabled. See Disable shell access for more information about the Allow shell parameter. Serial access Digi Connect EZ 4/4i User Guide...
Page 660 Connect EZ device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI. The default is full. Digi Connect EZ 4/4i User Guide...
Page 661: Add An Authentication Group
Access rights to OpenVPN tunnels, and the tunnels to which they have access. Access rights to captive portals, and the portals to which they have access. Access rights to query the device for Nagios monitoring. To add an authentication group:  WebUI Digi Connect EZ 4/4i User Guide...
Page 662 Shell access is not available if the Allow shell parameter has been disabled. See Disable shell access for more information about the Allow shell parameter. Serial access 6. (Optional) Configure OpenVPN access. See for further information. 7. (Optional) Configure captive portal access: Digi Connect EZ 4/4i User Guide...
Page 663 4. Enable access rights for the group: Admin access: (config auth group test)> acl admin enable true (config)> Set the access level for Admin access: (config)> auth group admin acl admin level value (config)> where value is either: Digi Connect EZ 4/4i User Guide...
Page 664 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: Digi Connect EZ 4/4i User Guide...
Page 665: Delete An Authentication Group
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > Groups. 4. Click the menu icon (...) next to the group to be deleted and select Delete. Digi Connect EZ 4/4i User Guide...
Page 666 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 667: Local Users
The default admin user is preconfigured with both Admin and Serial access. You can configure the admin user account to fit with the needs of your environment. This section contains the following topics: Change a local user's password Configure a local user Delete a local user Digi Connect EZ 4/4i User Guide...
Page 668: Change A Local User's Password
You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. Digi Connect EZ 4/4i User Guide...
Page 669 User authentication Local users 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 670: Configure A Local User
(-) or periods (.), an alias allows the user to log in using a name that contains special characters. The number of unsuccessful login attempts before the user is locked out of the system. Digi Connect EZ 4/4i User Guide...
Page 671 3. Click Authentication > Users. 4. In Add User, type a name for the user and click . The user configuration window is displayed. The user is enabled by default. To disable, click to toggle off Enable. Digi Connect EZ 4/4i User Guide...
Page 672 In Add SSH key, paste or type a public encryption key that this user can use for passwordless SSH login and click . 10. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: a. Click Two-factor authentication. b. Check Enable to enable two-factor authentication for this user. Digi Connect EZ 4/4i User Guide...
Page 673 For Code, enter the scratch code. The code must be eight digits, with a minimum of 10000000. iv. Click  again to add additional scratch codes. 11. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 674 The minimum value is 1, and the default value is 5. b. Set the amount of time that the user is locked out after the number of unsuccessful login attempts defined in lockout tries: Digi Connect EZ 4/4i User Guide...
Page 675 (config auth user new_user)> 8. (Optional) Add SSH keys for the user to use passwordless SSH login: a. Change to the user's ssh_key node: (config auth user new_user)> ssh_key (config auth user new_user ssh_key)> Digi Connect EZ 4/4i User Guide...
Page 676 For example, to set refresh_interval to ten minutes, enter either 10m or 600s: (config auth user name 2fa)> refresh_interval 600s (config auth user name 2fa)> Digi Connect EZ 4/4i User Guide...
Page 677 Where code is an digit number, with a minimum of 10000000. iii. To add additional scratch codes, use the add end code command again. 10. Save the configuration and apply the change: (config auth user new 2fa scratch_code)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 678: Delete A Local User
3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 679 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 680: Terminal Access Controller Access-Control System Plus (Tacacs+)
Connect EZ device prior to configuration. The process of setting up a TACACS+ server varies by the server environment. This section contains the following topics: TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your Connect EZ device to use a TACACS+ server Digi Connect EZ 4/4i User Guide...
Page 681: Tacacs+ User Configuration
4. Verify that your changes did not introduce any syntax errors: $ sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P If successful, this command will echo the configuration file to standard out. If the command encounters any syntax errors, a message similar to this will display: Digi Connect EZ 4/4i User Guide...
Page 682: Tacacs+ Server Failover And Fallback To Local Authentication
Enable command authorization, so that the device will communicate with the TACACS+ server to determine if the user is authorized to execute a specific command. Enable command accounting, so that the device will communicate with the TACACS+ server to log commands that the user executes. Digi Connect EZ 4/4i User Guide...
Page 683 7. (Optional) For Service, type the value of the service attribute in the the TACACS+ server's configuration. For example, in TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the Connect EZ configuration. Digi Connect EZ 4/4i User Guide...
Page 684 (config)> auth tacacs+ authoritative true (config)> 4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the Connect EZ authentication group or groups that the user Digi Connect EZ 4/4i User Guide...
Page 685 This example will add TACACS+ to the end of the list. See User authentication methods for information about adding methods to the beginning or middle of the list. Digi Connect EZ 4/4i User Guide...
Page 686 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 687: Remote Authentication Dial-In User Service (Radius)
An example of a RADIUS server is FreeRADIUS. This section contains the following topics: RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your Connect EZ device to use a RADIUS server Digi Connect EZ 4/4i User Guide...
Page 688: Radius User Configuration
With user authentication methods, you can configure your Connect EZ device to use multiple types of authentication. For example, you can configure both RADIUS authentication and local authentication, so that local authentication can be used as a fallback mechanism if the primary and backup RADIUS Digi Connect EZ 4/4i User Guide...
Page 689: Configure Your Connect Ez Device To Use A Radius Server
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Authentication > RADIUS > Servers. Digi Connect EZ 4/4i User Guide...
Page 690 If you are accessing the Connect EZ device by using ssh, the default value is sshd. 8. Add RADIUS to the authentication methods: a. Click Authentication > Methods. b. For Add method, click . Digi Connect EZ 4/4i User Guide...
Page 691 If you are accessing the Connect EZ device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the Connect EZ device by using ssh, the default value is sshd. (config)> auth radius nas_id id (config)> Digi Connect EZ 4/4i User Guide...
Page 692: Ldap
To use LDAP authentication, you must set up a LDAP server that is accessible by the Connect EZ device prior to configuration. The process of setting up a LDAP server varies by the server environment. Digi Connect EZ 4/4i User Guide...
Page 693 User authentication LDAP This section contains the following topics: LDAP user configuration LDAP server failover and fallback to local configuration Configure your Connect EZ device to use an LDAP server Digi Connect EZ 4/4i User Guide...
Page 694: Ldap User Configuration
$ ldapadd -x -H 'ldap:///' -D 'cn=admin,dc=example,dc=com' -W -f add_ user.ldif adding new entry "uid=john,dc=example,dc=com" 5. Verify that the user has been added by performing an LDAP search: $ ldapsearch -x -LLL -H 'ldap:///' -b 'dc=example,dc=com' uid=john dn: uid=john,dc=example,dc=com objectClass: inetOrgPerson Digi Connect EZ 4/4i User Guide...
Page 695: Ldap Server Failover And Fallback To Local Configuration
The distinguished name used to search to user base. The group attribute. The number of seconds to wait to receive a message from the server. Add additional LDAP servers in case the first LDAP server is unavailable.  WebUI Digi Connect EZ 4/4i User Guide...
Page 696 8. (Optional) For Server login, type a distinguished name (DN) that is used to bind to the LDAP server and search for users, for example cn=user,dc=example,dc=com. Leave this field blank if the server allows anonymous connections. Digi Connect EZ 4/4i User Guide...
Page 697 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 698 (config)> auth ldap bind_password password (config)> 8. Set the distinguished name (DN) on the server to search for users. This can be the root of the directory tree (for example, dc=example,dc=com) or a sub-tree (for example. ou=People,dc=example,dc=com). Digi Connect EZ 4/4i User Guide...
Page 699 This example will add LDAP to the end of the list. See User authentication methods for information about adding methods to the beginning or middle of the list. Digi Connect EZ 4/4i User Guide...
Page 700: Configure Serial Authentication
8. Click to expand Peer certificates to add the public certificates of trusted peers. a. For Add Peer certificate, type the name of a trusted peer and click . b. Paste the public certificate for the trusted peer in PEM format. c. Repeat for additional trusted peer certificates. Digi Connect EZ 4/4i User Guide...
Page 701 CA-cert-name is the name of the certificate for the custom certificate authority. cert-and-private-key is the certificate and private key for the custom certificate authority. Repeat for additional custom certificate authorities. 7. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 702: Disable Shell Access
4. Click to disable Allow shell. Note If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset. 5. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 703: Set The Idle Timeout For Connect Ez Users
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Idle timeout to ten minutes, enter 10m or 600s. Digi Connect EZ 4/4i User Guide...
Page 704 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 705: Example User Configuration
Verify that the admin group has full administrator rights: i. Click Authentication > Groups. ii. Click admin. iii. Verify that the admin group has Admin access enabled. If not, click Admin access to enable. Digi Connect EZ 4/4i User Guide...
Page 706 If admin > level is set to read-only: (config)> auth group admin acl admin level full (config)> 4. Verify that local is one of the configured authentication methods: (config)> show auth method 0 local (config)> If local is not listed: Digi Connect EZ 4/4i User Guide...
Page 707: Example 2: Radius, Tacacs+, And Local Authentication For One User
3. The user is authenticated by the Connect EZ device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. Digi Connect EZ 4/4i User Guide...
Page 708 Save and close the tac_plus.conf file. 3. Log into the Connect EZ WebUI as a user with full Admin access rights. 4. On the menu, click System. Under Configuration, click Device Configuration. Digi Connect EZ 4/4i User Guide...
Page 709 Click Groups. ii. For Add Group, click . iii. For Group, select the admin group. a. Verify that the admin group has full administrator rights: i. Click Authentication > Groups. ii. Click admin. Digi Connect EZ 4/4i User Guide...
Page 710 Add a TACACS+ user to the tac_plus.conf file: user = admin1 { name ="Admin1 for TX64" pap = cleartext password1 service = system { groupname = admin In this example: The user's username is admin1. The user's password is password1. Digi Connect EZ 4/4i User Guide...
Page 711 6. Verify that the admin group has full administrator rights: (config)> show auth group admin acl admin enable true level full (config)> If admin > enable is set to false: (config)> auth group admin acl admin enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 712 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 713 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Digi Connect EZ 4/4i User Guide...
Page 714: Firewall Configuration
1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Firewall > Zones. Digi Connect EZ 4/4i User Guide...
Page 715 (config firewall zone my_zone)> 4. (Optional) Enable Network Address Translation (NAT): (config firewall zone my_zone)> src_nat true (config firewall zone my_zone)> 5. Save the configuration and apply the change: (config firewall zone my_zone)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 716: Configure The Firewall Zone For A Network Interface
Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type: (config)> network interface eth2 zone my_zone (config)> Digi Connect EZ 4/4i User Guide...
Page 717: Delete A Custom Firewall Zone
The Configuration window is displayed. 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 718: Port Forwarding Rules
The port or range of ports to which traffic should be forwarded. Additional configuration items A label for the port forwarding rule. The IP version (either IPv4 or IPv6) that incoming network connections must match. The protocols that incoming network connections must match. Digi Connect EZ 4/4i User Guide...
Page 719 9. For Incoming port(s), type the public-facing port number that network connections must use for their traffic to be forwarded. 10. For To Address, type the IP address of the server to which traffic should be forwarded. Digi Connect EZ 4/4i User Guide...
Page 720 4. Set the network interface for the rule. (config firewall dnat 0)> interface (config firewall dnat 0)> Network connections will only be forwarded if their destination address matches the IP address of this network interface. Digi Connect EZ 4/4i User Guide...
Page 721 10. (Optional) To create a white list of devices that are authorized to leverage this forwarding rule, based on either the IP address or firewall zone, change to the acl node: (config firewall dnat 0)> acl (config firewall dnat 0 acl)> Digi Connect EZ 4/4i User Guide...
Page 722: Delete A Port Forwarding Rule
12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a port forwarding rule To delete a port forwarding rule: Digi Connect EZ 4/4i User Guide...
Page 723 3. Determine the index number of the port forwarding rule you want to delete: (config)> show firewall dnat no address no zone enable true interface ip_version ipv4 label IPv4 port forwarding rule port 10000 protocol tcp to_address6 10.10.10.10 Digi Connect EZ 4/4i User Guide...
Page 724 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 725: Packet Filtering
To configure a packet filtering rule:  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 726 1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 727 3. (Optional) Set the label for the rule. (config firewall filter 1)> label "My filter rule" (config firewall filter 1)> 4. Set the action to be performed by the filter rule. (config firewall filter 1)> action value (config firewall filter 1)> Digi Connect EZ 4/4i User Guide...
Page 728 (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 729: Enable Or Disable A Packet Filtering Rule
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 730: Delete A Packet Filtering Rule
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a packet filtering rule To delete a packet filtering rule:  WebUI Digi Connect EZ 4/4i User Guide...
Page 731 (config)> show firewall filter action accept dst_zone any enable true ip_version any label Allow all outgoing traffic protocol any src_zone internal action drop dst_zone internal enable true ip_version any label My packet filter protocol any Digi Connect EZ 4/4i User Guide...
Page 732: Configure Custom Firewall Rules
4. Enable the custom rules. 5. (Optional) Enable Override to override all preconfigured firewall behavior and rely solely on the custom firewall rules. 6. For Rules, type the shell command that will execute the custom firewall rules script. Digi Connect EZ 4/4i User Guide...
Page 733 Firewall Configure custom firewall rules 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 734 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 735: Configure Captive Portals
Allow: Allows access to the portal page over an insecure connection (HTTP port 80). Redirect to HTTPS: Automatically redirects the request to a secure connection (HTTPS port 443). Disallow: Does not allow access over an insecure connection (HTTP port 80). Digi Connect EZ 4/4i User Guide...
Page 736 (config firewall portal portal1)> enable false (config firewall portal portal1)> 4. Set the network interface for the portal. Traffic received on this interface's network device will not be forwarded unless the client has been granted access. Digi Connect EZ 4/4i User Guide...
Page 737 Users are required to complete a form to continue. The form fields may be customize. 8. (Optional) Set the title of the portal page that the user will see when accessing the portal: (config firewall portal portal1)> title "Corporate portal" (config firewall portal portal1)> Digi Connect EZ 4/4i User Guide...
Page 738: Delete Captive Portals
The Configuration window is displayed. 3. Click Firewall > Captive portals. 4. Click the down caret () next to the appropriate captive portal and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 739: Configure Quality Of Service Options
WAN interface. Inbound provides an example of matching packets as they are routed from the device onto a LAN interface. These example bindings are disabled by default. Enable the preconfigured bindings  WebUI Digi Connect EZ 4/4i User Guide...
Page 740 4. Set the interface for the binding. Use the index number of the binding; for example, to set the interface for the Outbound binding: a. Use the ? to determine available interfaces: b. Set the interface. For example: (config)> firewall qos 0 interface /network/interface/eth1 (config)> Digi Connect EZ 4/4i User Guide...
Page 741 8. (Optional) For Interface bandwidth (Mbit), set the maximum egress bandwidth of the interface, in megabits, allocated to this binding. Typically, this should be 95% of the available bandwidth. Allowed value is any integer between 1 and 1000. Digi Connect EZ 4/4i User Guide...
Page 742 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 743 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 744 At least one policy is required for each binding. Each policy can contain up to 30 rules. a. Change to the policy node of the configuration: (config firewall qos 2)> policy (config firewall qos 2 policy)> Digi Connect EZ 4/4i User Guide...
Page 745 (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)> ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)> Digi Connect EZ 4/4i User Guide...
Page 746 Source traffic from any address will be matched. Firewall configuration for more information about firewall zones. interface: Only traffic from the selected interface will be matched. Set the interface: Digi Connect EZ 4/4i User Guide...
Page 747 (config network qos 2 policy 0 rule 0)> dst interface /network/interface/eth1 (config network qos 2 policy 0 rule 0)> address: Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: Digi Connect EZ 4/4i User Guide...
Page 748 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 749: System Administration
Reboot your Connect EZ device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet ports Digi Connect EZ 4/4i User Guide...
Page 750: Review Device Status
Alt. Firmware Build Date : Thurs, 03 March 2022 10:16:23 Bootloader Version : 19.7.23.0-15f936e0ed Current Time : Thurs, 03 March 2022 10:16:23 +0000 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C > Digi Connect EZ 4/4i User Guide...
Page 751: Configure System Information
You can configure information related to your Connect EZ device, such as providing a name and location for the device. Configuration items A name for the device. The name of a contact for the device. Digi Connect EZ 4/4i User Guide...
Page 752 2. At the command line, type config to enter configuration mode: > config (config)> 3. Set a name for the device. This name will appear in log messages and at the command prompt. (config)> system name 192.168.3.1 192.168.3.1(config)> Digi Connect EZ 4/4i User Guide...
Page 753: Update System Firmware
For example, Connect EZ-22.2.9.85.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 754 Beginning with firmware version 22.2.9.x, the Connect EZ device uses certificate-based communication for enhanced security when connecting to Digi Remote Manager. If you downgrade your firmware from version 22.2.9.x to version 21.11.x or previous, your device will no longer be able to communicate with Remote Manager.
Page 755 System administration Update system firmware Device firmware update from '21.11.60.63' to '22.2.9.85' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 21.11.60.63 22.2.9.85 >...
Page 756 Update firmware from a local file  WebUI 1. Download the Connect EZ operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect EZ WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
Page 757: Dual Boot Behavior
By default, the Connect EZ device stores two copies of firmware in two flash memory banks: The current firmware version that is used to boot the device. A copy of the firmware that was in use prior to your most recent firmware update. Digi Connect EZ 4/4i User Guide...
Page 758: Update Cellular Module Firmware
> system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device. You can also schedule modem firmware updates. See Schedule system maintenance tasks for details.
Page 759: Update Modem Firmware Over The Air (Ota)
Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Log into the Connect EZ command line as a user with Admin access.
Page 760 Newest firmware version available to download is '24.01.5x4_ATT' Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...
Page 761: Update Modem Firmware By Using A Local Firmware File
Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware. Modem firmware can be downloaded from Digi here. Follow instructions on this page to determine the cellular module used by your device. After downloading, use tar or a similar unzipping tool to extract the firmware prior to uploading to the device.
Page 762: Reboot Your Connect Ez Device
1. Log into the Connect EZ WebUI as a user with Admin access. 2. From the main menu, click System. 3. Click Reboot. 4. Click Reboot to confirm that you want to reboot the device.  Command line Digi Connect EZ 4/4i User Guide...
Page 763: Schedule Reboots Of Your Device
1. Log into the Connect EZ command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 764: Erase Device Configuration And Reset To Factory Defaults
Erasing the device configuration performs the following actions: Clears all configuration settings. When the device restarts, it uses the factory default configuration. Deletes all user files including Python scripts. Clears event and system log files. Digi Connect EZ 4/4i User Guide...
Page 765 With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
Page 766 3. After resetting the device: a. Connect to the Connect EZ by using the serial port or by using an Ethernet cable to connect the Connect EZ ETH2 port to your PC. Digi Connect EZ 4/4i User Guide...
Page 767: Configure The Connect Ez Device To Use Custom Factory Default Settings
You can configure your Connect EZ device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults. Digi Connect EZ 4/4i User Guide...
Page 768 5. After the configuration backup file has been downloaded, rename the file to: custom-default-config.bin 6. Upload the file to the device: a. From the main menu, select System > Filesystem. b. Under Default device configuration, click . Digi Connect EZ 4/4i User Guide...
Page 769: Locate The Device By Using The Find Me Feature
A notification message appears, noting that the LED is flashing on the device. Click the x in the message to close it. 3. On the menu, click System again. Ablue circle next to Find Me is blinking, indicating that the Find Me feature is active. Digi Connect EZ 4/4i User Guide...
Page 770 3. To deactivate the Find Me feature, type the following at the command prompt: > system find-me off > 4. To determine the status of the Find Me feature, type the following at the command prompt: > system find-me status > Digi Connect EZ 4/4i User Guide...
Page 771: Configuration Files
Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Make any necessary configuration changes. 4. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 772: Save Configuration To A File
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Enter the following: > system backup path [passphrase passphrase] type type Digi Connect EZ 4/4i User Guide...
Page 773: Restore The Device Configuration
 WebUI 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. Digi Connect EZ 4/4i User Guide...
Page 774 Connect EZ device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-22.2.9.85-19.23.42.bin local /opt to local 3. Enter the following: > system restore filepath [passphrase passphrase] where Digi Connect EZ 4/4i User Guide...
Page 775 EZ's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created. For example: > system restore /opt/backup-archive-0040FF800120-22.2.9.85- 19.23.42.bin Digi Connect EZ 4/4i User Guide...
Page 776: Schedule System Maintenance Tasks
Schedule system maintenance tasks You can configure tasks to be run during a specified maintenance window. When the device is within its maintenance window, firmware updates and Digi Remote Manager configuration checks will be performed. You can also schedule custom scripts to run during the maintenance window. See...
Page 777 Note If your device is managed by a Digi Remote Manager configuration, the configuration manages the device's firmware version. You should not enable this option. 8. (Optional) Click to enable Modem firmware update to instruct the system to look for any updated modem firmware during the maintenance window.
Page 778 Set the type of trigger: (config add system schedule maintenance trigger)> type value (config)> where value is one of: interface_up: If interface_up is set: i. Set the interface: (config add system schedule maintenance trigger)> interface value (config)> Digi Connect EZ 4/4i User Guide...
Page 779 Configure the frequency that the maintenance tasks should be run: (config system schedule maintenance trigger 0)> frequency value (config system schedule maintenance trigger 0)> where value is either daily or weekly. Daily is the default. Digi Connect EZ 4/4i User Guide...
Page 780: Disable Device Encryption
1 or 0 are also allowed. Note If your device is managed by a Digi Remote Manager configuration, the configuration manages the device's firmware version. You should not enable this option.
Page 781: Re-Enable Cryptography After It Has Been Disabled
Type quit to disconnect from the device. Re-enable cryptography after it has been disabled. To re-enable cryptography: 1. Configure your PC network to connect to the 192.168.210 subnet. For example, on a Windows Digi Connect EZ 4/4i User Guide...
Page 782 Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect EZ 4/4i User Guide...
Page 783: Configure The Speed Of Your Ethernet Ports
This will re-enable encryption and leave the device at its factory default setting. Configure the speed of your Ethernet ports You can configure the speed of your Connect EZ device's Ethernet ports.  WebUI Digi Connect EZ 4/4i User Guide...
Page 784 1000—Sets the speed to 1 Gbps. Available only for devices with Gigabit Ethernet ports. auto—Configures the device to automatically determine the best speed for the Ethernet port. The default is auto. 4. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 785 Configure the speed of your Ethernet ports 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 786 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect EZ 4/4i User Guide...
Page 787: Intelliflow
Note When intelliFlow is enabled and the device is connected to Digi aView, it adds an estimated 50MB of data usage for the device by reporting the metrics to aView. intelliflow does not currently work with Digi Remote Manager.
Page 788 Zone: The firewall zone which is assigned to the network interface(s) that intelliFlow will see as internal clients. intelliFlow relies on an internal to external relationship, where the internal clients are present on the zone specified. Format: dynamic_routes edge external internal ipsec loopback Digi Connect EZ 4/4i User Guide...
Page 789 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 790: Use Intelliflow To Display Average Cpu And Ram Usage
Display more granular information: 1. Click and drag over an area in the chart to zoom into that area and provide more granular information. 2. Release to display the selected portion of the chart: Digi Connect EZ 4/4i User Guide...
Page 791: Use Intelliflow To Display Top Data Usage Information
1. Log into the Connect EZ WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow. Digi Connect EZ 4/4i User Guide...
Page 792 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect EZ 4/4i User Guide...
Page 793: Use Intelliflow To Display Data Usage By Host Over Time
3. From the menu, click Status > intelliFlow. 4. Click Host Data Usage Over Time. Display more granular information: a. Click and drag over an area in the chart to zoom into that area and provide more granular information. Digi Connect EZ 4/4i User Guide...
Page 794: Configure Netflow Probe
The number of seconds that a flow is active before it is exported to the NetFlow collectors. The maximum number of simultaneous flows. A label for the NetFlow collector. The port of the NetFlow collector. Additional NetFlow collectors. To probe network traffic and export statistics to NetFlow collectors: Digi Connect EZ 4/4i User Guide...
Page 795 Allowed value is any number between 1 and 1800. The default is 1800. 10. For Maximum flows, type the maximum number of flows to probe simultaneously. Allowed value is any number between 0 and 2000000. The default is 2000000. Digi Connect EZ 4/4i User Guide...
Page 796 The default is v10. 1. Enable flow sampling by selecting a sampling technique. Flow sampling can reduce flow processing and transmission overhead by providing a representative subset of all flows. (config)> monitoring netflow sampler type (config)> Digi Connect EZ 4/4i User Guide...
Page 797 Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> c. (Optional) Set the port used by the collector: (config monitoring netflow collector 0)> port port (config monitoring netflow collector 0)> Digi Connect EZ 4/4i User Guide...
Page 798 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 799: Central Management
Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager View Digi Remote Manager connection status...
Page 800: Digi Remote Manager Support
This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
Page 801 To configure Digi Remote Manager:  WebUI 1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 802 Digi Remote Manager support is enabled by default. To disable, click Enable central management. 4. (Optional) For Service, select either Digi Remote Manager or Digi aView. The default is Digi Remote Manager. 5. (Optional) For Management server, type the URL for the central management server.
Page 803 For Port, type or select the port number on the HTTP proxy server that the device should connect to. The default is 2138. 16. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 804 Digi Remote Manager aview: Digi aView The default is Digi Remote Manager. 5. (Optional) Set the URL for the central management server. The default is the Digi Remote Manager server, my.devicecloud.com. (config)> cloud drm drm_url url (config)>...
Page 805 8. (Optional) Set the amount of time that the Connect EZ device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
Page 806 SMS: a. Enable SMS messaging: (config)> cloud drm sms enable true (config)> b. Set the phone number for Digi Remote Manager: (config)> cloud drm sms destination drm_phone_number (config)> c. (Optional) Set the service identifier: (config)> cloud drm sms sercice_id id (config)>...
Page 807: Collect Device Health Data And Set The Sample Interval
Collect device health data and set the sample interval You can enable or disable the collection of device health data to upload to Digi Remote Manager, and configure the interval between health sample uploads. By default, device health data upload is enabled, and the health sample interval is set to 60 minutes.
Page 808 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 809 Central management Collect device health data and set the sample interval 6. (Optional) Tuning parameters allow to you configure what data are uploaded to the Digi Remote Manager. By default, all tuning parameters are enabled. To view a list of all available tuning parameters, use the show command: (config)>...
Page 810: Enable Event Log Upload To Digi Remote Manager
Type quit to disconnect from the device. Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval: ...
Page 811: Log Into Digi Remote Manager
1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 812: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. Click Device Management to display a list of your devices.
Page 813: Add A Device To Digi Remote Manager
The same default password is also shown on the label affixed to the bottom of the device. 6. Click Add. 7. Click OK. Digi Remote Manager adds your Connect EZ device to your account and it appears in the Device Management view. View Digi Remote Manager connection status To view the current Digi Remote Manager configuration: ...
Page 814: Configure Multiple Devices Using Profiles
The Device ID is the unique identifier for the device, as used by the Remote Manager. Configure multiple devices using profiles Digi recommends you take advantage of Digi Remote Manager profiles to manage multiple Connect EZ routers. Typically, if you want to provision multiple Connect EZ routers: 1.
Page 815 The Connect EZ local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect EZ 4/4i User Guide...
Page 816: File System
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type ls /path/dir_name. For example, to display the contents of the /etc/config directory: Digi Connect EZ 4/4i User Guide...
Page 817: Create A Directory
160 Aug 25 17:49 temp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 818: Display File Contents
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type cp /path/filename|dir_name /path[filename]|dir_name. For example: Digi Connect EZ 4/4i User Guide...
Page 819: Move Or Rename A File Or Directory
> mv /etc/config/scripts/test.py /opt/ > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 820: Delete A File Or Directory
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 821: Upload And Download Files
3. Highlight the directory to which the file will be uploaded and click  to open the directory. 4. Click  (upload). 5. Browse to the location of the file on your local machine. Select the file and click Open to upload the file. Digi Connect EZ 4/4i User Guide...
Page 822: Upload And Download Files By Using The Secure Copy Command
To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the Connect EZ device, issue the following command: > scp host 192.168.4.1 user admin remote /home/admin/bin/Connect EZ- 22.2.9.85.bin local /etc/config/scripts to local admin@192.168.4.1's password: adminpwd Connect EZ-22.2.9.85.bin 100% 36MB 11.1MB/s 00:03 > Digi Connect EZ 4/4i User Guide...
Page 823: Upload And Download Files Using Sftp
Transfer a file from the Connect EZ device to a remote host This example downloads a file named test.py from the Connect EZ device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: Digi Connect EZ 4/4i User Guide...
Page 824 File system Upload and download files $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit Digi Connect EZ 4/4i User Guide...
Page 825 View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect EZ 4/4i User Guide...
Page 826: Perform A Speedtest
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Generate a support report To generate and download a support report:  WebUI Digi Connect EZ 4/4i User Guide...
Page 827 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 828: View System And Event Logs
2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool. 4. Use filters to configure the types of information displayed in the system logs. Digi Connect EZ 4/4i User Guide...
Page 829 Allowed values are critical, warning, info, and debug. For example, to limit the event list to only info messages: > show log filter info Timestamp Type Category Message ---------------- ------- --------- -------------------------------------- ----- Nov 26 22:01:26 info user name=admin~service=cli~state=opened~remote=192.168.1.2 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 Digi Connect EZ 4/4i User Guide...
Page 830: View Event Logs
4. Click  Events to expand the event viewer. 5. Limit the display in the event log by using the Find search tool. 6. Click  to download the event log.  Command line Digi Connect EZ 4/4i User Guide...
Page 831 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 832: Configure Syslog Servers
For Add Server, click . The log server configuration window is displayed. Log servers are enabled by default. To disable, click to toggle off Enable. c. Type the host name or IP address of the Server. Digi Connect EZ 4/4i User Guide...
Page 833 The event categories that will be sent to the server are automatically enabled when the server is enabled. To disable informational event messages: (config system log remote 0)> info false (config system log remote 0)> Digi Connect EZ 4/4i User Guide...
Page 834: Configure Options For The Event And System Logs
30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  WebUI Digi Connect EZ 4/4i User Guide...
Page 835 You should only enable Preserve system logs temporarily to debug issues. Once you are finished debugging, immediately disable Preserve system logs to avoid unnecessary wear to the flash memory. 8. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 836 5. (Optional) To disable event categories, or to enable them if they have been disabled: a. Use the question mark (?) to determine available event categories: (config)> system log event ? Event categories: Settings to enable individual event categories. Additional Configuration Digi Connect EZ 4/4i User Guide...
Page 837 Status events report the current list of leases. Parameters Current Value ----------------------------------------------------------------- -------------- info true Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver Digi Connect EZ 4/4i User Guide...
Page 838 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 839: Analyze Network Traffic
Example filters for capturing data traffic Capture packets from the command line Stop capturing packets Show captured traffic data Save captured data traffic to a file Download captured data to your PC Clear captured data Digi Connect EZ 4/4i User Guide...
Page 840: Configure Packet Capture For The Network Analyzer
2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Network > Analyzer. 4. For Add Capture settings, type a name for the capture filter and click . The new capture filter configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 841 Click  to add a TCP /UDP port. iii. For IP TCP/UDP port to capture or ignore, type the number of the port to be captured or ingored. iv. For TCP or UDP port, select the type of transport protocol. Digi Connect EZ 4/4i User Guide...
Page 842 Example filters for capturing data traffic for examples of filters using BPF syntax. 8. (Optional) Schedule the analyzer to run, using this capture filter, based on a specified event or at a particular time: Digi Connect EZ 4/4i User Guide...
Page 843 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a new capture filter: (config)> add network analyzer name (config network analyzer name)> Digi Connect EZ 4/4i User Guide...
Page 844 By default, is option is set to false, which means that the filter will capture packets from this IP address/network. v. Repeat these steps to add additional IP address filters. b. To create a filter that either captures or ignores packets that use a particular IP protocol: Digi Connect EZ 4/4i User Guide...
Page 845 By default, is option is set to false, which means that the filter will capture packets from this protocol. vi. Repeat these steps to add additional protocol filters. c. To create a filter that either captures or ignores packets from a particular port: Digi Connect EZ 4/4i User Guide...
Page 846 Set whether the filter should apply to packets when the MAC address is the source, the destination, or both: (config network analyzer name filter mac_address 0)> match value (config network analyzer name filter mac_address 0)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 847 6. (Optional) Schedule the analyzer to run, using this capture filter, based on a specified event or at a particular time: a. Enable scheduling for this capture filter: (config network analyzer name)> schedule enable true (config network analyzer name)> Digi Connect EZ 4/4i User Guide...
Page 848 (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set save_interval to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 849: Example Filters For Capturing Data Traffic
Capture traffic from UDP port 53: ip proto udp and src port 53 Capture to and from IP host 10.0.0.1 but filter out ports 22 and 80: ip host 10.0.0.1 and not (port 22 or port 80) Digi Connect EZ 4/4i User Guide...
Page 850: Capture Packets From The Command Line
Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > analyzer start name ? name: Name of the capture filter to use. Format: test_capture Digi Connect EZ 4/4i User Guide...
Page 851: Stop Capturing Packets
The timestamp for when the packet was captured. The length of the packet and the amount of data captured. Whether the packet was sent or received by the device. The interface on which the packet was sent or received. Digi Connect EZ 4/4i User Guide...
Page 852 Source IP Address : 10.10.74.130 Dest. IP Address : 10.10.74.72 TCP Header Source Port : 52654 Destination Port : 22 Sequence Number : 2756443999 Ack Number : 3995064355 Data Offset Flags : ACK Window : 2050 Digi Connect EZ 4/4i User Guide...
Page 853: Save Captured Data Traffic To A File
> analyzer save name capture_filter is the name of a packet capture configuration. See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: Digi Connect EZ 4/4i User Guide...
Page 854: Download Captured Data To Your Pc
1. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 855: Clear Captured Data
To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. Digi Connect EZ 4/4i User Guide...
Page 856: Use The Ping Command To Troubleshoot Network Connections
Enable socket level debugging. dontfragment: Do not fragment probe packets. first_ttl: Specifies with what TTL to start. (Default: 1) gateway: Route the packet through a specified gateway. icmp: Use ICMP ECHO for probes. interface: Specifies the interface. Digi Connect EZ 4/4i User Guide...
Page 857 1. 192/8: The local network of the Connect EZ device. 2. 192.168.8.1: The local network gateway to the Internet. 3. 96/8: Charter Communications, the network provider. 4. 216/8: Google Inc. Stop the traceroute process To stop the traceroute process, enter Ctrl-C. Digi Connect EZ 4/4i User Guide...
Page 858 Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi Connect EZ 4/4i User Guide...
Page 859: Command Line Interface
You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 860: Exit The Command Line Interface
3. Log into the Connect EZ command line as a user with Admin access. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. The Admin CLI prompt appears. > Digi Connect EZ 4/4i User Guide...
Page 861: Display Help For Commands And Parameters
Ping a host. reboot Reboot the system. Remove a file or directory. Copy a file or directory over SSH. show Show instance statistics. system System commands. traceroute Print the route packets trace to network host. Digi Connect EZ 4/4i User Guide...
Page 862: Display Help For Individual Commands
Show network interface statistics. Show NTP information. openvpn Show OpenVPN statistics. route Show IP routing information. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. wifi Show Wi-Fi statistics. > show Digi Connect EZ 4/4i User Guide...
Page 863: Use The Tab Key Or The Space Bar To Display Abbreviated Help
(config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect EZ 4/4i User Guide...
Page 864: Available Commands
Display status and statistics using the show command for more information about the show command. system Issues commands related to system functionality. traceroute Sends and tracks route packets to a destination host. update Updates the device firmware. Digi Connect EZ 4/4i User Guide...
Page 865: Use The Scp Command
To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the Connect EZ device, issue the following command: > scp host 192.168.4.1 user admin remote /home/admin/bin/Connect EZ- 22.2.9.85.bin local /etc/config/scripts to local admin@192.168.4.1's password: adminpwd Connect EZ-22.2.9.85.bin 100% 36MB 11.1MB/s 00:03 > Digi Connect EZ 4/4i User Guide...
Page 866: Display Status And Statistics Using The Show Command
> show config auth tacacs+ service "login" auth user admin password "$2a$05$WlJQhquI7BgsytkpobKhaeLPtWraGANBcrlEaJX/wJv63JENW/HOu" add auth user test add auth user test group end "admin" add auth user test group end "serial" auth user test password "$2a$05$RdGYz1sLKbWrqe6cZjlsd.otg03JZR6n9939XV6EYWUSP0tMAzO5W" Digi Connect EZ 4/4i User Guide...
Page 867: Show System
Device configuration using the command line interface The config command allows for device configuration from the command line. All configuration tasks that can be performed by using the WebUI can also be performed by using the config command. Digi Connect EZ 4/4i User Guide...
Page 868: Execute Configuration Commands At The Root Admin Cli Prompt
> config ? Will display the following help information: > config ? Additional Configuration ------------------------------------------------------------------------- application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System Digi Connect EZ 4/4i User Guide...
Page 869 Additional Configuration ------------------------------------------------------------------------- Access control list mdns > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Digi Connect EZ 4/4i User Guide...
Page 870: Configuration Mode
(config service)> 2. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> Digi Connect EZ 4/4i User Guide...
Page 871: Save Changes And Exit Configuration Mode
Reverts the configuration to default revert settings. See The revert command more information. show Displays configuration settings. Adds a named element, or an element in a list. See Manage elements in lists for information about using the add Digi Connect EZ 4/4i User Guide...
Page 872: Display Command Line Help In Configuration Mode
At the config prompt, enter service ?: (config)> service ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> Digi Connect EZ 4/4i User Guide...
Page 873 Enter ? to display help for the ssh node: (config service ssh)> ? Either of these methods will display the following information: (config)> service ssh ? SSH: An SSH server for managing the device. Parameters Current Value Digi Connect EZ 4/4i User Guide...
Page 874: Move Within The Configuration Schema
Format: true, false, yes, no, 1, 0 Default value: true Current value: true (config)> service ssh enable Move within the configuration schema You can perform configuration tasks at the CLI by moving within the configuration. Digi Connect EZ 4/4i User Guide...
Page 875: Manage Elements In Lists
When working with lists, these actions require an index number to identify the list item that will be acted on. Add elements to a list When used with parameters that contains lists of elements, the add command is used to add an element to the list. Digi Connect EZ 4/4i User Guide...
Page 876 (config)> Delete elements from a list When used with parameters that contains lists of elements, the del command is used to delete an element in the list. For example, to delete an authentication method: Digi Connect EZ 4/4i User Guide...
Page 877: The Revert Command
The revert command is used to revert changes to the Connect EZ device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used. Digi Connect EZ 4/4i User Guide...
Page 878 (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 879: Enter Strings In Configuration Commands
Example: Create a new user by using the command line In this example, you will use the Connect EZ command line to create a new user, provide a password for the user, and assign the user to authentication groups. Digi Connect EZ 4/4i User Guide...
Page 880 (config auth user user1)> 5. List available authentication groups: (config auth user user1)> show ..group admin admin enable true nagios enable false openvpn enable false no tunnels portal enable false no portals Digi Connect EZ 4/4i User Guide...
Page 881 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 882: Command Line Reference
Digi Connect EZ 4/4i User Guide...
Page 883: Analyzer Clear
Clears the traffic captured by the analyzer. Digi Connect EZ 4/4i User Guide...
Page 884: Analyzer Save
Stops the traffic capture session. Syntax analyzer stop <name> Parameters name: Name of the capture filter to use. clear dhcp-lease ip-address Clear the DHCP lease for the specified IP address. Syntax clear dhcp-lease ip-address ADDRESS Digi Connect EZ 4/4i User Guide...
Page 885: Clear Dhcp-Lease Mac
The destination path to copy the source file or directory to. force: Do not ask to overwrite the destination file if it exists. help Show CLI editing and navigation commands. Syntax help Parameters None Digi Connect EZ 4/4i User Guide...
Page 886 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. Digi Connect EZ 4/4i User Guide...
Page 887: Mkdir
The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware list List modem firmware files found in the /opt/[MODEM_MODEL]/ directory. Digi Connect EZ 4/4i User Guide...
Page 888: Modem Firmware Ota Check
The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware ota check Query the Digi firmware server for the latest remote modem firmware version. Syntax modem firmware ota check [name STRING] [imei STRING] Parameters name: The configured name of the modem to execute this CLI command on.
Page 889: Modem Pin Change
Enable the PIN lock on the SIM card that is active in the modem. The SIM card will need to be unlocked before each use. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Syntax modem pin enable <pin> [name STRING] [imei STRING] Parameters pin: The SIM's PIN code. Digi Connect EZ 4/4i User Guide...
Page 890: Modem Pin Status
The IMEI of the modem to execute this CLI command on. modem puk unlock Unlock the SIM with a PUK code from the SIM provider. Syntax modem puk unlock <puk> <new-pin> [name STRING] [imei STRING] Digi Connect EZ 4/4i User Guide...
Page 891: Modem Reset
The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. monitoring Commands to clear the device's status or systems. Digi Connect EZ 4/4i User Guide...
Page 892: Monitoring Metrics Upload
The source file or directory to move. destination: The destination path to move the source file or directory to. force: Do not ask to overwrite the destination file if it exists. ping Ping a host using ICMP echo. Digi Connect EZ 4/4i User Guide...
Page 893 The number of bytes sent in the ICMP ping request. (Minimum: 0, Default: 56) count: The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. Digi Connect EZ 4/4i User Guide...
Page 894: Reboot
Command line interface Command line reference reboot Reboot the system. Parameters None Digi Connect EZ 4/4i User Guide...
Page 895 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. Digi Connect EZ 4/4i User Guide...
Page 896: Scp
Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None Digi Connect EZ 4/4i User Guide...
Page 897: Show Config
[table <status|error|info>] [number INTEGER] Parameters table: Type of event log to be displayed (status, error, info). number: Number of lines to retrieve from log. (Minimum: 1, Default: 20) show hotspot Show hotspot statistics. Digi Connect EZ 4/4i User Guide...
Page 898: Show Ipsec
Show L2TP network server status & statistics. Syntax show l2tp lns [name STRING] Parameters name: Display more details for a specific L2TP network server. show l2tpeth Show L2TPv3 ethernet tunnel session status and statistics. Syntax show l2tpeth [name STRING] Digi Connect EZ 4/4i User Guide...
Page 899: Show Location
[verbose] Parameters verbose: Display more information (less concise, more detail). show modbus-gateway Show modbus gateway status & statistics. Syntax show modbus-gateway [verbose] Parameters verbose: Display more information (less concise, more detail). show modem Digi Connect EZ 4/4i User Guide...
Page 900: Show Nemo
Display all interfaces including disabled interfaces. verbose: Display more information (less concise, more detail). show ntp Show NTP status & statistics. Syntax show ntp Parameters None show openvpn client Show OpenVPN client status & statistics. Digi Connect EZ 4/4i User Guide...
Page 901: Show Openvpn Server
Show serial status & statistics. Syntax show serial [port STRING] Parameters port: Display more details and config data for a specific serial port. show scripts Show scheduled system scripts. Syntax show scripts Digi Connect EZ 4/4i User Guide...
Page 902: Show Surelink Interface
[client STRING] [all] Parameters client: The name of the OpenVPN client. all: Show all OpenVPN clients. show system Show system status & statistics. Syntax show system [verbose] Parameters verbose: Display more information (disk usage, etc). Digi Connect EZ 4/4i User Guide...
Page 903: Show Usb
Display all VRRP instances including disabled instances. verbose: Display all VRRP status and statistics including disabled instances. show web-filter Show web filter status & statistics. Syntax show web-filter Parameters None show wifi ap Display details for Wi-Fi access points. Digi Connect EZ 4/4i User Guide...
Page 904: Show Wifi Client
Show output log for the last update interval. Parameters None show wifi-scanner blocklist Show transmitters that have been evaluated as static and not included in the output log. Syntax show wifi-scanner blocklist Digi Connect EZ 4/4i User Guide...
Page 905: Show Wifi-Scanner Candidates
Use SSH protocol to log into a remote server. Syntax ssh <host> <user> [port INTEGER] [command STRING] Parameters host: The hostname or IP address of the remote host. user: The username to use when connecting to the remote host. Digi Connect EZ 4/4i User Guide...
Page 906: System Backup
Syntax system disable-cryptography Parameters None system duplicate-firmware Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Syntax system duplicate-firmware Parameters None system factory-erase Digi Connect EZ 4/4i User Guide...
Page 907: System Find-Me
Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update.
Page 908: System Firmware Update
<script> Parameters script: Script to start. system script stop Stop an active running script. Scripts scheduled to run again will still run again (disable a script to prevent it from running again). Digi Connect EZ 4/4i User Guide...
Page 909: System Serial Clear
Displays the serial log on the screen. Syntax system serial show <port> Parameters port: Serial port. system serial start Start logging data on a serial port. Syntax system serial start <port> [size INTEGER] Digi Connect EZ 4/4i User Guide...
Page 910: System Serial Stop
The date in year-month-day hour:minute:second format (e.g "2021-09-26 12:24:48"). system time sync Perform a NTP query to the configured server(s) and set the local time to the first server that responds. Syntax system time sync Parameters None system time test Digi Connect EZ 4/4i User Guide...
Page 911: Telnet
For IPv4, set the Type of Service (ToS) and Precedence value. Useful values are 16 (low delay) and 8 (high throughput). Note that in order to use some TOS precedence values, you have to be super Digi Connect EZ 4/4i User Guide...
Page 912 Use ICMP ECHO for probes. nomap: Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. Digi Connect EZ 4/4i User Guide...
Page 913 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi Connect EZ 4/4i User Guide...
Page 914: English
Explosion Hazard – Substitution of components may impair suitability for Class I, Division 2. The extended temperature plug-in power supply (76002079 / 24000141) that is included with the EZ04-IAG4-EXT and EZ04-IA00-EXT kits is not certified for C1D2 and must not be used in C1D2-rated hazardous locations. Digi Connect EZ 4/4i User Guide...
Page 915: Bulgarian--Бъ Л Га Рс Ки
с е рт иф ицира но з а C1D2 и не т ря бв а да с е из пол з в а в опа с ни м е с т а с ре йт инг C1D2. Digi Connect EZ 4/4i User Guide...
Page 916: Croatian--Hrvatski
Opasnost od eksplozije. Zamjena komponenata može naštetiti prikladnosti za klasu I, odjel Priključno napajanje s produženom temperaturom (76002079 /24000141) koje je uključeno u komplete EZ04-IAG4-EXT i EZ04-IA00-EXT nije certificirano za C1D2 i ne smije se koristiti na opasnim mjestima s ocjenom C1D2. Digi Connect EZ 4/4i User Guide...
Page 917: French--Français
Le bloc d'alimentation enfichable à température étendue (76002079 / 24000141) qui est inclus avec les kits EZ04-IAG4-EXT et EZ04-IA00-EXT n'est pas certifié pour C1D2 et ne doit pas être utilisé dans des emplacements dangereux classés C1D2. Digi Connect EZ 4/4i User Guide...
Page 918: Greek--Ε Λλην Ικά
περ ιλαμβάν ετ αι σ τ α κιτ EZ04-IAG4-EXT και EZ04-IA00-EXT δεν είν αι πισ τ οποιημέν ο γ ια C1D2 και δεν πρ έπει ν α χ ρ ησ ιμοποιείτ αι σ ε επικίν δυν ες τ οποθεσ ίες με βαθμολογ ία C1D2. Digi Connect EZ 4/4i User Guide...
Page 919: Hungarian--Magyar
Robbanásveszély. Az alkatrészek cseréje ronthatja az alkalmasságot az I. osztály 2. osztályához. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. Digi Connect EZ 4/4i User Guide...
Page 920: Italian--Italiano
Classe I, Divisione 2. L'alimentatore plug-in per temperatura estesa (76002079 / 24000141) incluso con i kit EZ04- IAG4-EXT e EZ04-IA00-EXT non è certificato per C1D2 e non deve essere utilizzato in aree pericolose classificate C1D2. Digi Connect EZ 4/4i User Guide...
Page 921: Latvian--Latvietis
Sprādziena briesmas. Komponentu aizstāšana var mazināt piemērotību I klases 2. nodaļai. Paplašinātās temperatūras kontaktdakšas barošanas avots (76002079 /24000141), kas iekļauts komplektos EZ04-IAG4-EXT un EZ04-IA00-EXT, nav sertificēts C1D2, un to nedrīkst izmantot bīstamās vietās ar C1D2 novērtējumu. Digi Connect EZ 4/4i User Guide...
Page 922: Lithuanian--Lietuvis
Sprogimo pavojus. Pakeitus komponentus, gali sumažėti tinkamumas I klasės 2 skyriui. Išplėstinės temperatūros kištukinis maitinimo šaltinis (76002079 /24000141), kuris yra komplekte su EZ04-IAG4-EXT ir EZ04-IA00-EXT, nėra sertifikuotas C1D2 ir negali būti naudojamas pavojingose v ietose, kuriose yra C1D2 įvertinimas. Digi Connect EZ 4/4i User Guide...
Page 923: Polish--Polskie
Zagrożenie wybuchem. Zamiana części może pogorszyć przydatność do klasy I, dział 2. Zasilacz wtykowy o zwiększonej temperaturze (76002079 / 24000141), który jest dołączony do zestawów EZ04-IAG4-EXT i EZ04-IA00-EXT, nie jest certyfikowany dla C1D2 i nie może być używany w lokalizacjach niebezpiecznych C1D2. Digi Connect EZ 4/4i User Guide...
Page 924: Portuguese--Português
Classe I, Divisão 2. A fonte de alimentação plug-in de temperatura estendida (76002079/24000141) incluída nos kits EZ04-IAG4-EXT e EZ04-IA00-EXT não é certificada para C1D2 e não deve ser usada em locais perigosos com classificação C1D2. Digi Connect EZ 4/4i User Guide...
Page 925: Slovak--Slovák
Nebezpečenstvo výbuchu. Nahradenie komponentov môže zhoršiť vhodnosť pre triedu I, divíziu 2. Zásuvný napájací zdroj s predĺženou teplotou (76002079 /24000141), ktorý je súčasťou súprav EZ04-IAG4-EXT a EZ04-IA00-EXT, nie je certifikovaný pre C1D2 a nesmie sa používať v nebezpečných oblastiach s klasifikáciou C1D2. Digi Connect EZ 4/4i User Guide...
Page 926: Slovenian--Esloveno
Nevarnost eksplozije. Nadomestitev komponent lahko poslabša ustreznost razreda I, oddelek 2. Vtični napajalnik s podaljšano temperaturo (76002079 /24000141), ki je vključen v komplete EZ04-IAG4-EXT in EZ04-IA00-EXT, ni certificiran za C1D2 in se ga ne sme uporabljati na nevarnih lokacijah z oceno C1D2. Digi Connect EZ 4/4i User Guide...
Page 927: Spanish--Español
Clase I, División 2. La fuente de alimentación enchufable de temperatura extendida (76002079/24000141) que se incluye con los kits EZ04-IAG4-EXT y EZ04-IA00-EXT no está certificada para C1D2 y no debe usarse en ubicaciones peligrosas clasificadas como C1D2. Digi Connect EZ 4/4i User Guide...
Page 928: Digi Connect Ez Regulatory And Safety Statements
European Community - CE Mark Declaration of Conformity (DoC) Digi has issued Declarations of Conformity for the Connect EZ concerning emissions, EMC, and safety. For more information, see www.digi.com/resources/certifications. Important note Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market.
Page 929: Uk Conformity Assessed (Ukca) Labeling Requirements
Digi Connect EZ regulatory and safety statements CE and UKCA OEM labeling requirements The CE mark shall consist of the initials “CE” taking the following form: If the CE marking is reduced or enlarged, the proportions given in the above graduated drawing must be respected.
Page 930: Innovation, Science, And Economic Development Canada (Ic) Certifications
Communications du Canada. RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments of...
Page 931: Safety Statements For Connect Ez 4I Only
However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance. Digi International assumes no liability for an end user’s failure to comply with these precautions.
Page 932: Product Disposal Instructions
Digi Connect EZ regulatory and safety statements Product disposal instructions Product disposal instructions The WEEE (Waste Electrical and Electronic Equipment: 2002/96/EC) directive has been introduced to ensure that electrical/ electronic products are recycled using the best available recovery techniques to minimize the impact on the environment.

This manual is also suitable for:

Connect ez 4i