Table of Contents

Advertisement

Quick Links

LR54
User Guide
Firmware version 22.8

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the LR54 and is the answer not in the manual?

Questions and answers

Summary of Contents for Digi LR54

  • Page 1 LR54 User Guide Firmware version 22.8...
  • Page 2: Revision History-90002386

    Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity. Wi-Fi enhancements: Removed requirement to set a Wi-Fi SSID and passphrase to initially configure the device.
  • Page 3 Added ability to control if DHCP addresses are assigned sequentially or randomly (disabled by default). Added 802.1x port-based network access control, configurable per network interface. Release of Digi LR54 firmware version 21.11: December 2021 Configuration option to allow for automatic update of new firmware (disabled by default).
  • Page 4 Support for sending analog and digial I/O health metrics to Digi Remote Manager. Added show containers Admin CLI command. Release of Digi LR54 firmware version 22.2: March 2022 VPN enhancements: Renamed VPN > IPsec > Tunnels > Policies > Local network setting to Local traffic selector and added Remote traffic selector.
  • Page 5 TCP socket connection is opened to the serial port. New cat Admin CLI command for displaying file contents. Release of Digi LR54 firmware version 22.5: June 2022 5G enhancements: Added 5G slice support for configuring the slice type for the 5G modems.
  • Page 6 New settings to control the NMEA message content that the devices sends when there is no valid fix from any of the configured location sources. Release of Digi LR54 firmware version 22.8: September 2022 Cellular modem enhancements: Added modem ota download and system firmware ota download commands for downloading cellular modem and device firmware.
  • Page 7 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 8 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (LR54 User Guide, 90002386 N) in the subject line of your email. LR54 User Guide...
  • Page 9: Table Of Contents

    What's new in Digi LR54 version 22.8 Digi LR54 Quick Start Step 1: Connect your device Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager Step 4: Register your device Step 5: Complete setup Step 6: Configure cellular APN...
  • Page 10 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple LR54 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 11 Isolate Wi-Fi clients Isolate clients connected to the same access point Isolate clients connected to different access points Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics LR54 User Guide...
  • Page 12 Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Configure device two (backup device) Show VRRP status and statistics Virtual Private Networks (VPN) IPsec IPsec data protection IPsec mode IPsec modes LR54 User Guide...
  • Page 13 Location information Configure the location service Configure the device to use a user-defined static location Configure the device to accept location messages from external sources Forward location information to a remote host Configure geofencing Show location information LR54 User Guide...
  • Page 14 Create and test a Python application Python modules The use(led) function Releasing the LEDs to system control Set up the LR54 to automatically run your applications Configure scripts to run automatically Show script information Stop a script that is currently running...
  • Page 15 Configure your LR54 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your LR54 device to use a RADIUS server LDAP LDAP user configuration LDAP server failover and fallback to local configuration...
  • Page 16 Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the LR54 device to use custom factory default settings Locate the device by using the Find Me feature Configuration files Save configuration changes...
  • Page 17 Ping to check internet connection 1024 Stop ping commands 1024 Use the traceroute command to diagnose IP routing problems 1024 Digi LR54 regulatory and safety statements RF exposure statement 1026 Federal Communication (FCC) Part 15 Class B 1026 Radio Frequency Interference (RFI) (FCC 15.105)
  • Page 18 1084 analyzer start 1084 analyzer stop 1084 clear dhcp-lease ip-address 1084 clear dhcp-lease mac 1085 container create 1085 container delete 1085 1085 help 1086 1087 mkdir 1088 modem at 1088 modem at-interactive 1088 modem firmware check 1088 LR54 User Guide...
  • Page 19 1101 show network 1101 show ntp 1102 show openvpn client 1102 show openvpn server 1102 show route 1102 show scep-client 1103 show scripts 1103 show serial 1103 show surelink interface 1103 show surelink ipsec 1103 LR54 User Guide...
  • Page 20 1110 system serial save 1110 system serial show 1111 system serial start 1111 system serial stop 1111 system support-report 1111 system time set 1112 system time sync 1112 system time test 1112 telnet 1112 traceroute 1112 LR54 User Guide...
  • Page 21: What's New In Digi Lr54 Version 22.8

    CHAPv2) as an option for L2TP network servers authentication methods. Container support: Container support now a premium feature, enabled through Digi Remote Manager. Added new metrics for sending container status, name, CPU load, and disk usage as datapoints to DigiRM.
  • Page 22: Digi Lr54 Quick Start

    2. Attach cellular antennas. Securely finger tighten each antenna to the threaded barrel using the nut at the base of the antenna. 3. Using an Ethernet cable, connect the LR54's WAN/ETH1 port to the internet, such as a home LR54 User Guide...
  • Page 23: Step 2: Connect Dc Power

    LAN Ethernet port in an office environment. Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager If you already have a Digi Remote Manager account, skip to Register your device. If you prefer to configure the device locally rather than using Remote Manager, see...
  • Page 24: Step 5: Complete Setup

    Digi LR54 Quick Start Step 5: Complete setup Step 5: Complete setup 1. The device should connect within a couple of minutes. 2. If newer firmware is available, Remote Manager will prompt you to update the device. Click Update to update the firmware. Remote Manager will perform the update in the background and let you know when the device is up to date.
  • Page 25: Digi Lr54 Hardware Reference

    Superior network performance management through Digi Remote Manager (DRM) Global deployment support Digi LR54 front and back views The following figures show front and back views of the Digi LR54. 1. Secondary Wi-Fi antenna connector (Wi-Fi-enabled models only). 2. Secondary cellular antenna.
  • Page 26: Digi Lr54 Leds

    10. Ethernet connectors. Digi LR54 LEDs The Digi LR54 has LEDs on the top front panel, and LEDs on the back of the model that indicate network links and activity. During bootup, the front-panel LEDs light up in sequence to indicate boot progress.
  • Page 27: Digi Lr54 Serial Connector Pinout

    Off: No Ethernet link detected. Solid green: Ethernet link detected. Blinking green: Indicates Ethernet traffic. Digi LR54 serial connector pinout The LR54 is a DCE device. The pinout for the DB9 serial connector is as follows: DTE signal Signal name RS232 signal...
  • Page 28 Digi LR54 hardware reference QR code definition QR code items Semicolon separated list of: ProductName;DeviceID;Password;SerialNumber;SKUPartNumber-SKUPartRevision Example LR54;00000000-00000000-112233FF-FF445566;PW1234567890;50001001-00 LR54 User Guide...
  • Page 29: Hardware Setup

    Hardware setup This chapter contains the following topics: Install SIM cards Digi LR54 Mounting options Connect data cables Connect antennas LR54 power connector LR54 User Guide...
  • Page 30: Install Sim Cards

    2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the LR54 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
  • Page 31: Tips For Improving Cellular Signal Strength

    Antenna Extender Kit, Digi LR54 Mounting options The Digi LR54 Wall-Mount Kit (part number 78000001) is available separately for wall-mounting. It contains two mounting brackets and four screws. You will need to supply additional self-tapping screws and sleeve anchors as needed.
  • Page 32: Mount The Digi Lr54 On A Wall

    Hang the Digi LR54 on a wall Tighten two self-tapping screws to wall, but leave a small part of screw protruding from the wall. To hang the Digi LR54 on the wall, center the holes of the mounting brackets on the two wall- mounted screws.
  • Page 33: Connect Data Cables

    Single Wi-Fi models: Wi-Fi-1/Wi-Fi-2 Dual Wi-Fi models: Wi-Fi1-1/Wi-Fi1-2 and Wi-Fi2-1/Wi-Fi2-2 WWAN: Single cellular models: WWAN-1/WWAN-2 Dual cellular models: WWAN1-1/WWAN1-2 and WWAN2-1/WWAN2-2 LR54 power connector The LR54 has a power connector located on the back of the device: LR54 User Guide...
  • Page 34: Firmware Configuration

    Change the default password for the admin user Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access points Configuration methods Using Digi Remote Manager Using the local web interface Use the local REST API to configure the LR54 device Using the command line LR54 User Guide...
  • Page 35: Review Lr54 Default Settings

    Firmware configuration Review LR54 default settings Review LR54 default settings You can review the default settings for your LR54 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the LR54 WebUI as a user with Admin access. See Using the local web interface details.
  • Page 36 Firewall zone: Setup IP address LAN1 192.168.210.1/24 Default Link-local IP Bridge: Firewall zone: Setup IP address LAN1 169.254.100.100/16 Wi-Fi (available Wi-Fi access point: Digi AP (Wi- Wi-Fi1 Enabled with LR54W SSID: Digi-LR54W- Fi1) radio models only) serial_number Encryption: WPA2 Personal (PSK)
  • Page 37 Firmware configuration Review LR54 default settings Interface type Preconfigured interfaces Devices Default configuration Hotspot access point: Digi Wi-Fi1 Disabled SSID: Digi Hotspot Hotspot AP (Wi-Fi1) radio Encryption: Open (Unencrypted) Hotspot access point: Digi Wi-Fi2 Disabled SSID: Digi Hotspot Hotspot AP (Wi-Fi2)
  • Page 38: Other Default Configuration Settings

    To change the default password for the admin user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 39    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 40: Reset Default Ssids And Pre-Shared Keys For The Preconfigured Wi-Fi Access Points

    Pre-shared key: The unique password printed on the bottom label of the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 41    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 42: Configuration Methods

    With the Remote Manager, you can configure your LR54 device and use the configuration as a basis for a Remote Manager configuration which can be applied to other similar devices.
  • Page 43: Using Digi Remote Manager

    Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your LR54 device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager, either: As part of the getting started process.
  • Page 44: Log Out Of The Web Interface

    On the main menu, click your user name. Click Log out. Use the local REST API to configure the LR54 device Your LR54 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
  • Page 45: Use The Get Method To Return Device Configuration Information

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 46 Firmware configuration Use the local REST API to configure the LR54 device multicast Multicast ping Ping responder snmp SNMP telnet Telnet web_admin Web administration (config)> service For example, to use curl to return the ssh configuration: $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh -...
  • Page 47: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Firmware configuration Use the local REST API to configure the LR54 device Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters, use the POST method with the path and value parameters.
  • Page 48 Firmware configuration Use the local REST API to configure the LR54 device where path is the path to the list item, including the list number, in dot notation (for example, service.ssh.acl.zone.4). For example, to remove the external firewall zone to the ssh service: 1.
  • Page 49: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the LR54 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
  • Page 50: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the LR54 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...
  • Page 51: Central Management

    Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple LR54 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 52: Digi Remote Manager Support

    This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 53 HTTP proxy server support. To configure your device's Digi Remote Manager support:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 54 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the LR54 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 55 For Destination phone number, type the phone number for the remote cloud services. d. (Optional) Type the Service identifier. 17. (Optional) Configure the LR54 device to communicate with remote cloud services by using an HTTP proxy server: a. Click to expand HTTP Proxy.
  • Page 56 Central management Configure your device for Digi Remote Manager support 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 57 (config)> cloud drm keep_alive 600s (config)> 8. (Optional) Set the amount of time that the LR54 device should wait between sending keep- alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 58 (Optional) Set the service identifier: (config)> cloud drm sms sercice_id id (config)> 16. (Optional) Configure the LR54 device to communicate with remote cloud services by using an HTTP proxy server: a. Enable the use of an HTTP proxy server: (config)> cloud drm proxy enable true (config)>...
  • Page 59: Collect Device Health Data And Set The Sample Interval

    To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 60    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 61 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
  • Page 62: Enable Event Log Upload To Digi Remote Manager

    To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: LR54 User Guide...
  • Page 63    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 64: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
  • Page 65: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
  • Page 66: Configure Multiple Lr54 Devices By Using Digi Remote Manager Configurations

    Remote Manager configurations. Typically, if you want to provision multiple LR54 routers: 1. Using the LR54 local WebUI, configure one LR54 router to use as the model configuration for all subsequent LR54s you need to manage. 2. Register the configured LR54 device in your Remote Manager account.
  • Page 67: View Digi Remote Manager Connection Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 68: Learn More

    Central management Learn more Learn more To learn more about Digi Remote Manager features and functions, see the Digi Remote Manager User Guide. LR54 User Guide...
  • Page 69: Interfaces

    Interfaces LR54 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs)
  • Page 70: Wide Area Networks (Wans)

    Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The LR54 device is preconfigured with one Wide Area Network (WAN), named WAN1, and Wireless Wide Area Network (WWAN), named WWAN. Default Interface type Preconfigured interfaces Devices configuration Wide Area WAN1...
  • Page 71: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    The metric for each WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 72 On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Set the metrics for WWAN: a. Click Network > Interfaces > WWAN > IPv4. b. For Metric, type 1. c. Click IPv6. d. For Metric, type 1. LR54 User Guide...
  • Page 73    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 74: Wan/Wwan Failover

    WAN, and its Ethernet WAN, WAN1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the LR54 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
  • Page 75: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the LR54 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 76 SureLink will: The device will: 1. First SureLink failure: Nothing will happen. 2. Second SureLink failure: The interface will restart. 3. Third SureLink failure: The modem will reset. 4. Fourth SureLink failure: The interface will restart again. LR54 User Guide...
  • Page 77 7. Seventh Surelink failure: The device will reboot.    Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 78 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the LR54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 79 For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. 14. Optional active recovery configuration parameters: a. Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. LR54 User Guide...
  • Page 80 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 81 Interfaces Wide Area Networks (WANs) LR54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover. (config network interface my_wan> ipv4 surelink enable true (config network interface my_wan)>...
  • Page 82 Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> LR54 User Guide...
  • Page 83 (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)> The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: LR54 User Guide...
  • Page 84 For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. (Optional) Repeat to add additional test targets. 11. Optional active recovery configuration parameters: LR54 User Guide...
  • Page 85 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 12. (Optional) Repeat this procedure for IPv6. 13. Save the configuration and apply the change: LR54 User Guide...
  • Page 86: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the LR54 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 87 To configure the LR54 device to reboot when an interface has failed:    Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 88 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the LR54 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 89 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. (Optional) Repeat this procedure for IPv6. LR54 User Guide...
  • Page 90 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 91 Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> LR54 User Guide...
  • Page 92 (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)> The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: LR54 User Guide...
  • Page 93 For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. (Optional) Repeat to add additional test targets. 9. Optional active recovery configuration parameters: LR54 User Guide...
  • Page 94 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 10. (Optional) Repeat this procedure for IPv6. 11. Save the configuration and apply the change: LR54 User Guide...
  • Page 95: Disable Surelink

    You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 96    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 97 IP address assigned to it, that the physical link is up, and that a route is present to send traffic out of the network interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 98    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 99: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    To achieve this WAN failover from the WAN1 to the WWAN interface, the WAN failover configuration is:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
  • Page 100 Interfaces Wide Area Networks (WANs) Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
  • Page 101    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 102: Using Ethernet Devices In A Wan

    SIM1 or SIM2 up at one time. Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the LR54 device cannot connect to the network using SIM1, it LR54 User Guide...
  • Page 103 SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 104    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 105 Carrier switching is enabled by default. To disable: (config)> network modem wwan carrier_switch false (config)> 8. Set the type of cellular technology that this modem should use to access the cellular network: (config)> network modem wwan access_tech value (config)> LR54 User Guide...
  • Page 106 Type quit to disconnect from the device. Configure cellular modem APNs The LR54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 107 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 108    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 109 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 110 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 111 For Zone, select External. e. For Device, select WWAN cellular modem . f. (Optional): Configure the public APN. If the public APN is not configured, the LR54 will attempt to determine the APN. i. Click to expand APN list > APN.
  • Page 112 For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: LR54 User Guide...
  • Page 113 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. LR54 User Guide...
  • Page 114    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 115 (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> d. Configure the source address: i. Set the source type to interface: (config network route policy 0)> src type interface (config network route policy 0)> LR54 User Guide...
  • Page 116 Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> ii. Set the interface to LAN2: (config network route policy 1)> src interface LAN2 (config network route policy 1)> LR54 User Guide...
  • Page 117 Select Manual or Manual/Automatic carrier selection mode. The Network PLMN ID.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 118 Manual/Automatic—The device will attempt to connect to the carrier identified in the Network PLMN ID. If the carrier is not available, the device will fall back to using automatic carrier selection. 4. If Manual or Manual/Automatic are selected for Carrier section mode, enter the Network PLMN ID. LR54 User Guide...
  • Page 119    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 120 Wide Area Networks (WANs)    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. For the appropriate modem, scroll to the Connection Status section and click SCAN.
  • Page 121    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 122 : passing IPv6 address : 11f6:4680:0d67:59d2:552b:3429:81a8:f1ea IPv6 gateway : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 LR54 User Guide...
  • Page 123   Command line To unlock a SIM card: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 124    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 125 IMEI: 359072060451693 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 126: Configure A Wide Area Network (Wan)

    When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the LR54 device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
  • Page 127 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 128 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the LR54 device.
  • Page 129 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the LR54 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 130    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 131 (config network interface my_wan)> iii. Set the management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. (config network interface my_wan)> ipv4 mgmt num (config network interface my_wan)> LR54 User Guide...
  • Page 132 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the LR54 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 133 8. (Optional) To configure 802.1x port based network access control: Note The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the LR54 device: (config network interface my_wan)> 802_1x authentication enable true (config network interface my_wan)>...
  • Page 134: Configure A Wireless Wide Area Network (Wwan)

    The cellular modem that is used by the WWAN. Additional configuration items SIM selection for this WWAN. The SIM PIN. The SIM phone number for SMS connections. Enable or disable roaming. SIM failover configuration. APN configuration. The custom gateway/netmask. IPv4 configuration: LR54 User Guide...
  • Page 135 WAN/WWAN failures for further information.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 136 If SIM slot is selected, for Match SIM slot, select which SIM slot must be in active for this WWAN to be used. If Carrier is selected, for Match SIM carrier, select which cellular carrier must be in active for this WWAN to be used. LR54 User Guide...
  • Page 137 Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN list and APN list only, the LR54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 138 Set the MTU. g. For Use DNS: Always: DNS will always be used for this WWAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. LR54 User Guide...
  • Page 139    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 140 Set the unique SIM card ICCID that must be in active for this WWAN to be used: (config network interface my_wwan)> modem iccid ICCID (config network interface my_wwan)> imsi Set the International Mobile Subscriber Identity (IMSI) that must be in active for this WWAN to be used: LR54 User Guide...
  • Page 141 The carrier is manually configured. If the configured network is not available, automatic carrier selection is used. If manual or manual_automatic is set: a. Set the Network PLMN ID: (config network interface my_wwan)> modem operator PLMN_ID (config network interface my_wwan)> LR54 User Guide...
  • Page 142 The device will reboot if automatic SIM switching is unavailable. 12. The LR54 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 143 (config network interface my_wwan)> ipv4 mtu num (config network interface my_wwan)> f. Configure when the WWAN's DNS servers will be used: (config network interface my_wwan)> ipv4 dns value (config network interface my_wwan)> Where value is one of: LR54 User Guide...
  • Page 144 DNS server, the interface with the lowest metric will be used for DNS requests. never: Never use DNS servers for this WWAN. primary: Only use the DNS servers provided for this WWAN when the WWAN is the primary route. LR54 User Guide...
  • Page 145: Show Wan And Wwan Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 146: Delete A Wan Or Wwan

    Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, WAN1, or the preconfigured WWAN, WWAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 147    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 148: Default Outbound Wan/Wwan Ports

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Default outbound WAN/WWAN ports The following table lists the default outbound network communications for LR54 WAN/WWAN interfaces: Description TCP/UDP Port number Digi Remote Manager connection to my.devicecloud.com...
  • Page 149: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The LR54 device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for LAN1, and you can create new LANs. This section contains the following topics:...
  • Page 150: About Local Area Networks (Lans)

    The following diagram shows a LAN connected to the ETH2, ETH3, and ETH4 Ethernet devices and the Digi AP (Wi-Fi1) access point (available for Wi-Fi enabled models only). Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
  • Page 151 To create a new LAN or edit an existing LAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 152 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the LR54 device.
  • Page 153    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 154 Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/device/eth3 /network/device/eth4 /network/device/loopback /network/bridge/hotspot_bridge /network/bridge/lan1 /network/wireless/ap/digi_ap1 /network/wireless/ap/digi_ap2 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Current value: (config network interface my_lan)> device b. Set the device for the LAN: (config network interface my_lan)> device device (config network interface my_lan)> LR54 User Guide...
  • Page 155 (config network interface my_lan)> ipv4 mtu num (config network interface my_lan)> c. Enable the DHCP server: (config network interface my_lan)> ipv4 dhcp_server enable true DHCP servers for information about configuring the DHCP server. 7. (Optional) Configure IPv6 settings: LR54 User Guide...
  • Page 156 DHCPv6 server: The DHCPv6 server settings for this network interface. Parameters Current Value --------------------------------------------------------------------- ---------- enable true Enable (config network interface my_lan)> d. Modify any of the remaining default settings as appropriate. For example, to change the minimum length of the prefix: LR54 User Guide...
  • Page 157 8. (Optional) To configure 802.1x port based network access control: Note The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the LR54 device: (config network interface my_lan)> 802_1x authentication enable true (config network interface my_lan)>...
  • Page 158: Change The Default Lan Subnet

    DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 159: Example: Configure Two Lans

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 160 In this task, we will create a new bridge and configure the LAN1 and LAN2 bridges to use the following devices: LAN1 bridge: ETH2 WWAN2 cellular modem. LAN2 bridge: ETH3 Digi AP (Wi-Fi2) In task two, we will assign the new LAN2 bridge to a LAN. LR54 User Guide...
  • Page 161 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 162    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 163 Interfaces Local Area Networks (LANs) a. the Digi AP (Wi-Fi2) access point (/network/wireless/ap/digi_ap2) from the bridge, using its index number, 4, as determined above with the show command: (config)> del network bridge lan1 device 4 (config)> b. Remove the ETH4 device (/network/device/eth4) from the bridge, using its index number, 2, as determined above with the show command: (config)>...
  • Page 164 Interfaces Local Area Networks (LANs) c. the Digi AP (Wi-Fi2) access point to the bridge: (config network bridge LAN2)> add device end /network/wireless/ap/digi_ap2 (config network bridge LAN2)> d. Use the show command again to verify that the LAN2 bridge now has two devices, ETH3 and Digi AP (Wi-Fi2): (config network bridge LAN2)>...
  • Page 165 In this task, we will create a new LAN, named LAN2, to use the LAN2 bridge created in task one.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 166 Click Enable. 6. Enable the access points and set the SSIDs: a. Configure Digi AP (Wi-Fi1): i. Click Network > Wi-Fi > Access points > Digi AP (Wi-Fi1). ii. Click Enable. iii. For SSID, type Example1. iv. For Pre-shared key, enter a password that clients will use to connect to this access point.
  • Page 167    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 168 Set the SSID for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 ssid Example1 (config)> d. Set the password for the Digi AP (Wi-Fi1) access point: (config)> network wifi ap digi_ap1 encryption key_psk2 password1 (config)> LR54 User Guide...
  • Page 169: Show Lan Status And Statistics

    WAN/ETH1 Ethernet port. 2. Verify that LAN1 is operating correctly: a. Connect a device to LAN1 through the ETH2 Ethernet port, or by connecting to the Digi AP (Wi-Fi1) access point. b. Verify that the device has been provided an IP address from the LAN1 DHCP server in the 192.168.2.* subnet.
  • Page 170    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 171: Delete A Lan

    Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 172 The Configuration window is displayed. 3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 173: Dhcp Servers

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 174 Map static IP addresses to hosts for information about static leases.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 175 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the LR54 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
  • Page 176    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 177 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the LR54 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
  • Page 178 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the LR54 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 179 A label for this instance of the static lease. To map static IP addresses:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 180    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 181    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 182 Delete static IP mapping entries To delete a static IP entry:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 183    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 184 Type quit to disconnect from the device. Configure DHCP options You can configure DHCP servers running on your LR54 device to send certain specified DHCP options to DHCP clients. You can also set the user class, which enables you to specify which specific DHCP clients will receive the option.
  • Page 185 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 186    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 187 LAN. For the LR54 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 188 Additional configuration items IP address of additional DHCP relay servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 189    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 190    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 191: Create A Virtual Lan (Vlan) Route

    LAN. Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. LR54 User Guide...
  • Page 192 Local Area Networks (LANs) To create a VLAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 193    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 194: Default Services Listening On Lan Ports

    IP address assigned to it on a WAN or cellular modem interface, to a client connected to a LAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 195 9. (Optional) Packet filtering is disabled by default. Toggle on to enable. If packet filtering is disabled, traffic is allowed in both directions and it is the responsibility of the external device to provide its own firewall. LR54 User Guide...
  • Page 196 14. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the LR54 device.
  • Page 197    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 198 /network/device/eth3 /network/device/eth4 /network/device/loopback /network/bridge/hotspot_bridge /network/bridge/lan1 /network/wireless/ap/digi_ap1 /network/wireless/ap/digi_ap2 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Current value: (config network interface ip_passthrough_interface)> device b. Set the device for the interface: (config network interface ip_passthrough_interface)> device device (config network interface my_wan)> 7. Set passthrough options LR54 User Guide...
  • Page 199 See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring SureLink for active recovery. 9. (Optional) Configure IPv6 settings: a. Enable IPv6 support: (config network interface ip_passthrough_interface)> ipv6 enable true (config network interface ip_passthrough_interface)> LR54 User Guide...
  • Page 200 Modify any of the remaining default settings as appropriate. 10. (Optional) To configure 802.1x port based network access control: Note The LR54 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the LR54 device: (config network interface ip_passthrough_interface)>...
  • Page 201: Bridging

    Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. By default, the LR54 has the following preconfigured bridges: You can modify configuration settings for the existing bridge, and you can create new bridges.
  • Page 202: Edit The Preconfigured Lan1 Bridge

    Enable Spanning Tree Protocol (STP). To edit the preconfigured LAN1 bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 203    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 204 3 /network/wireless/ap/digi_ap1 4 /network/wireless/ap/digi_ap2 (config)> ii. Use the index number to delete the appropriate device. For example, to delete the Digi AP (Wi-Fi1) Wi-Fi access point from the bridge: (config)> del network bridge lan device 3 (config)> Note If you are deleting multiple devices from the bridge, the device index may be reordered after each deletion.
  • Page 205 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge my_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> 5. (Optional) Enable Spanning Tree Protocol (STP).
  • Page 206: Configure A Bridge

    Enable Spanning Tree Protocol (STP). To create a bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 207 For Forwarding delay, enter the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data. The default is 2 seconds. 8. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 208    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 209: Show Surelink Status And Statistics

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 210: Show Surelink Status For A Specific Interface

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 211: Show Surelink Status For A Specific Ipsec Tunnel

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 212: Show Surelink Status For A Specific Openvpn Client

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 213: Serial Port

    Serial port LR54 devices have a single serial port that provides access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.
  • Page 214: Configure Login Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 215    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 216: Configure Remote Access Mode

    Remote Access mode allows for remote access to another device that is connected to the serial port. To change the configuration to match the serial configuration of the device to which you want to connect:    Web LR54 User Guide...
  • Page 217 Serial port Configure Remote Access mode 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 218 Click to expand the appropriate type of service. iv. Click to expand Access Control List. For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: LR54 User Guide...
  • Page 219 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: i. Click Interfaces. ii. For Add Interface, click .
  • Page 220 For Idle timeout, type the amount of time to wait before disconnecting due to user inactivity. 11. Expand Monitor Settings. a. Enable CTS to monitor CTS (Clear to Send) changes on this port. b. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port. LR54 User Guide...
  • Page 221    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 222 The default is 4000 bytes. d. Set the amount of time to wait before disconnecting due to user inactivity: (config)>serial port1 idle_timeout value (config) where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. LR54 User Guide...
  • Page 223 To disable: (config)>serial port1 autoconnect flush_string false (config)> The default is always. c. Set the option that initiates the connection: LR54 User Guide...
  • Page 224 (config)>serial port1 autoconnect nodely true (config)> h. Set the text to be transmitted to the remote server when the socket connects: (config)>serial port1 socketid string (config)> 14. (Optional) Configure data framing: a. Enable data framing: (config)>serial port1 framing enable true (config) LR54 User Guide...
  • Page 225 Enable TCP nodelay messages: (config)>serial port1 service ssh nodelay true (config)> v. (Optional) Configure access control: To limit access to specified IPv4 addresses and networks: (config)> add serial port1 service ssh acl address end value (config)> Where value can be: LR54 User Guide...
  • Page 226 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add serial port1 service ssh acl interface end value (config)>...
  • Page 227 1 and 65535. The default is 4001. iii. Enable TCP keep-alive messages: (config)>serial port1 service tcp keepalive true (config)> iv. Set the option that initiates the connection: (config)>serial port1 service tcp conn_type value (config)> LR54 User Guide...
  • Page 228 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add serial port1 service tcp acl interface end value (config)>...
  • Page 229 ------------------------------------------------- ------------------------------ dynamic_routes edge external hotspot internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vii. (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service tcp mdns enable true (config)> c. Configure telnet settings: LR54 User Guide...
  • Page 230 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: LR54 User Guide...
  • Page 231 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external hotspot internal LR54 User Guide...
  • Page 232: Configure Application Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 233    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 234: Configure Ppp Dial-In Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 235 12. For Authentication method, select the method used to authenticate the remote peer. Allowed values are: None: No authentication is required. Automatic: Attempt to authenticate using CHAP first, and then PAP. CHAP: Use Challenge Handshake Authentication Protocol (CHAP) to authenticate. PAP: Use Password Authentication Protocol (PAP) to authenticate. LR54 User Guide...
  • Page 236 -r line; do case "$line" in ATDT123) echo "CONNECT" # instruct the peer to start PPP exit 0 # start up the local PPP session AT*) echo "OK" # passively accept any other AT command LR54 User Guide...
  • Page 237    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 238 12. Set the priority of routes associated with this interface. If there are multiple active routes that match a destination, then the route with the lowest metric will be used. (config)> serial port1 ppp_dialin metric int (config)> LR54 User Guide...
  • Page 239 If override is not enabled, the custom PPP configuration file is used in addition to the default configuration. c. Paste or type the configuration data in the format of a pppd options file: (config)> serial port1 ppp_dialin custom config_file data (config)> LR54 User Guide...
  • Page 240 16. Save the configuration and apply the change: (config)> save Configuration saved. > 17. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 241: Configure Udp Serial Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 242 Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. 8. Expand UDP Serial Settings. a. For Local port, enter the UDP port. The default is 4001 or serial port 1, 4002 for serial port 2, etc. LR54 User Guide...
  • Page 243 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the LR54 sends new data from the last IP address and port from which data was received. To add a destination: i.
  • Page 244 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: LR54 User Guide...
  • Page 245    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 246 10. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Allowed values are: none rts/cts xon/xoff The default is none. 11. (Optional) Configure data framing: a. Enable data framing: (config)>serial port1 framing enable true (config) LR54 User Guide...
  • Page 247 (config)> 14. Configure the remote sites to which you want to send data. If you do not specify any destinations, the LR54 send new data to the last hostname and port from which data was received. To add a destination: i.
  • Page 248 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 249 (config)> add serial port1 udp acl address end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. LR54 User Guide...
  • Page 250 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 251: Configure Modbus Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. LR54 User Guide...
  • Page 252 1. Set the baud rate used by the device to which you want to connect: (config)>path-parambaudrate rate (config)> 2. Set the number of data bits used by the device to which you want to connect: (config)>path-paramdatabits bits (config)> LR54 User Guide...
  • Page 253    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 254 2. Set the number of data bits used by the device to which you want to connect: (config)>path-paramdatabits bits (config)> 3. Set the type of parity used by the device to which you want to connect: (config)>path-paramparity parity (config)> Allowed values are: even none The default is none. LR54 User Guide...
  • Page 255: Show Serial Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 256: Log Serial Port Messages

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 257 /etc/config/serial will be used as the root directory for the path and file. 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 258 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics LR54 User Guide...
  • Page 259: Wi-Fi

    The password for the default access point is the unique password as found on the device's label. See Reset default SSIDs and pre-shared keys for the preconfigured Wi-Fi access points for information about changing the default SSID and password. Default Wi-Fi configuration The default Wi-Fi configuration of the LR54W device is: LR54 User Guide...
  • Page 260 Enabled Encyrption WPA2 Personal (PSK) WPA2 Personal (PSK) Pre-shared key Default password as found on Default password as found on the device's label the device's label Group rekey interval 10 minutes 10 minutes Client mode connections: none. LR54 User Guide...
  • Page 261: Configure The Wi-Fi Radio's Channel

    DFS channels in client mode for information about enabling DFS support.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 262    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 263: Configure The Wi-Fi Radio To Support Dfs Channels In Client Mode

    If DFS functionality is enabled, any access points enabled on the LR54W device will not be started. Required configuration items Enable DFS support. One or more configured Wi-Fi clients. See Configure a Wi-Fi client and add client networks details.    Web LR54 User Guide...
  • Page 264 Wi-Fi Configure the Wi-Fi radio to support DFS channels in client mode 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 265: Configure The Wi-Fi Radio's Band And Protocol

    2.4 GHz b/g/n band, and Wi-Fi2 radio only supports 5 GHz ac/n.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 266 Configure the Wi-Fi radio's band and protocol 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 267 Wi-Fi Configure the Wi-Fi radio's band and protocol 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 268: Configure The Wi-Fi Radio's Transmit Power

    100 percent. You can configure the Wi-Fi radio to transmit at a lower power.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 269    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 270: Configure An Open Wi-Fi Access Point

    The amount of time to wait before changing the group key. To configure a Wi-Fi access point with no security:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 271 7. (Optional) Enable Isolate clients to prevent clients that are connected to this access point from communicating with each other. See Isolate Wi-Fi clients for information about how to prevent clients connected to different access points from communicating with each other. LR54 User Guide...
  • Page 272   Command line Configure a new Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 273 The group key is shared by all in clients of the access point, and after a client has disconnected, it will be able to use the group key to decrypt broadcast packets until the key is changed. LR54 User Guide...
  • Page 274 Type quit to disconnect from the device. Edit an existing Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 275 Additional Configuration --------------------------------------------------------------------- ---------- wifi1 Wi-Fi1 radio wifi2 Wi-Fi2 radio (config)> b. Set the appropriate radio: (config)> network wifi ap digi_ap1 radio wifi1 (config)> 9. (Optional) Set the amount of time to wait before changing the group key. LR54 User Guide...
  • Page 276: Configure A Wi-Fi Access Point With Personal Security

    By default, the LR54W device comes with two preconfigured access points, Digi AP (Wi-Fi1) and Digi AP (Wi-Fi2). You cannot delete default access points, but you can modify them or you can create your own access points.
  • Page 277 To configure a Wi-Fi access point to use personal security:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 278 The group key is shared by all in clients of the access point, and after a client has disconnected, it will be able to use the group key to decrypt broadcast packets until the key is changed. LR54 User Guide...
  • Page 279   Command line Configure a new Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 280 If type is set to psk, key_type is key_psk. If type is set to mixedpsk, key_type is key_mixedpsk. If type is set to psk2, key_type is key_psk2. If type is set to psk2sae, key_type is key_psk2sae. If type is set to sae, key_type is key_sae. LR54 User Guide...
  • Page 281 Type quit to disconnect from the device. Edit an existing Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 282 Uses WPA3 Personal mode. All Wi-Fi clients must support WPA3 to be able to authenticate. (config network wifi ap new_AP)> encryption type psk2sae (config network wifi ap new_AP)> 7. (Optional) Determine whether to prevent clients that are connected to this access point from communicating with each other: LR54 User Guide...
  • Page 283 1. Assign the Wi-Fi access point to a LAN interface or to a bridge. See Configure a Local Area Network (LAN) Configure a bridge for more information. The access point must be assigned to an active LAN, or a bridge that is assigned to an active LAN. LR54 User Guide...
  • Page 284: Configure A Wi-Fi Access Point With Enterprise Security

    The amount of time to wait before changing the group key. To configure a Wi-Fi access point with WPA2 enterprise security:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 285 Configure a Wi-Fi access point with enterprise security 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings.
  • Page 286 Allowed values are any number of days, hours, minutes, or seconds, and take the format number{d|h|m|s}. For example, to set Group rekey interval to ten minutes, enter 10m or 600s. LR54 User Guide...
  • Page 287   Command line Configure a new Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 288 The group key is shared by all in clients of the access point, and after a client has disconnected, it will be able to use the group key to decrypt broadcast packets until the key is changed. LR54 User Guide...
  • Page 289 Type quit to disconnect from the device. Edit an existing Access point 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 290 (config)> network wifi ap digi_ap1 encryption port_wpa2 port (config)> 11. (Optional) Change the Wi-Fi radio for the access point: a. Show available radios: (config)> network wifi radio ? Additional Configuration --------------------------------------------------------------------- ---------- wifi1 Wi-Fi1 radio wifi2 Wi-Fi2 radio (config)> LR54 User Guide...
  • Page 291 2. Save the configuration and apply the change: (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 292: Isolate Wi-Fi Clients

    This section provides instructions for both mechanisms. Isolate clients connected to the same access point    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 293: Isolate Clients Connected To Different Access Points

    3. Create firewall filters to prevent traffic between the two firewall zones.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
  • Page 294 Wi-Fi Isolate Wi-Fi clients Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 295 We will use that LAN for the Digi AP (Wi-Fi1) access point, and create a new LAN for the Digi AP (Wi-Fi2) access point. In this step, we create a new LAN for the Digi AP (Wi-Fi2) access point; in the next step, we will remove the Digi AP (Wi-Fi2) access point from the default bridge (and thus from the default LAN).
  • Page 296    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 297 Return to the root config prompt by typing three periods (...): (config network wifi ap new_AP)> ... (config)> b. Add a new firewall zone named LAN2_isolation_zone. We will be creating LAN2 later in the procedure. (config)> add firewall zone LAN2_isolation_zone (config firewall zone LAN2_isolation_zone)> LR54 User Guide...
  • Page 298 Set the label for the filter: (config firewall filter 0)> label "Drop traffic from Internal to LAN2_isolation_zone" (config firewall filter 0> iii. Set the source zone to internal: (config firewall filter 0)> src_zone internal (config firewall filter 0)> LR54 User Guide...
  • Page 299 We will use that LAN for the Digi AP (Wi-Fi1) access point, and create a new LAN for the Digi AP (Wi-Fi2) access point. In this step, we create a new LAN for the Digi AP (Wi-Fi2) access point; in the next step, we will remove the Digi AP (Wi-Fi2) access point from the default bridge (and thus from the default LAN).
  • Page 300: Configure A Wi-Fi Client And Add Client Networks

    The private key in PEM format. (Optional) The private key passphrase. PEAP: Username/password authentication. If PEAP is selected, identify the username and password. SCEP certificates: Simple Certificate Enrollment Protocol (SCEP) certificate management. If SCEP certificates is selected: LR54 User Guide...
  • Page 301 To configure a Wi-Fi client:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 302 If WPA2 Enterprise is selected: Select the Extensible Authentication Protocol (EAP), one of: TLS: Client certificate authentication. If TLS is selected, include: The Username. The CA certificate in PEM format. The Client certificate in PEM format. LR54 User Guide...
  • Page 303 For Long interval, type the number of seconds to wait between scans for access points, when the signal strength from the access point to which the client is currently connected is stronger than the Scan threshold. LR54 User Guide...
  • Page 304    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 305 (config network wifi client new_client)> where value is one of: peap: Username/password authentication. If peap is set: i. Set the username: (config network wifi client new_client)> ssid 0 encryption id_wpa2 username (config network wifi client new_client)> LR54 User Guide...
  • Page 306 Client certificate authentication. If tls is selected: i. Set the username: (config network wifi client new_client)> ssid 0 encryption id_wpa2 username (config network wifi client new_client)> ii. Set the CA certificate by using the ca_cert paramater and pasting the certificte in PEM format: LR54 User Guide...
  • Page 307 If the signal strength from the access point to which the client is currently connected is stronger than the value of bgscan_strength, it will use bgscan_long_ interval to determine how often to scan for available access points. LR54 User Guide...
  • Page 308 Use the appropriate index number to delete the channel. For example, to delete the 2412 frequency: (config network wifi client new_client)> del 0 (config network wifi client new_client)> g. To add a frequency: i. Use the ? with an existing index number to determine the allowed values for frequencies: LR54 User Guide...
  • Page 309: Show Wi-Fi Access Point Status And Statistics

    You can show summary status for all Wi-Fi access points, and detailed status and statistics for individual Wi-Fi access points.    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the main menu, click Status. 3. Under Connections, click Wi-Fi > Access Points. ...
  • Page 310 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 311: Show Wi-Fi Client Status And Statistics

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 312 To show a detailed status and statistics of a Wi-Fi client, use the show wifi client name name command. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 313: Hotspot

    LR54 device, as well as applying bandwidth limits, authenticating users, and other features. The LR54 device's implementation of hotspot uses a "captive portal" page— a web page that is displayed to users when they first connect to the hotspot and requires users to...
  • Page 314: Hotspot Authentication Modes

    Local shared password: Requires each user to enter a password. This password is validated locally on the LR54 device, and the password is the same for all users. The sample HTML page included with your LR54 device for local shared password authentication is password.html.
  • Page 315: Hotspot Dhcp Server

    Hotspot DHCP server Hotspot DHCP server When the hotspot is enabled on the LR54 device, it automatically enables a DHCP server. During hotspot configuration, you assign an IPv4 address to the hotspot, and the DHCP server then uses the subnet of the hotspot's IP address, along with the hotspot's subnet mask, to assign IPv4 addresses to clients that connect to the hotspot.
  • Page 316: Hotspot Configuration

    Hotspot configuration This section provides information about enabling and configuring the default hotspot that is provided with your LR54 installation, as well as creating a new hotspot and configuring the type of authentication mode you select for your hotspot. This section contains the following topics:...
  • Page 317: Enable Hotspot Using The Default Configuration

    Hotspot Hotspot configuration Enable hotspot using the default configuration The default configuration of the LR54 device's hotspot is: Default configuration Hotspot Name: hotspot Disabled Authentication mode: Click-through IP address: 10.1.0.1/24 DHCP server: Automatically enabled DHCP server lease range: 100-250 Bandwidth limits:...
  • Page 318 Edit sample hotspot HTML pages for information.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 319 Click Network > Hotspots > hotspot. b. Click Enable hotspot. 4. Enable the hotspot access points: a. Click Network > Wi-Fi > Access points > Digi Hotspot AP (Wi-Fi1). b. Click Enable. c. Click Digi Hotspot AP (Wi-Fi2). d. Click Enable.
  • Page 320 Hotspot Hotspot configuration 6. Enable the hotspot LAN: a. Click Network > Interface > LAN > LAN hotspot. b. Click Enable. 7. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 321    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 322: Change The Default Hotspot Ssid

    An SSID for the hotspot.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 323    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 324: Change The Default Hotspot Ip Address And Subnet

    Lease range start and end. To change the default hotspot IP address and subnet:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 325    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 326 IP address. (config)> network hotspot hotspot ipv4 address dhcp_server lease_end value (config)> where value is any integer between 1 and 254. The default is 250. 5. Save the configuration and apply the change: (config)> save Configuration saved. > LR54 User Guide...
  • Page 327: Change The Default Hotspot Bandwidth Limits

    Maximum upload speed, in Kbps. To change the default hotspot IP address and subnet:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 328    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 329: Add An Ethernet Port To The Default Hotspot

    Ethernet port to be added to the hotspot. To add an Ethernet port to the default hotspot:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 330    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 331 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 332: Use Policy Routes With Hotspot

    If Local shared password is selected for the authentication mode, include the password. If RADIUS shared password or RADIUS users is selected for the authentication mode, include RADIUS configuration information. If HotspotSystem is selected for the authentication mode, include HotspotSystem configuration information. Hotspot authentication modes for more information about authentication modes. LR54 User Guide...
  • Page 333 Enable verbose logging. To create a new hotspot:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 334 For Add Bridge:, type a name for the bridge and click . c. Add devices to the bridge: i. Click to expand Devices. ii. For Add device, click . iii. Select the Device. iv. Repeat to add additional devices. LR54 User Guide...
  • Page 335 Click-through: Requires each user to accept the terms and conditions. Local shared password: Requires each user to enter a password. This password is validated locally on the LR54 device, and the password is the same for all users. Configure the hotspot to use local shared password authentication for information about configuring hotspot for local shared password authentication.
  • Page 336 HotspotSystem authentication. 11. For Login page source, select either: Local: Uses an HTML page for authentication that is stored locally on the LR54 device's filesystem, in the /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time.
  • Page 337 Repeat to add additional subnets. 17. (Optional) For Maximum download speed, type the maximum download speed in kilobytes per second (Kbps). 18. (Optional) For Maximum upload speed, type the maximum upload speed in kilobytes per second (Kbps). LR54 User Guide...
  • Page 338    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 339 (config network bridge new_hotspot_bridge)> b. Add devices to the bridge: i. Determine available devices: (config network bridge new_hotspot_bridge)> ..interface lan1 device ? Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/device/eth3 /network/device/eth4 /network/device/loopback LR54 User Guide...
  • Page 340 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> ii. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> c. Type ... to return to the config prompt: (config network bridge new_hotspot_bridge)>...
  • Page 341 /network/wireless/ap/digi_hotspot_ap1 /network/wireless/ap/digi_hotspot_ap2 Default value: /network/bridge/lan1 Current value: /network/bridge/lan1 (config network bridge new_hotspot_bridge)> b. Add the appropriate device. For example, to add the Digi AP (Wi-Fi1) Wi-Fi access point: (config network bridge new_hotspot_bridge)> add device end /network/wireless/ap/digi_ap1 (config)> LR54 User Guide...
  • Page 342 Requires each user to accept the terms and conditions. local_shared_password: Requires each user to enter a password. This password is validated locally on the LR54 device, and the password is the same for all users. Configure the hotspot to use local shared password authentication for information about configuring hotspot for local shared password authentication.
  • Page 343 (config network hotspot new_hotspot)> where value is either: local: Uses an HTML page for authentication that is stored locally on the LR54 device's filesystem, in the /etc/config/hotspot directory. Note that the hotspot directory is not visible until hotspot has been enabled for the first time.
  • Page 344 If external servers are used for client authentication, such as a RADIUS server or HotspotSystem, they should be included in the walled garden settings. Add domains that can be accessed by the client prior to authentication: LR54 User Guide...
  • Page 345: Configure The Hotspot To Use Local Shared Password Authentication

    Local shared password authentication requires each user to enter a password. This password is validated locally on the LR54 device, and the password is the same for all users. By default, the router redirects unauthenticated users to the HTML authentication page located on the router at etc/config/hotspot/password.html.
  • Page 346 Hotspot LAN configuration:    Configure hotspot for local shared password authentication from the WebUI 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 347   Configure hotspot for local shared password authentication from the Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 348: Configure The Hotspot To Use Radius Shared Password Authentication

    Hotspot LAN configuration:    Configure hotspot for RADIUS shared password authentication from the WebUI 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 349 6. Click to expand Walled garden. Walled garden settings define the "white list" of domains and subnets that unauthenticated clients are able to access. Include the domain or subnet of the RADIUS server(s) that are being used for authentication. LR54 User Guide...
  • Page 350   Configure hotspot for RADIUS shared password authentication from the Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 351 (config network hotspot new_hotspot)> add walled_garden subnets end value (config network hotspot new_hotspot)> where value is an IPv4 address and optional subnet mask, using the format IPv4_ address[/netmask], or the keyword any. Repeat to add additional IP addresses or subnets. LR54 User Guide...
  • Page 352: Configure The Hotspot To Use Radius Users Authentication

    Hotspot LAN configuration:    Configure hotspot for RADIUS users authentication from the WebUI 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 353 Hotspot Hotspot configuration 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 354    Configure hotspot for RADIUS users authentication from the Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 355 Add domains that can be accessed by the client prior to authentication: (config network hotspot new_hotspot)> add walled_garden domains end domain_name (config network hotspot new_hotspot)> Repeat to add additional domains. Add IP addresses and subnets that can be accessed by the client prior to authentication: LR54 User Guide...
  • Page 356: Configure The Hotspot To Use Hotspotsystem Authentication

    Type quit to disconnect from the device. Configure the hotspot to use HotspotSystem authentication You can configure LR54 hotspot to use HotspotSystem, a cloud hotspot service that supports various free and paid authentication methods, including social media account, SMS, voucher, and PayPal.
  • Page 357 Whitelist for hotspot free social login.    Configure hotspot for HotspotSystem authentication from the WebUI 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 358    Configure hotspot for HotspotSystem authentication from the Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 359 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 360: Show Hotspot Status And Statistics

    Show hotspot status and statistics Show hotspot status and statistics    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click Hotspot. The Hotspot status page is displayed.
  • Page 361    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 362: Customize The Hotspot Login Page

    Customize the hotspot login page Customize the hotspot login page The LR54 device provides three sample HTML webpages for use with the hotspot feature. When hotspot is enabled for the first time, the sample webpages are installed to the /etc/config/hotspot folder on the device's filesystem.
  • Page 363: Edit Sample Hotspot Html Pages

       Web 1. Download the sample HTML file: a. Log into the LR54 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the hotspot directory and click  to open the directory.
  • Page 364: Upload Custom Hotspot Html Pages

    Hotspot Customize the hotspot login page 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 365    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 366: Restore Hotspot Default Sample Pages

    The hotspot directory and files are loaded when the hotspot is enabled, and you can restore the default pages by doing the following: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 367: Hotspot Radius Attributes

    Also, if the RADIUS server requests it, the hotspot will send accounting information back to the RADIUS server. For example, here are some of the RADIUS attributes that the hotspot sends: Acct-Input-Octets Acct-Output-Octets Acct-Session-Time Acct-Input-Packets Acct-Output-Packets Acct-Input-Gigawords Acct-Output-Gigawords LR54 User Guide...
  • Page 368: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) LR54 User Guide...
  • Page 369: Ip Routing

    IP routing IP routing The LR54 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
  • Page 370: Configure A Static Route

    The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 371 7. For Interface, select the interface on the LR54 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 372 Routing IP routing 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 373: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 374    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 375: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the LR54 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 376: Configure A Routing Policy

    To configure a routing policy:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 377 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the LR54 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 378    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 379 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the LR54 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 380 ICMP type and optional code, or set to any to match for any ICMP type. 9. Set the source address type: (config network route policy 0)> src type value (config network route policy 0)> LR54 User Guide...
  • Page 381 Use the ? to determine available interfaces: (config network route policy 0)> src interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan Current value: (config network route policy 0)> src interface LR54 User Guide...
  • Page 382 Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external hotspot internal ipsec loopback setup LR54 User Guide...
  • Page 383 IPv4_address[/netmask], or any to match any IPv4 address. address6: Matches the destination IPv6 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> dst address6 value (config network route policy 0)> LR54 User Guide...
  • Page 384 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 385: Example: Dual Wan Policy-Based Routing

    This example routes traffic to a specific IP address to go through the cellular WWAN interface, while all other traffic uses the Ethernet WAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 386    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 387 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 388: Example: Domain-Based Routing With Dual Wan

    This example routes traffic destined for a specific domain to the WAN Ethernet port, and never through the cellular modem.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 389 Click to expand Destination address. b. For Type, select Domain. c. Click to expand Domains. d. Click the  to add a new domain. e. For Domain, type youtube.com. You can add additional domains by repeating the last two steps. LR54 User Guide...
  • Page 390    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 391 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 392: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 393 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: a. Click Network > Routes > Policy-based routing. b. Click the  to add a new route policy. LR54 User Guide...
  • Page 394 Click the  to add a new packet filtering rule. c. For Label, type Reject LAN traffic to cellular WAN. d. For Action, select Drop. e. For Source zone, select Internal. f. For Destination zone, select CellularWAN. LR54 User Guide...
  • Page 395    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 396 Set the source destination to zone: (config network route policy 0)> dst type zone (config network route policy 0)> ii. Set the zone to CellularWAN: (config network route policy 0)> dst zone CellularWAN (config network route policy 0)> LR54 User Guide...
  • Page 397: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your LR54 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...
  • Page 398: Configure Routing Services

    The Border Gateway Protocol (BGP) service supports BGP-4 ( IS-IS The IPv4 and IPv6 Intermediate System to Intermediate System (IS-IS) service. Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. LR54 User Guide...
  • Page 399 Routing IP routing    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 400    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 401: Show The Routing Table

    Show the routing table To display the routing table:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 402    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 403: Dynamic Dns

    The Domain Name System (DNS) uses name servers to provide a mapping between computer- readable IP addresses and human-readable hostnames. This allows users to access websites and personal networks with easy-to-remember URLs. Unfortunately, IP addresses change frequently, LR54 User Guide...
  • Page 404: Configure Dynamic Dns

    WAN or public IP address changes. Your LR54 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 405 Routing Dynamic DNS    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 406 14. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 407 (config network ddns new_ddns_instance)> interface wan1 (config network ddns new_ddns_instance)> 5. Set the Dynamic DNS provider service: a. Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org LR54 User Guide...
  • Page 408 For example, to set check_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> check_interval 600s (config network ddns new_ddns_instance)> The default is 10m. 11. (Optional) Set the amount of time to wait to force an update of the interface's IP address: LR54 User Guide...
  • Page 409: Virtual Router Redundancy Protocol (Vrrp)

    Multiple LR54 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the...
  • Page 410: Vrrp

    VRRP priorty of devices based on the status of their network connectivity.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 411 If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority. If this device's actual IP address is being used as the virtual IP address of the VRRP pool, then the priority of this device LR54 User Guide...
  • Page 412    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 413 (config network vrrp VRRP_test)> Additional virtual IP addresses can be added by repeating this step with different values for ip_ address. 10. Save the configuration and apply the change: (config network vrrp new_vrrp_instance)> save Configuration saved. > LR54 User Guide...
  • Page 414: Configure Vrrp

    SureLink tests.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 415 7. Add interfaces to monitor: a. Click to expand Monitor interfaces. b. Click  to add an interface for monitoring. c. For Interface, select the local interface to monitor. Generally, this will be a cellular or WAN LR54 User Guide...
  • Page 416 Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: i. Click to expand DHCP Server > Advanced settings. ii. For Gateway, select Custom. LR54 User Guide...
  • Page 417    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 418 80, then weight should be set to an amount greater than 20 so that if SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. LR54 User Guide...
  • Page 419 LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. (config)> show network vrrp VRRP_test interface /network/interface/lan1 (config)> ii. Enable SureLink on the interface: (config)> network interface lan1 ipv4 surelink enable true (config)> LR54 User Guide...
  • Page 420 (config network interface lan1 ipv4 surelinktarget 0)> dns_configured: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. http: Tests connectivity by sending an HTTP or HTTPS GET request to the specified URL. LR54 User Guide...
  • Page 421 600s: (config network interface lan1 ipv4 surelink target 0)> interface_timeout 600s (config network interface lan1 ipv4 surelink target 0)> The default is 60 seconds. 9. Save the configuration and apply the change: (config)> save Configuration saved. > LR54 User Guide...
  • Page 422: Example: Vrrp/Vrrp+ Configuration

    Configure device one (master device)    Web Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 423 7. For Router ID, leave at the default setting of 50. 8. For Priority, leave at the default setting of 100. 9. Click to expand Virtual IP addresses. 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. LR54 User Guide...
  • Page 424 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. 7. Click Apply to save the configuration and apply the change.    Command line LR54 User Guide...
  • Page 425 Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 426: Configure Device Two (Backup Device)

    > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure device two (backup device)    Web LR54 User Guide...
  • Page 427 Routing Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 428 1. Click Network > Interfaces > LAN1 > IPv4 2. For Address, type 192.168.3.2/24. 3. For Default gateway, type the IP address of the VRRP interface on the master device, configured above in Task 3, step 2 (192.168.3.1). LR54 User Guide...
  • Page 429   Command line Task 1: Configure VRRP on device two 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 430 4. Set the amount that the device's priority should be decreased or increased due to SureLink connectivity failure or success to 30: (config network vrrp VRRP_test )> network vrrp VRRP_test vrrp_plus weight (config network vrrp VRRP_test )> LR54 User Guide...
  • Page 431 (config network interface lan1 ipv4 surelink target 0)> ... (config)> 2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 200: (config)> network interface lan1 ipv4 dhcp_server lease_start 200 (config)> LR54 User Guide...
  • Page 432: Show Vrrp Status And Statistics

    This section describes how to display VRRP status and statistics for a LR54 device. VRRP status is available from the Web UI only.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 433    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 434 Virtual IP address(es) : 10.10.10.1, 100.100.100.1 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > LR54 User Guide...
  • Page 435: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) L2TP L2TPv3 Ethernet NEMO LR54 User Guide...
  • Page 436: Ipsec

    Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The LR54 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.
  • Page 437: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the LR54 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 438 Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. LR54 User Guide...
  • Page 439    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 440 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. LR54 User Guide...
  • Page 441 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. LR54 User Guide...
  • Page 442 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the LR54 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 443 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. LR54 User Guide...
  • Page 444 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. LR54 User Guide...
  • Page 445 For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. LR54 User Guide...
  • Page 446 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. LR54 User Guide...
  • Page 447 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 448    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 449 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> LR54 User Guide...
  • Page 450 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> LR54 User Guide...
  • Page 451 These must include all peer certificates in the chain up to the root CA certificate, in PEM format. (config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_ chain (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: LR54 User Guide...
  • Page 452 (config vpn ipsec tunnel ipsec_example)> local id type raw_id id (config vpn ipsec tunnel ipsec_example)> any: Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. LR54 User Guide...
  • Page 453 IPv4 address of the IPsec peer. If your device is not configured to initiate the IPsec connection (see initiate), you can also use the keyword any, which means that the hostname is dynamic or unknown. Repeat for additional hostnames. LR54 User Guide...
  • Page 454 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id type ipv6_id (config vpn ipsec tunnel ipsec_example)> LR54 User Guide...
  • Page 455 (config vpn ipsec tunnel ipsec_example)> where value is one of: if_supported: Send oversized IKE messages in fragments, if the peer supports receiving them. always: Always send IKEv1 messages in fragments. For IKEv2, this option is equivalent to if supported. LR54 User Guide...
  • Page 456 For example, to set lifetime_margin to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s (config vpn ipsec tunnel ipsec_example)> LR54 User Guide...
  • Page 457 The default is modp2048. v. (Optional) Add additional phase 1 proposals: i. Move back one level in the schema: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> (config vpn ipsec tunnel ipsec_example ike phase1_proposal)> ii. Add an additional proposal: LR54 User Guide...
  • Page 458 Use the ? to determine available Diffie-Hellman group types: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group ? curve25519 curve448 ecp192 ecp224 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ii. Set the Diffie-Hellman group type: LR54 User Guide...
  • Page 459 Set the number of seconds to wait for a response from a dead peer packet before assuming the tunnel has failed. The default is 90. (config)> vpn ipsec tunnel ipsec_example dpd timeout value (config)> 17. (Optional) Create a list of destination networks that require source NAT: LR54 User Guide...
  • Page 460 Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: defaultip defaultlinklocal lan1 lan_hotspot loopback wan1 wwan Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local address LR54 User Guide...
  • Page 461 Set the port matching criteria for the local traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> local port value (config vpn ipsec tunnel ipsec_example policy 0)> where value is the port number, a range of port numbers, or the keyword any. LR54 User Guide...
  • Page 462 (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol_other int (config vpn ipsec tunnel ipsec_example policy 0)> Allowed values are an integer between 1 and 255. 19. (Optional) You can also configure various IPsec related time out, keep alive, and related values: LR54 User Guide...
  • Page 463 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 464: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the LR54 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 465 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line LR54 User Guide...
  • Page 466 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation LR54 User Guide...
  • Page 467: Configure Surelink Active Recovery For Ipsec

    To configure the LR54 device to regularly probe the IPsec connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 468 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 469 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . LR54 User Guide...
  • Page 470 14. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 471 (config vpn ipsec tunnel ipsec_example)> surelink interval 600s (config vpn ipsec tunnel ipsec_example)> The default is 15 minutes. 8. Determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets: LR54 User Guide...
  • Page 472 (config vpn ipsec tunnel ipsec_example surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config vpn ipsec tunnel ipsec_example surelink target 0)> ping_size [num] (config vpn ipsec tunnel ipsec_example surelink target 0)> LR54 User Guide...
  • Page 473 (config vpn ipsec tunnel ipsec_example surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: LR54 User Guide...
  • Page 474 IP version. (config vpn ipsec tunnel ipsec_example surelink target 0)> other_ip_version value (config vpn ipsec tunnel ipsec_example surelink target 0)> where value is one of: any, both, ipv4, or ipv6. Set the expected status of the alternate interface: LR54 User Guide...
  • Page 475: Show Ipsec Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 476: Debug An Ipsec Configuration

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 477    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 478: Configure A Simple Certificate Enrollment Protocol Client

    The number of days that the certificate enrollment can be renewed, prior to the request expiring.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 479 For example, to set Maximum Polling Time to ten minutes, enter 10m or 600s. The default is 1d. 7. For Polling Interval, type the amount of time that the device should wait between polling attempts, when operating in manual mode. LR54 User Guide...
  • Page 480 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the LR54 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 481    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 482 Set the Domain Component: (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: LR54 User Guide...
  • Page 483 The default is url. c. If type is set to url, set the URL that should be used: (config network scep_client scep_client_name)> crl url value (config network scep_client scep_client_name)> 11. Configure certificate renewal: LR54 User Guide...
  • Page 484 15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the LR54 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 485: Example: Scep Client Configuration With Fortinet Scep Server

    Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the LR54 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 486 LR54 configuration On the LR54 device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 487 Fortinet server. 7. (Optional) Click Debug to enable verbose logging in /var/log/scep_client. 8. Click to expand SCEP server. 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. LR54 User Guide...
  • Page 488 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 489    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 490: Show Scep Client Status And Information

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. LR54 User Guide...
  • Page 491    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 492 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 493: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The LR54 device supports two types of OpenVPN topology:...
  • Page 494: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The LR54 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 495 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 496 7. (Optional) Set the VPN port that the OpenVPN server will use. The default is 1194. 8. For Server managed certificates, determine the method of certificate management. If enabled, the server will manage certificates. If not enabled, certificates must be created externally and added to the server. LR54 User Guide...
  • Page 497 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 498    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 499 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. LR54 User Guide...
  • Page 500 OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: LR54 User Guide...
  • Page 501 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 502 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to include additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. LR54 User Guide...
  • Page 503: Configure An Openvpn Authentication Group And User

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 504 For Add Group, type a name for the group (for example, OpenVPN_Group) and click . The new authentication group configuration is displayed. c. Click OpenVPN access to enable OpenVPN access rights for users of this group. d. Click to expand the OpenVPN node. LR54 User Guide...
  • Page 505 RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. d. Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. LR54 User Guide...
  • Page 506 Virtual Private Networks (VPN) OpenVPN 5. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 507    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 508: Configure An Openvpn Client By Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 509    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 510 (config vpn openvpn client name)> password value (config vpn openvpn client name)> 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> LR54 User Guide...
  • Page 511: Configure An Openvpn Client Without Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 512 On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click VPN > OpenVPN > Clients. 4. For Add, type a name for the OpenVPN client and click . The new OpenVPN client configuration is displayed. LR54 User Guide...
  • Page 513 15. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 514 (config vpn openvpn client name)> To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Format: dynamic_routes edge external hotspot internal ipsec loopback setup Current value: LR54 User Guide...
  • Page 515 (config vpn openvpn client name)> private_key value (config vpn openvpn client name)> 14. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn client name)> advanced_options enable true (config vpn openvpn client name)> LR54 User Guide...
  • Page 516: Configure Surelink Active Recovery For Openvpn

    To configure the LR54 device to regularly probe the OpenVPN connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 517 Virtual Private Networks (VPN) OpenVPN 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 518 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . LR54 User Guide...
  • Page 519 14. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 520 (config vpn openvpn client openvpn_client1)> surelink interval 600s (config vpn openvpn client openvpn_client1)> The default is 15 minutes. 8. Determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets: LR54 User Guide...
  • Page 521 Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. Specify the hostname or IP address: (config vpn openvpn client openvpn_client1 surelink target 0)> ping_host host (config vpn openvpn client openvpn_client1 surelink target 0)> LR54 User Guide...
  • Page 522 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1 surelink target 0)> interface_down_time 600s (config vpn openvpn client openvpn_client1 surelink target 0)> The default is 60 seconds. LR54 User Guide...
  • Page 523 Use the ? to determine available interfaces: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/lan1 /network/interface/lan_hotspot /network/interface/loopback /network/interface/wan1 /network/interface/wwan Current value: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface LR54 User Guide...
  • Page 524: Show Openvpn Server Status And Statistics

    You can view status and statistics for OpenVPN servers from either the web interface or the command line:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears. LR54 User Guide...
  • Page 525: Show Openvpn Client Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 526    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 527: Generic Routing Encapsulation (Gre)

    Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 528    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 529 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 530    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 531 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 532: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 533: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The LR54 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 534 Configure the LR54-1 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 535 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the LR54-2 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 536    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 537 Generic Routing Encapsulation (GRE) (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change: (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > LR54 User Guide...
  • Page 538 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 539 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). LR54 User Guide...
  • Page 540 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on LR54-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 541 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 542 Configure the LR54-2 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 543 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the LR54-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 544    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 545 Task two: Create an IPsec endpoint interface    Web 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. LR54 User Guide...
  • Page 546 5. Set the IPv4 address to the IP address of the local GRE tunnel, 172.30.0.2/32: (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > Task three: Create a GRE tunnel    Web LR54 User Guide...
  • Page 547 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on LR54-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 548 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> LR54 User Guide...
  • Page 549: L2Tp

    Your LR54 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your LR54 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
  • Page 550 Optional configuration data in the format of a pppd options file.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 551 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 552 None: No authentication is required. Automatic: The device will attempt to connect using CHAP first, and then PAP. CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. LR54 User Guide...
  • Page 553    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 554 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add vpn l2tp acl interface end value (config)>...
  • Page 555 LACs are enabled by default. To disable: (config vpn l2tp lac lac_tunnel)> enable false (config vpn l2tp lac lac_tunnel)> b. Set the hostname or IP address of the L2TP network server: (config vpn l2tp lac lac_tunnel)> lns hostname (config vpn l2tp lac lac_tunnel)> LR54 User Guide...
  • Page 556 Format: dynamic_routes edge external hotspot internal ipsec loopback setup Current value: (config vpn l2tp lac lac_tunnel)> ii. Set the zone: (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> LR54 User Guide...
  • Page 557 The keyword any, which means that the server will accept connections from any IP address. c. Set the IP address of the L2TP virtual network interface: (config vpn l2tp lns lns_server)> local_address IP_address (config vpn l2tp lns lns_server)> LR54 User Guide...
  • Page 558 (config vpn l2tp lns lns_server)> zone ? Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external hotspot internal LR54 User Guide...
  • Page 559: Configure Surelink Active Recovery For Ppp-Over-L2Tp

    Type quit to disconnect from the device. Configure SureLink active recovery for PPP-over-L2TP You can configure the LR54 device to regularly probe PPP-over-L2TP access concatenators to determine if the connection has failed and take remedial action. Required configuration items A valid PPP-over-L2TP configuration.
  • Page 560 To configure the LR54 device to regularly probe the PPP-over-L2TP connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 561 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. LR54 User Guide...
  • Page 562 For example, to set Initial connection time to ten minutes, enter 10m or 600s. The default is 60 seconds. 14. Click Apply to save the configuration and apply the change.    Command line LR54 User Guide...
  • Page 563 Virtual Private Networks (VPN) L2TP 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 564 IP address. Specify the hostname or IP address: (config vpn l2tp lac lac_tunnel surelink target 0)> ping_host host (config vpn l2tp lac lac_tunnel surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: LR54 User Guide...
  • Page 565 (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: (config vpn l2tp lac lac_tunnel surelink target 0)> interface_timeout value (config vpn l2tp lac lac_tunnel surelink target 0)> LR54 User Guide...
  • Page 566 Set the alternate interface's IP version. This allows you to determine the alternate interface's status for a particular IP version. (config vpn l2tp lac lac_tunnel surelink target 0)> other_ ip_version value (config vpn l2tp lac lac_tunnel surelink target 0)> LR54 User Guide...
  • Page 567: L2Tp With Ipsec

    This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic (typically UDP port 1701). While multiple L2TP clients are supported on the LR54 by configuring a separate LNS for each client, multiple clients behind a Network Address Translation (NAT) device are not supported, because they will all appear to have the same IP address.
  • Page 568 Show the status of L2TP access connectors from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 569: L2Tpv3 Ethernet

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Ethernet Your LR54 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your LR54 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
  • Page 570 Virtual Private Networks (VPN) L2TPv3 Ethernet    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 571    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 572 (config vpn l2tpeth L2TPv3_example)> where value is either udp or ip. The default is upd. If udp is set: a. Set the source UDP port to be used for the tunnel: (config vpn l2tpeth L2TPv3_example)> udp_source_port port (config vpn l2tpeth L2TPv3_example)> LR54 User Guide...
  • Page 573 The default is default. 15. Set the sequence number control to prevent or detect out of order packets. (config vpn l2tpeth L2TPv3_example session_example)> seq value (config vpn l2tpeth L2TPv3_example session_example)> where value is one of: LR54 User Guide...
  • Page 574: Show L2Tpv3 Tunnel Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 575: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the LR54 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 576 If the local network is set to Interface, identify the local interface to be used.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 577 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the LR54 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 578    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 579 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the LR54 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 580 Use the ? to determine available interfaces: (config vpn nemo nemo_example)> tun_local interface ? Interface: The network interface to use to communicate with the peer. Set this field to blank if using the default route. Format: defaultip defaultlinklocal lan1 lan_hotspot loopback wan1 wwan LR54 User Guide...
  • Page 581: Show Nemo Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 582 ---------- lan1 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 583 Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service LR54 User Guide...
  • Page 584: Allow Remote Access For Web Administration And Ssh

    Add the External firewall zone to the web administration service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 585    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 586 Services Allow remote access for web administration and SSH    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 587 Services Allow remote access for web administration and SSH 5. Select External. 6. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 588: Configure The Web Administration Service

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 589 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 590 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 591 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 592 9. Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. To disable legacy port redirection, click to expand Legacy port redirection and deselect Enable. LR54 User Guide...
  • Page 593    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 594 4. (Optional) If you have your own signed SSL certificate, if you have your own signed SSL certificate, set the certificate and private key by pasting their contents into the service web_ admin cert command. Enclose the certificate and private key contents in quotes ("). LR54 User Guide...
  • Page 595 Enclose the contents of certificate.pem and key.pem in quotes. For example: (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ LR54 User Guide...
  • Page 596 6. (Optional) Set the port number for this service. The default setting of 443 normally should not be changed. (config)> service web_admin port 444 (config)> 7. (Optional) Set the minimum TLS version that can be used by client to negotiate the HTTPS session: LR54 User Guide...
  • Page 597 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 598: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 599    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 600 Services Configure SSH access 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 601 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 602    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 603 Repeat this step to include additional firewall zones. 4. (Optional) Set the private key in PEM format. If not set, the device will use an automatically- generated key. (config)> service ssh key key.pem (config)> 5. (Optional) Configure Multicast DNS (mDNS) LR54 User Guide...
  • Page 604 OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1" (config)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > LR54 User Guide...
  • Page 605 Services Configure SSH access 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 606: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 607 These instructions assume an existing user named temp_user. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 608 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 609: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 610 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 611 Services Configure telnet access a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 612    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 613 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service telnet acl interface end value (config)>...
  • Page 614: Configure Dns

    Type quit to disconnect from the device. Configure DNS The LR54 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 615 192.168.210.1 IP address. To configure the DNS server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 616 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 617    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 618 Services Configure DNS To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service dns acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 619 (config service dns server 0)> c. To restrict the device's use of this DNS server based on the domain, use the domain command. If no domain are listed, then all queries may be sent to this server. LR54 User Guide...
  • Page 620: Show Dns Server

      Command line Show DNS information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 621 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 622: Simple Network Management Protocol (Snmp)

    By default, the LR54 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a LR54 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 623 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. LR54 User Guide...
  • Page 624    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 625 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service snmp acl interface end value (config)>...
  • Page 626 9. (Optional) Set the authentication type. Allowed values are MD5 or SHA. The default is MD5. (config)> service snmp auth_type SHA (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. LR54 User Guide...
  • Page 627: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the LR54 device.
  • Page 628 Services Simple Network Management Protocol (SNMP) The SNMP page is displayed. 4. Click Download. LR54 User Guide...
  • Page 629: Location Information

    Location messages forwarded to the device from other location-enabled devices. You can also configure your LR54 device to forward location messages, either from the LR54 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
  • Page 630: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 631    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 632: Configure The Device To Use A User-Defined Static Location

    You can configured your LR54 device to use a user-defined static location.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 633    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 634: Configure The Device To Accept Location Messages From External Sources

    You can configure the LR54 device to accept NMEA and TAIP messages from external sources. For example, location-enabled devices connected to the LR54 device can forward their location information to the device, and then the LR54 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the LR54 device to forward location messages.
  • Page 635 To configure the device to accept location messages from external sources:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 636    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 637 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service location source 1 acl interface end value (config)>...
  • Page 638 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external hotspot internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. LR54 User Guide...
  • Page 639: Forward Location Information To A Remote Host

    Configure the LR54 device to forward location information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 640 For Add NMEA filter or Add TAIP filter, click . b. Select the filter type. Allowed values are: GGA: Reports time, position, and fix related data. GLL: Reports position data: position fix, time of position fix, and status. GSA: Reports GPS DOP and active satellites. LR54 User Guide...
  • Page 641 13. (Optional) For Prepend text, enter text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the LR54 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 642 Services Location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 643 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the LR54 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 644 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. LR54 User Guide...
  • Page 645 13. Save the configuration and apply the change: (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 646: Configure Geofencing

    Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 647 Services Location information 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 648 For Longitude, any integer between -180 and 180, with up to six decimal places. d. Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: LR54 User Guide...
  • Page 649 If the script begins with #!, then the proceeding file path will be used to invoke the script interpreter. If not, then the default shell will be used. iii. Enable Log script output to log the output of the script to the system log. LR54 User Guide...
  • Page 650 If not, then the default shell will be used. iii. Enable Log script output to log the output of the script to the system log. iv. Enable Log script errors to log errors from the script to the system log. LR54 User Guide...
  • Page 651    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 652 (config service location geofence test_geofence coordinates 0)> latitude int (config service location geofence test_geofence coordinates 0)> longitude int (config service location geofence test_geofence coordinates 0)> where int is: For latitude, any integer between -90 and 90, with up to six decimal places. LR54 User Guide...
  • Page 653 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 654 3, the actions will not be performed until the device has been inside the geofence for three minutes. c. Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> LR54 User Guide...
  • Page 655 (Optional) Set the maximum amount of system memory that will be available for the script and it spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory value (config service location geofence test_geofence on_entry action 0)> LR54 User Guide...
  • Page 656 Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> ii. Add the action: (config)> add service location geofence test_geofence on_exit action end LR54 User Guide...
  • Page 657 0)> max_memory value (config service location geofence test_geofence on_exit action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: LR54 User Guide...
  • Page 658: Show Location Information

      Command line Show location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 659: Modbus Gateway

    Type quit to disconnect from the device. Show geofence information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 660: Configure The Modbus Gateway

    The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. LR54 User Guide...
  • Page 661 Whether packets should have their Modbus address adjusted downward before to delivery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 662 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the LR54 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 663 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 664 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the LR54 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 665 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 666    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 667 (config service modbus_gateway server test_modbus_server)> where value is either rtu or raw. The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> LR54 User Guide...
  • Page 668 (config service modbus_gateway server test_modbus_ server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. LR54 User Guide...
  • Page 669 (config service modbus_gateway client test_modbus_client)> where type is either socket or serial. The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> LR54 User Guide...
  • Page 670 600s (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> LR54 User Guide...
  • Page 671 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: LR54 User Guide...
  • Page 672 (config service modbus_gateway client test_modbus_client)> filter 1 50-100 (config service modbus_gateway client test_modbus_client)> g. If request messages handled by this client should always be forwarded to a specific device, , use fixed_server_address to set the device's Modbus address: LR54 User Guide...
  • Page 673: Show Modbus Gateway Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line.    Web LR54 User Guide...
  • Page 674    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 675 Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_socket_21 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses LR54 User Guide...
  • Page 676 Modbus gateway RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 677: System Time

    Additional Configuration Options Additional upstream NTP servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 678 4. (Optional) For Timezone, select either UTC or select the location nearest to your current location to set the timezone for your LR54 device. The default is UTC. 5. (Optional) Add upstream NTP servers that the device will use to synchronize its time. The default setting is time.devicecloud.com.
  • Page 679 Services System time 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 680    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 681: Manually Set The System Date And Time

    Services Network Time Protocol 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 682: Configure The Device As An Ntp Server

    The time zone setting, if the default setting of UTC is not appropriate. To configure the LR54 device's NTP service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 683 3. Click Services > NTP. 4. Enable the LR54 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the LR54 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 684    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 685 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the LR54 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 686 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service ntp acl interface end value (config)>...
  • Page 687: Show Status And Statistics Of The Ntp Server

    By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the LR54 device can use the NTP service. 7. (Optional) Set the timezone for the location of your LR54 device. The default is UTC. (config)> system time timezone value (config)>...
  • Page 688: Configure A Multicast Route

    To configure a multicast route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 689 9. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 690 Set the interface. For example: (config service multicast test)> src_interface /network/interface/wan1 (config service multicast test)> 7. Set a destination interface that the LR54 device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
  • Page 691 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 692: Ethernet Network Bonding

    Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 693 Round-robin: Alternates between bonded devices to provide load balancing as well as fault tolerance. 6. Click to expand Devices. 7. Add Ethernet devices: a. For Add device, click . b. For Device, select an Ethernet device to participate in the bond pool. LR54 User Guide...
  • Page 694 For example, if ETH1 and ETH2 were added to the Ethernet bond, disable the WAN1 and LAN1 interfaces: In some cases, the device may be a part of a bridge, in which case you should remove the device from the bridge. LR54 User Guide...
  • Page 695    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 696 8. Disable any other interfaces associated with the devices that were added to the Ethernet bond. For example, if ETH1 and ETH2 were added to the Ethernet bond, and they are included with the WAN1 and LAN1 interfaces: LR54 User Guide...
  • Page 697: Enable Service Discovery (Mdns)

    You can enable the LR54 device to use mDNS.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 698 Services Enable service discovery (mDNS) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 699    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 700 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service mdns acl interface end value (config)>...
  • Page 701: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your LR54 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 702 Services Use the iPerf service When the iPerf server is enabled, the LR54 device will automatically configure its firewall rules to allow incoming connections on the configured listening port. You can restrict access by configuring the access control list for the iPerf server.
  • Page 703 Use the iPerf service To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 704    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 705 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service iperf acl interface end value (config)>...
  • Page 706: Example Performance Test Using Iperf3

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip LR54 User Guide...
  • Page 707: Configure The Ping Responder Service

    IP address, interfaces, and/or zones. To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 708 No limit to IPv6 addresses that can access the ping responder. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: a. Click Interfaces.
  • Page 709    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 710 Services Configure the ping responder service To limit access to hosts connected through a specified interface on the LR54 device: (config)> add service iperf acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 711: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the LR54 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 712 Applications The LR54 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
  • Page 713: Develop Python Applications

    Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. Create and test a Python application. In addition to the standard Python library, the LR54 includes a set of extensions to access its configuration and interfaces. See Python modules.
  • Page 714: Set Up The Lr54 For Python Development

    Set up the LR54 for Python development 1. Access the LR54 local web interface a. Use an Ethernet cable to connect the LR54 to your local laptop or PC.  The factory default IP address is 192.168.2.1 b. Log into the LR54 WebUI as a user with full admin access rights.
  • Page 715 Applications Develop Python applications Develop an application in PyCharm PyCharm allows you to write, build and run Python applications for Digi devices in a quick and easy way.  This is what you can do with it: Create Python projects from scratch or import one of the available examples.
  • Page 716: Python Modules

    Develop Python applications Python modules The LR54 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your LR54: The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces.
  • Page 717 Digidevice module section. Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: LR54 User Guide...
  • Page 718 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 719 Get help executing a CLI command from Python by accessing help for cli.execute: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 720 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 721 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 722 Read the device configuration 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 723 Use the set() and commit() methods to modify the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 724 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 725 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your LR54 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 726 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
  • Page 727 This can be done from either the WebUI or the command line:    Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. LR54 User Guide...
  • Page 728 Applications Develop Python applications ii. Access the device configuration: Remote Manager: i. Locate your device as described in Use Digi Remote Manager to view and manage your device. ii. Click the Device ID. iii. Click Settings. iv. Click to expand Config.
  • Page 729 Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 730 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 731 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi LR54 Serial Number : LR54-000068 Hostname : LR54 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 22.8.33.50...
  • Page 732 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 733 Use the keys() and get() methods to read the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 734 Use the set() method to modify the runtime database: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 735 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 736 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 737 Upload a custom name 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 738 Determine if the device's location 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 739 You can update this snapsot: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 740 You can update this snapsot 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 741 Get help for the digidevice location module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 742 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 743 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the LR54 device. With this submodule, you can:...
  • Page 744 The following example uses an interactive Python session to set the state of all LEDs to flashing: 1. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux LR54 User Guide...
  • Page 745: The Use(Led) Function

    You can create Python scripts that send and receive SMS message in tandem with the Digi Remote Manager or Digi aView by using the digidevice.sms module. To use a script to send or receive SMS messages, you must also enable the ability to schedule SMS scripting.
  • Page 746 Releasing the LEDs to system control Enable the ability to schedule SMS scripting    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 747    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 748 For example, to determine information about a USB-connected keyboard: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 749 Get help for the hid module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 750 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to access serial ports You can use the Python serial module to access serial ports on your LR54 device that are configured to be in Application mode. See...
  • Page 751 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your LR54 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 752 MQTT server") client.subscribe(PREFIX_CMD + "/system") def on_message(client, userdata, msg): """ Supporting only a single topic for now, no need for filters Expects the following message format: "cid": "<client-id>", "cmd": "<command>", "params": { <optional_parameters> LR54 User Guide...
  • Page 753 + "/leases", json.dumps(leases, separators=(',',':'))) except: print("Failed to open DHCP leases file") def publish_system(): avg1, avg5, avg15 = runt.get("system.load_avg").split(', ') ram_used = runt.get("system.ram.per") disk_opt = runt.get("system.disk./opt.per") disk_config = runt.get("system.disk./etc/config.per") msg = json.dumps({ "load_avg": { "1min": avg1, "5min": avg5, "15min": avg15 LR54 User Guide...
  • Page 754: Set Up The Lr54 To Automatically Run Your Applications

    Applications Set up the LR54 to automatically run your applications "disk_usage": { "/opt": disk_opt, "/etc/config:": disk_config, "ram": ram_used client.publish(PREFIX_EVENT + "/system", json.dumps(msg)) runt.start() serial = runt.get("system.serial") PREFIX = "router/" + serial PREFIX_EVENT = "event/" + PREFIX PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/"...
  • Page 755 Task one: Upload the application    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 3. Highlight the scripts directory and click  to open the directory.
  • Page 756    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 757 Applications Set up the LR54 to automatically run your applications 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 758 Applications Set up the LR54 to automatically run your applications Custom scripts are enabled by default. To disable, toggle off Enable to toggle off. 5. (Optional) For Label, provide a label for the script. 6. For Run mode, select the mode that will be used to run the script. Available options are: On boot: The script will run once each time the device boots.
  • Page 759    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 760 Applications Set up the LR54 to automatically run your applications boot: The script will run once each time the device boots. If boot is selected, set the action that will be taken when the script completes: (config system schedule script 0)> exit_action action (config system schedule script 0)>...
  • Page 761 Applications Set up the LR54 to automatically run your applications (config system schedule script 0)> commands python "/etc/config/scripts/test.py" (config system schedule script 0)> If the script begins with #!, then the script will be invoked in the location specified by the path for the script command.
  • Page 762: Show Script Information

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 763    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 764: Start An Interactive Python Session

    1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 765 LR54 device. local-path is the location on the LR54 device where the copied file will be placed. LR54 User Guide...
  • Page 766: Configure Scripts To Run Manually

    You can also create scripts by using the vi command when logged in with shell access. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 767    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 768: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 769 Click to enable Log script output to log the script's output to the system log. b. Click to enable Log script errors to log script errors to the system log. If neither option is selected, only the script's exit code is written to the system log. LR54 User Guide...
  • Page 770    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 771 Make a change to the script. Disable once. 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. (config system schedule script 0)> sandbox true (config system schedule script 0)> LR54 User Guide...
  • Page 772: Start A Manual Script

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 773 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 774: User Authentication

    User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for LR54 users Example user configuration LR54 User Guide...
  • Page 775: Lr54 User Authentication

    User authentication LR54 user authentication LR54 user authentication User authentication on the LR54 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 776 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. LR54 User Guide...
  • Page 777: Add A New Authentication Method

    The types of authentication method to be used: To add an authentication method:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 778 This procedure describes how to add methods to various places in the list. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 779: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 780    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 781: Rearrange The Position Of Authentication Methods

    For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 782    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 783: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the LR54 device by using the serial console. Preconfigured authentication groups The LR54 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.
  • Page 784 User authentication Authentication groups This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group LR54 User Guide...
  • Page 785: Change The Access Rights For A Predefined Group

    By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 786    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 787: Add An Authentication Group

    User authentication Authentication groups full: provides users of this group with the ability to manage the LR54 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 788 User authentication Authentication groups 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 789 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the LR54 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 790    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 791 7. (Optional) Enable users that belong to this group to access the Bluetooth scanning service: (config)> auth group test acl bluetooth_scanner enable true (config)> 8. (Optional) Enable users that belong to this group to access the Wi-Fi scanning service: (config)> auth group group test acl wifi_scanner enable true (config)> LR54 User Guide...
  • Page 792: Delete An Authentication Group

    To delete an authentication group that you have created:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 793    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 794: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each LR54 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
  • Page 795: Change A Local User's Password

    Change a local user's password To change a user's password:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 796 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 797: Configure A Local User

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 798 One-time use eight-digit emergency scratch codes. To configure a local user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 799 For Lockout duration, type the amount of time that the user is locked out after the number of unsuccessful login attempts defined in Lockout tries. Allowed values are any number of minutes, or seconds, and take the format number{m|s}. LR54 User Guide...
  • Page 800 Generate a Secret key: i. Click ... next to the field label and select Generate secret key. ii. Copy the secret key for use with an application or mobile device to generate passcodes. LR54 User Guide...
  • Page 801    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 802 Add a group to the user. For example, to add the admin group to the user: (config auth user new_user> add group end admin (config auth user new_user)> Note Every user must be configured with at least one group. LR54 User Guide...
  • Page 803 Configure the verification type. Allowed values are: totp: Time-based One-Time Password (TOTP) authentication uses the current time to generate a one-time password. hotp: HMAC-based One-Time Password (HOTP) uses a counter to validate a one- time password. LR54 User Guide...
  • Page 804 (config auth user new_user 2fa)> i. Configure the login limit period. This is the amount of time that the user is allowed to attempt to log in. (config auth user new_user 2fa)> login_limit_period value (config auth user new_user 2fa)> LR54 User Guide...
  • Page 805: Delete A Local User

    Delete a local user To delete a user from your LR54:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 806 The Configuration window is displayed. 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 807    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 808: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the LR54 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
  • Page 809: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your LR54. Alternatively, if the user is also configured as a local user on the LR54 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
  • Page 810: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your LR54 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 811 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 812 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the LR54 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 813    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 814 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 815: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the LR54 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.
  • Page 816: Radius User Configuration

    LR54. Alternatively, if the user is also configured as a local user on the LR54 device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See Authentication groups more information about authentication groups.
  • Page 817: Configure Your Lr54 Device To Use A Radius Server

    60 seconds. Enable additional debug messages from the RADIUS client.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 818 (Optional) Click  again to add additional RADIUS servers. 5. (Optional) Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails. Other authentication methods will only be used if the RADIUS server is unavailable. LR54 User Guide...
  • Page 819    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 820 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the LR54 device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 821: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the LR54 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
  • Page 822: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your LR54 device.
  • Page 823: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your LR54 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 824 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 825 11. For Login attribute, enter the user attribute containing the login of the authenticated user. For example, in the LDAP user configuration, the login attribute is uid. If this attribute is not set, the user will be denied access. LR54 User Guide...
  • Page 826    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 827 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of LR54 authentication groups that the authenticated user has access to. See...
  • Page 828: Configure Serial Authentication

    15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure serial authentication This section describes how to configure authentication for serial access.    Web LR54 User Guide...
  • Page 829 User authentication Configure serial authentication 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 830    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 831: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 832: Set The Idle Timeout For Lr54 Users

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 833 User authentication Set the idle timeout for LR54 users 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 834    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 835: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 836    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 837 (config auth user adminuser)> password pwd (config auth user adminuser)> 7. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> 8. Save the configuration and apply the change: LR54 User Guide...
  • Page 838: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the LR54 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 839 The authentication group on the LR54 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
  • Page 840 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 841 1. Configure a user on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: $ sudo gedit /etc/freeradius/3.0/users b. Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" LR54 User Guide...
  • Page 842 Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 843 Assign a password to the user: (config auth user adminuser)> password password1 (config auth user adminuser)> c. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> LR54 User Guide...
  • Page 844 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 845 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Web filtering LR54 User Guide...
  • Page 846: Firewall Configuration

    To create a zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: LR54 User Guide...
  • Page 847 Firewall Firewall configuration Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 848: Configure The Firewall Zone For A Network Interface

    This example procedure uses an existing network interface named LAN1 and changes the firewall zone from the default zone, Internal, to External.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 849    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 850: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 851 Firewall Firewall configuration 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 852: Port Forwarding Rules

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 853 To configure a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 854    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 855 5. Set the IP version. Allowed values are ipv4 and ipv6. The default is ipv4. (config firewall dnat 0)> ip_version ipv6 (config firewall dnat 0)> 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. LR54 User Guide...
  • Page 856 (config firewall dnat 0 acl> add address6 end ip-address (config firewall dnat 0 acl)> Repeat for each appropriate IP address. To specify the firewall zone for white listing: (config firewall dnat 0 acl)> add zone end zone LR54 User Guide...
  • Page 857: Delete A Port Forwarding Rule

    Delete a port forwarding rule To delete a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 858    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 859 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 860: Packet Filtering

    ICMP6 To configure a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 861 4. (Optional) Type a Label that will be used to identify the rule. 5. For Action, select one of: Accept: Allows matching network connections. Reject: Blocks matching network connections, and sends an ICMP error if appropriate. Drop: Blocks matching network connections, and does not send a reply. LR54 User Guide...
  • Page 862    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 863 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> LR54 User Guide...
  • Page 864: Enable Or Disable A Packet Filtering Rule

    Enable or disable a packet filtering rule To enable or disable a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 865    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 866: Delete A Packet Filtering Rule

    Delete a packet filtering rule To delete a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 867    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 868: Configure Custom Firewall Rules

    To configure custom firewall rules:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 869 5. (Optional) Enable Override to override all preconfigured firewall behavior and rely solely on the custom firewall rules. 6. For Rules, type the shell command that will execute the custom firewall rules script. 7. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 870    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 871: Configure Captive Portals

    Captive portals are available on the LR54W Wi-Fi enabled model only. To configure captive portals:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 872 12. (Optional) For Redirect to URL, enter the URL to which the user will be directed when granted access to the portal. If left blank, the user will be directed to the domain of the URL in the original access request. LR54 User Guide...
  • Page 873    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 874 (config firewall portal portal1)> 10. (Optional) Set the terms and conditions that ill appear on the portal page. Users will be required to agree to the terms and conditions before being granted access to the portal. LR54 User Guide...
  • Page 875: Delete Captive Portals

    Delete captive portals To delete captive portals:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 876: Configure Quality Of Service Options

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 877 These example bindings are disabled by default. Enable the preconfigured bindings    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 878    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 879 Type quit to disconnect from the device. Create a new binding    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 880 10, each policy will be allocated one third of the total interface bandwidth. e. For Latency, type the maximum delay before the transmission of packets. A lower latency means that the packets will be scheduled more quickly for transmission. LR54 User Guide...
  • Page 881 MAC address: Only traffic from the MAC address typed in MAC address will be matched. ix. Click to expand Destination address and select the Type: Any: Traffic destined for anywhere will be matched. Interface: Only traffic destined for the selected Interface will be matched. LR54 User Guide...
  • Page 882 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. LR54 User Guide...
  • Page 883    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 884 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> LR54 User Guide...
  • Page 885 IP port number, a range of port numbers using the format IP_port- IP_port, or any. vii. Set the destination port to define a destination matching criteria: (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> LR54 User Guide...
  • Page 886 Only traffic from the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> LR54 User Guide...
  • Page 887 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address value (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. LR54 User Guide...
  • Page 888: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the LR54 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 889 6. Copy the token. Task two: Configure web filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 890 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your LR54 is invalid, you can clear the device ID.    Command line 1.
  • Page 891: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 892 7. Click  to add a server. 8. For IP address, enter the IP address of the DNS server. 9. (Optional) Repeat for additional DNS servers. 10. Click Apply to save the configuration and apply the change.    Command line LR54 User Guide...
  • Page 893 Firewall Web filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 894: Verify Your Web Filtering Configuration

    Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 895 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the LR54 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.
  • Page 896: Show Web Filter Service Information

    Cisco open DNS servers. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 897 Firewall Web filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 898: Upload A New Lxc Container

    Containers The LR54 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.
  • Page 899: Configure A Container

    Serial ports on the device that the container will have access to.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 900    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 901 (Optional) Set the IP address and netmask for the container: (config system container name)> address IP_address/netmask (config system container name)> d. (Optional) Set the IP address of the network gateway: (config system container name)> gateway IP_address (config system container name)> LR54 User Guide...
  • Page 902: Starting And Stopping The Container

    Authentication groups for information about configuring authentication groups that include shell access. Note Container support must be enabled in Digi Remote Manager. Contact your Digi sales representative for information. Starting the container There are two methods to start containers: Non-persistent: Changes made to the container file system will be lost when the container is stopped.
  • Page 903 Starting and stopping the container 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 904: Stopping The Container

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 905: Show Status Of A Specific Container

    2. Execute a ping command every ten seconds from inside the container.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 906 4. For Add Script, click . The script configuration window is displayed. 5. (Optional) For Label, type container_script. 6. For Run mode, select Interval. 7. For Interval, type 10s. 8. For Commands, type the following: lxc container_name /bin/ping -c 1 IP_address LR54 User Guide...
  • Page 907    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 908: Create A Custom Container

    In this example, we will use a simple container file named test_lxc.tgz. You can download test_lxc.tgz from the Digi website. At the command line of a Linux host, we will unpack the file, add a simple python script, and create a new container file that includes the python script.
  • Page 909: Test The Custom Container File

    Click Apply. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the LR54 local command line as a user with shell access.
  • Page 910: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your LR54 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks...
  • Page 911: Review Device Status

       Web To display system information: 1. Log into the LR54 WebUI as a user with Admin access. 2. On the main menu, click Status. A secondary menu appears, along with a status panel. 3. On the secondary menu, click to display the details panel for the status you want to view.
  • Page 912 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 913: Configure System Information

    A banner that will be displayed when users access terminal services on the device. To enter system information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 914    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 915: Update System Firmware

    For example, LR54-22.8.33.50.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
  • Page 916    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 917 Update firmware from a local file    Web 1. Download the LR54 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the LR54 WebUI as a user with Admin access. LR54 User Guide...
  • Page 918 1. Download the LR54 operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 919: Dual Boot Behavior

    > reboot Rebooting system > 7. Once the device has rebooted, log into the LR54's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
  • Page 920: How To Recover A Lr54 That Will Not Boot

    When a LR54 device is in this state, the device will continually reboot as it attempts to boot one of the firmware images that are stored on the device. The LED state will be as follows:...
  • Page 921: Update Cellular Module Firmware

    Update cellular module firmware To recover the LR54, you will need a TFTP server that has an IP address of 192.168.1.100. The LR54 will use an IP address of 192.168.1.1. Any configuration on the LR54 will not be modified as part of the recovery process.
  • Page 922: Update Modem Firmware Over The Air (Ota)

    OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 923 Update cellular module firmware Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...
  • Page 924: Update Modem Firmware By Using A Local Firmware File

    LR54 device. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 925: Reboot Your Lr54 Device

    4. Click Reboot to confirm that you want to reboot the device.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. LR54 User Guide...
  • Page 926: Schedule Reboots Of Your Device

    > reboot Schedule reboots of your device    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 927    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 928: Erase Device Configuration And Reset To Factory Defaults

    With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 929 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the LR54 by using the serial port or by using an Ethernet cable to connect the LR54 LAN1 port to your PC. b. Log into the LR54: User name: Use the default user name: admin.
  • Page 930 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the LR54 by using the serial port or by using an Ethernet cable to connect the LR54 LAN1 port to your PC. b. Log into the LR54: User name: Use the default user name: admin.
  • Page 931: Configure The Lr54 Device To Use Custom Factory Default Settings

    You can reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 932 1. Log into the LR54 WebUI as a user with Admin access. 2. Configure your LR54 device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.
  • Page 933: Locate The Device By Using The Find Me Feature

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 934    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 935: Configuration Files

    If you do not save configuration changes, the system discards the changes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 936: Save Configuration To A File

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 937    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 938: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your LR54 device by using a backup from the device, or a backup from a similar device. ...
  • Page 939 System administration Configuration files 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 940: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 941 24 hours can potentially overstress the device and should be used with caution. If Duration window is set to any value other than to Immediately or 24 hours, the maintenance tasks will run at a random time during the time allotted for the duration window. LR54 User Guide...
  • Page 942 Python Out-of-Service is set. See Use Python to set the maintenance window for further information. Note If your device is managed by a Digi Remote Manager configuration, the configuration manages: The device firmware version. The modem firmware version. The device’s configuration settings.
  • Page 943 System administration Schedule system maintenance tasks 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 944 (config system schedule maintenance trigger 0)> frequency value (config system schedule maintenance trigger 0)> where value is either daily or weekly. Daily is the default. Note If your device is managed by a Digi Remote Manager configuration, the configuration manages: LR54 User Guide...
  • Page 945 Set how often automated checking for device firmware should take place: (config)> system schedule maintenance frequency value (config)> where value is either daily, weekly, or monthly. daily is the default. 8. Save the configuration and apply the change: (config)> save Configuration saved. > LR54 User Guide...
  • Page 946: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your LR54 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
  • Page 947 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 LR54 User Guide...
  • Page 948: Configure The Speed Of Your Ethernet Ports

    Configure the speed of your Ethernet ports 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your LR54 device. 3. Open a telnet session and connect to the LR54 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 949 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 950 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 951 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Enable the Wi-Fi scanner LR54 User Guide...
  • Page 952: Intelliflow

    WebUI. To use intelliFlow, the LR54 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 953    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 954 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 955: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 956: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 957 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. LR54 User Guide...
  • Page 958: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 959: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the LR54 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 960 Monitoring Configure NetFlow Probe    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 961    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 962 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. LR54 User Guide...
  • Page 963: Enable The Wi-Fi Scanner

    Required configuration Enable the Wi-Fi scanner. The wireless radio to use for scanning. Additional configuration The SSH port used by the Wi-Fi scanner for reporting information to the remote host. The Wi-Fi channels to be scanned. LR54 User Guide...
  • Page 964 Devices that are observed less that the minimum number will be considered to be mobile.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 965 Allowed values are any number of hours, minutes, or seconds, and take the format number {h|m|s}. For example, to set Update interval to ten minutes, enter 10m or 600s. The default is 15 seconds. 8. (Optional) Click Secondary antenna to disable the use of the secondary Wi-Fi antenna. LR54 User Guide...
  • Page 966 11:09:44:61:41:62 D0:40:FA:03:3A:92 3E:0F:20:CF:82:40 Upload and download files for information about uploading a file to the LR54 device's filesystem. d. For Wi-Fi device type to report, select either Access points, Clients, or All. The default is All. e. (Optional) Configure the device to automatically determine what Wi-Fi signal transmitters are stationary, and to exclude stationary devices from the output log: i.
  • Page 967 For Protocol, select the protocol that the device should use to upload the Wi-Fi scanner results to the remote server. i. For Compress, select Enable compression to compress the data being sent to the remote host. The default is Disable compression. j. Repeat for additional remote hosts. LR54 User Guide...
  • Page 968 No limit to IPv6 addresses that can access the SSH service. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the LR54 device: i. Click Interfaces.
  • Page 969    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 970 Set the hostname or IPv4 address of the remote server: (config monitoring wifi_scanner push server 0)> address hostname (config monitoring wifi_scanner push server 0)> e. Set type the port number on the remote server that will be used for the Wi-Fi scanner results: LR54 User Guide...
  • Page 971 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. LR54 User Guide...
  • Page 972 Monitoring Enable the Wi-Fi scanner To limit access to hosts connected through a specified interface on the LR54 device: (config)> add wifi scanner ssh acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 973: Display The Output Of The Wi-Fi Scanner

    System Logs page. From the command line when logged into the LR54 device. From a remote host, by connecting to the LR54 device by using the scanning service's SSH port. To view the output of the Wi-Fi scanning service, you must first enable the service. See...
  • Page 974 Enable the Wi-Fi scanner To view the output of the Wi-Fi scanning service from the System Logs page: 1. Log into the LR54 WebUI as a user with Admin access. 2. On the menu, select System > Logs. 3. Click to expand Wi-Fi Scanner Logs.
  • Page 975 For example, to view the output of the scanner by using the default Wi-Fi scanning service port of 3101: $ ssh user@device-ip -p 3101 Password: After logging into your device, it will display the output from the Wi-Fi scanning service in your shell. For example: LR54 User Guide...
  • Page 976 SSID, the channel will be listed as -1 . Field 7 If the device is a Wi-Fi access point, the SSID of the access point. Field 8 The Received Signal Strength Indicator (RSSI). LR54 User Guide...
  • Page 977 File system This chapter contains the following topics: The LR54 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...
  • Page 978: File System

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 979: Create A Directory

    For example: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 980: Display File Contents

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 981: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 982: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 983: Upload And Download Files

    Upload and download files To delete a directory named temp from /opt: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights.
  • Page 984: Upload And Download Files By Using The Secure Copy Command

    LR54 device. local-path is the location on the LR54 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the LR54 device, issue the following command: >...
  • Page 985: Upload And Download Files Using Sftp

    LR54 device. For example: To copy a support report from the LR54 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 986 Transfer a file from the LR54 device to a remote host This example downloads a file named test.py from the LR54 device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
  • Page 987 View system and event logs Configure syslog servers Configure options for the event and system logs 1001 Analyze network traffic 1006 Use the ping command to troubleshoot network connections 1024 Use the traceroute command to diagnose IP routing problems 1024 LR54 User Guide...
  • Page 988: Perform A Speedtest

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 989: Support Report Overview

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 990 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system LR54 User Guide...
  • Page 991 AT commands netstat_-i Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report LR54 User Guide...
  • Page 992 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) LR54 User Guide...
  • Page 993: View System And Event Logs

    View System Logs    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 994    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 995: View Event Logs

    View Event Logs    Web 1. Log into the LR54 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 996 Diagnostics View system and event logs 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 997 Diagnostics View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. LR54 User Guide...
  • Page 998: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 999    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the LR54 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 1000 5. Set the IP protocol to use for communication with the syslog server: (config system log remote 0)> protocol value (config system log remote 0)> where value is either tcp or udp. The default is udp. LR54 User Guide 1000...

This manual is also suitable for:

Tx64

Table of Contents