1. Manuals
  2. Brands
  3. Digi Manuals
  4. Extender
  5. EX12
  6. User manual

Digi EX12 User Manual

Hide thumbs
1
2
3
4
5
6
7
Table Of Contents
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
Table of Contents

Advertisement

Quick Links

Download this manual
EX12
User Guide
Firmware version 22.8

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EX12 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi EX12

Summary of Contents for Digi EX12

  • Page 1 EX12 User Guide Firmware version 22.8...

  • Page 2: Revision History-90002364

    September 2021 Added LXC container support for running localized containers on the device. Added support for maintenance windows triggers to control when a device is available for Digi Remote Manager maintenance activity. VPN enhancements: Added support for L2TPv3 tunneling. New option to enable, disable, or force IPsec IKE fragmentation.
  • Page 3 Added ability to control if DHCP addresses are assigned sequentially or randomly (disabled by default). Added 802.1x port-based network access control, configurable per network interface. Release of Digi EX12 firmware version 21.11: December 2021 Configuration option to allow for automatic update of new firmware (disabled by default).
  • Page 4 Support for sending analog and digial I/O health metrics to Digi Remote Manager. Added show containers Admin CLI command. Release of Digi EX12 firmware version 22.2: March 2022 VPN enhancements: Renamed VPN > IPsec > Tunnels > Policies > Local network setting to Local traffic selector and added Remote traffic selector.
  • Page 5 TCP socket connection is opened to the serial port. New cat Admin CLI command for displaying file contents. Release of Digi EX12 firmware version 22.5: June 2022 5G enhancements: Added 5G slice support for configuring the slice type for the 5G modems.
  • Page 6 New settings to control the NMEA message content that the devices sends when there is no valid fix from any of the configured location sources. Release of Digi EX12 firmware version 22.8: September 2022 Cellular modem enhancements: Added modem ota download and system firmware ota download commands for downloading cellular modem and device firmware.
  • Page 7 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi EX12 User Guide, 90002364 L) in the subject line of your email. Digi EX12 User Guide...

  • Page 8: Table Of Contents

    What's new in Digi EX12 version 22.8 Digi EX12 Quick Start Step 1: Connect your device Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager Step 4: Register your device Step 5: Complete setup Step 6: Configure cellular APN...
  • Page 9 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple EX12 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 10 Example: Route traffic to a specific WAN interface based on the client MAC address Routing services Configure routing services Show the routing table Dynamic DNS Configure dynamic DNS Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Digi EX12 User Guide...
  • Page 11 Allow remote access for web administration and SSH Configure the web administration service Configure SSH access Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Show DNS server Simple Network Management Protocol (SNMP) Digi EX12 User Guide...
  • Page 12 Releasing the LEDs to system control Use Python to control the color of multi-colored LEDs Example: Set the LTE connection indicator to flashing purple Set up the EX12 to automatically run your applications Configure scripts to run automatically Show script information...
  • Page 13 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your EX12 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
  • Page 14 Reboot your device immediately Schedule reboots of your device Erase device configuration and reset to factory defaults Configure the EX12 device to use custom factory default settings Locate the device by using the Find Me feature Configuration files Save configuration changes...
  • Page 15 Stop ping commands Use the traceroute command to diagnose IP routing problems Regulatory guide Canada Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi EX12 User Guide...
  • Page 16 Digi EX12 User Guide...
  • Page 17 Digi EX12 User Guide...
  • Page 18 Antenna notes and solutions Antenna terminology Physical specifications Antennas tested by Digi Extra-small IoT paddle antennas Large external MIMO antenna (outdoor rated) Flat MIMO antenna #1 Flat MIMO antenna #2 Paddle extender Digi EX12 User Guide...

  • Page 19: What's New In Digi Ex12 Version 22.8

    CHAPv2) as an option for L2TP network servers authentication methods. Container support: Container support now a premium feature, enabled through Digi Remote Manager. Added new metrics for sending container status, name, CPU load, and disk usage as datapoints to DigiRM.

  • Page 20: Digi Ex12 Quick Start

    Digi EX12 Quick Start Step 1: Connect your device 1. Insert your activated SIM (2FF) card(s) provided by your cellular carrier into the device: a. Insert the SIM card(s) into the SIM sockets. Insert the end of each SIM card with the chamfered corner positioned as indicated.

  • Page 21: Step 2: Connect Dc Power

    Digi EX12 Quick Start Step 2: Connect DC power 3. Using an Ethernet cable, connect the EX12's 2/WAN port to the internet, such as a home internet router or LAN Ethernet port in an office environment. Step 2: Connect DC power You can also use the included passive Power-over-Ethernet (PoE) injector.

  • Page 22: Step 4: Register Your Device

    Digi EX12 Quick Start Step 4: Register your device 1. Go to shop.digi.com to create a new Remote Manager account. You will receive an email from Remote Manager after your registration is complete. 2. Click the link in the email to go to Remote Manager and click Forgot Password to set up your login and password.

  • Page 23: Digi Ex12 Hardware Reference

    Digi EX12 hardware reference Hardware features 1. SIM button The SIM button is used to manually toggle between the two SIM slots. 2. 1/PoE port By default, the 1/PoE Ethernet port is configured as a LAN port with an IP address of 192.168.2.1/24 and a DCHP server.

  • Page 24: Device Status Leds

    Once power has been established, your device will initialize and attempt to connect to the network. Device initialization may take 30-60 seconds. By default your EX12 will attempt to use DHCP to establish an Internet connection either through its cellular modem or the ethernet port.
  • Page 25 For example, a -85 is a better signal than -90. Note Signal quality bars explained for more information regarding how signal strength is calculated and subsequently displayed via the LED indicators. 3. Ethernet connections are confirmed via the light corresponding to the EX12 port number. Digi EX12 User Guide...

  • Page 26: Signal Quality Bars Explained

    Device status LEDs Signal quality bars explained The signal status bars for the Digi EX12 measure more than simply signal strength. The value reported by the signal bars is calculated using an algorithm that takes into consideration the Reference Signals Received Power (RSRP), the Signal-to-noise ratio (SNR), and the Received Signal Strength Indication (RSSI) to provide an accurate indicator of the quality of the signal that the device is receiving.

  • Page 27: Lte Status Indicators

    The RS232 standard requires support for baud rates up to 9600 baud on shielded multicore cable up to 50 feet (15 meters) long. For the EX12, the use of standard CAT 5 cables enables serial communication at all baud rates up to 50 feet. CAT5 unshielded twisted pair cable lengths much longer than 50 feet have been verified at 9600 baud but are non-standard and are not guaranteed.

  • Page 28: Qr Code Definition

    Digi EX12 hardware reference QR code definition QR code definition A QR code is printed on the label attached to the device and on the loose label included in the box with the device components. The QR code contains information about the device.
  • Page 29 Hardware setup This chapter contains the following topics: Site survey EX12 power installation Install SIM cards Connect data cables Mount the EX12 device Network integration Digi EX12 User Guide...

  • Page 30: Hardware Setup

    EX12 indicator lights to aid in diagnosis. EX12 power installation Connecting to the site network with local power Plug the power supply unit into an AC power outlet and connect the power supply unit to the EX12 device. Digi EX12 User Guide...

  • Page 31: Connecting To The Site Network With Remote Power

    If the OUT LED is not illuminated after connecting to the EX12, verify the integrity of the Ethernet cable. Note The PoE injector must be connected to LAN port 1 on the EX12 for the device to properly receive power. Install SIM cards...

  • Page 32: Apply Dielectric Grease Over Sim Contacts

    1. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the EX12 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 33: Sim Removal

    Connect data cables SIM removal The EX12 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch. Tips for improving cellular signal strength...

  • Page 34: Network Integration

    A second internet connection must be available for cellular failover. When integrating a second Internet connection for cellular failover, connect the alternative ISP to the WAN port. This interface is configured for WAN access by default though ports can be reconfigured as necessary. Digi EX12 User Guide...
  • Page 35 Change the default password for the admin user Configuration methods Using Digi Remote Manager Configure the device to use aView for central management Using the local web interface Use the local REST API to configure the EX12 device Using the command line Digi EX12 User Guide...

  • Page 36: Firmware Configuration

    Configure the device to use aView for central management. You can review the default settings for your EX12 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the EX12 WebUI as a user with Admin access. See Using the local web interface details.

  • Page 37: Change The Default Password For The Admin User

    To change the default password for the admin user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 38    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 39: Configuration Methods

    With the Remote Manager, you can configure your EX12 device and use the configuration as a basis for a Remote Manager configuration which can be applied to other similar devices.

  • Page 40: Using Digi Remote Manager

    To configure the EX12 device to use aView rather than Digi Remote Manager for central management:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 41 The Central management pane refreshes with the default aView configuration. Review the default configuration. Generally, the default configuration should not be changed. 6. Enable the aView IPsec tunnel. a. Click VPN > IPsec > Tunnels > aView. b. Click Enable. Digi EX12 User Guide...
  • Page 42    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 43 Verify that the remote log server is set to syslog.accns.com: (config)> show system log remote 0 server syslog.accns.com (config)> c. (Optional) Select the event types to be sent to aView. There are three event types that can be used configured for the remote syslog server: Digi EX12 User Guide...

  • Page 44: Using The Local Web Interface

    (config)> 8. (Optional) Enable remote control. Remote control allows remote commands to be sent from aView to the EX12 device. It is optional, but is required if you want to send remote commands from aView. (config)> service remote_control enable true (config)>...

  • Page 45: Log Out Of The Web Interface

    On the main menu, click your user name. Click Log out. Use the local REST API to configure the EX12 device Your EX12 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...

  • Page 46: Use The Get Method To Return Device Configuration Information

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 47 Firmware configuration Use the local REST API to configure the EX12 device multicast Multicast ping Ping responder snmp SNMP telnet Telnet web_admin Web administration (config)> service For example, to use curl to return the ssh configuration: $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh -...

  • Page 48: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Firmware configuration Use the local REST API to configure the EX12 device Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters, use the POST method with the path and value parameters.
  • Page 49 Firmware configuration Use the local REST API to configure the EX12 device where path is the path to the list item, including the list number, in dot notation (for example, service.ssh.acl.zone.4). For example, to remove the external firewall zone to the ssh service: 1.

  • Page 50: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the EX12 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 51: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the EX12 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...

  • Page 52: Central Management

    Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple EX12 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...

  • Page 53: Digi Remote Manager Support

    This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 54 HTTP proxy server support. To configure your device's Digi Remote Manager support:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 55 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the EX12 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 56 For Destination phone number, type the phone number for the remote cloud services. d. (Optional) Type the Service identifier. 17. (Optional) Configure the EX12 device to communicate with remote cloud services by using an HTTP proxy server: a. Click to expand HTTP Proxy.
  • Page 57 Central management Configure your device for Digi Remote Manager support 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 58 (config)> cloud drm keep_alive 600s (config)> 8. (Optional) Set the amount of time that the EX12 device should wait between sending keep- alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 59 (Optional) Set the service identifier: (config)> cloud drm sms sercice_id id (config)> 16. (Optional) Configure the EX12 device to communicate with remote cloud services by using an HTTP proxy server: a. Enable the use of an HTTP proxy server: (config)> cloud drm proxy enable true (config)>...

  • Page 60: Collect Device Health Data And Set The Sample Interval

    To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 61    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 62 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.

  • Page 63: Enable Event Log Upload To Digi Remote Manager

    To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Digi EX12 User Guide...
  • Page 64    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 65: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.

  • Page 66: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.

  • Page 67: Configure Multiple Ex12 Devices By Using Digi Remote Manager Configurations

    Remote Manager configurations. Typically, if you want to provision multiple EX12 routers: 1. Using the EX12 local WebUI, configure one EX12 router to use as the model configuration for all subsequent EX12s you need to manage. 2. Register the configured EX12 device in your Remote Manager account.

  • Page 68: View Digi Remote Manager Connection Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 69: Learn More

    Central management Learn more Learn more To learn more about Digi Remote Manager features and functions, see the Digi Remote Manager User Guide. Digi EX12 User Guide...

  • Page 70: Interfaces

    Interfaces EX12 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs)

  • Page 71: Wide Area Networks (Wans)

    Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The EX12 device is preconfigured with one Wide Area Network (WAN), named ETH2, and one Wireless Wide Area Network (WWAN), named Modem. Default Interface type Preconfigured interfaces Devices configuration Wide Area...

  • Page 72: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    The metric for each WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 73 Click IPv6. d. For Metric, type 1. 4. Set the metrics for ETH2: a. Click Network > Interfaces > ETH2 > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. Digi EX12 User Guide...
  • Page 74    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 75: Wan/Wwan Failover

    WAN, and its Ethernet WAN, ETH2, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the EX12 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...

  • Page 76: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the EX12 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 77 The Switch SIM behavior only applies if the modem is connected, but SureLink tests are failing. If the modem is not connected, SIM failover applies. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover. Digi EX12 User Guide...
  • Page 78 7. Seventh Surelink failure: The device will reboot.    Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 79 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the EX12 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 80 Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. Digi EX12 User Guide...
  • Page 81 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 82 If switch_sim is enabled, set the number of times that Surelink tests must fail prior to switching SIMS: (config network interface my_wan ipv4 surelink)> switch_sim_attempts (config network interface my_wan ipv4 surelink> Digi EX12 User Guide...
  • Page 83 Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> dns_configured: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. Digi EX12 User Guide...
  • Page 84 The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: (config network interface my_wan ipv4 surelink target 0)> other value (config network interface my_wan ipv4 surelink target 0)> Digi EX12 User Guide...
  • Page 85 (Optional) Repeat to add additional test targets. 11. Optional active recovery configuration parameters: a. Move back two levels in the configuration by typing ..: (config network interface my_wan ipv4 surelink target 0)> ..(config network interface my_wan ipv4 surelink> Digi EX12 User Guide...
  • Page 86 (config network interface my_wan ipv4 surelink)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 87: Configure The Device To Reboot When A Failure Is Detected

    Interfaces Wide Area Networks (WANs) Configure the device to reboot when a failure is detected Using SureLink, you can configure the EX12 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink. SureLink can be enabled for both IPv4 and IPv6 configurations. By default, SureLink is enabled for IPv4 for the preconfigured WAN (ETH2) and WWAN (Modem).
  • Page 88 To configure the EX12 device to reboot when an interface has failed:    Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 89 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the EX12 device to automatically recover the modem in the event that it cannot obtain an IP address. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover.
  • Page 90 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. (Optional) Repeat this procedure for IPv6. Digi EX12 User Guide...
  • Page 91 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 92 Tests connectivity by sending a DNS query to the specified DNS server. Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> Digi EX12 User Guide...
  • Page 93 (config network interface my_wan ipv4 surelink target 0)> interface_timeout 600s (config network interface my_wan ipv4 surelink target 0)> The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: Digi EX12 User Guide...
  • Page 94 For example, if other_status is set to down, but the alternate interface is determined to be up, then this test will fail. (Optional) Repeat to add additional test targets. 9. Optional active recovery configuration parameters: Digi EX12 User Guide...
  • Page 95 For example, to set timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan ipv4 surelink)> timeout 600s (config network interface my_wan ipv4 surelink)> The default is 15 seconds. 10. (Optional) Repeat this procedure for IPv6. 11. Save the configuration and apply the change: Digi EX12 User Guide...

  • Page 96: Disable Surelink

    You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 97    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 98 IP address assigned to it, that the physical link is up, and that a route is present to send traffic out of the network interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 99    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 100: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    To achieve this WAN failover from the ETH2 to the Modem interface, the WAN failover configuration is:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 101 Wide Area Networks (WANs) 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 102    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 103: Using Ethernet Devices In A Wan

    Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the EX12 device cannot connect to the network using SIM1, it automatically fails over to SIM2. EX12 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 104 SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 105 This is used when using dual-APN SIMs. The default is 1. 9. Enable Carrier switching to allow the modem to automatically match the carrier for the active SIM. Carrier switching is enabled by default. Digi EX12 User Guide...
  • Page 106    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 107 (config)> network modem modem max_intfs int (config)> 8. Carrier switching allows the modem to automatically match the carrier for the active SIM. Carrier switching is enabled by default. To disable: (config)> network modem modem carrier_switch false (config)> Digi EX12 User Guide...
  • Page 108 Type quit to disconnect from the device. Configure cellular modem APNs The EX12 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 109 Interfaces Wide Area Networks (WANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 110    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 111 The default is none. 7. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: (config)> network interface modem modem apn_lock true (config)> 8. Save the configuration and apply the change: Digi EX12 User Guide...
  • Page 112 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 113 For Interface type, select Modem. d. For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the EX12 will attempt to determine the APN. Digi EX12 User Guide...
  • Page 114 For APN, type the private APN provided to you by your cellular carrier. 5. Create the routing policies. For example, to route all traffic from LAN1 through the public APN, and LAN2 through the private APN: Digi EX12 User Guide...
  • Page 115 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. Digi EX12 User Guide...
  • Page 116    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 117 (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> d. Configure the source address: i. Set the source type to interface: (config network route policy 0)> src type interface (config network route policy 0)> Digi EX12 User Guide...
  • Page 118 Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> ii. Set the interface to LAN2: (config network route policy 1)> src interface LAN2 (config network route policy 1)> Digi EX12 User Guide...
  • Page 119 Select Manual or Manual/Automatic carrier selection mode. The Network PLMN ID.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 120 5. If Manual or Manual/Automatic are selected for Carrier section mode, enter the Network PLMN ID. Note You can use themodem scan command at the Admin CLI to scan for available carriers and determine their PLMN ID. See Scan for available cellular carriers for details. Digi EX12 User Guide...
  • Page 121    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 122 Interfaces Wide Area Networks (WANs) 1. Log into the EX12 WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. croll to the Connection Status section and click SCAN. The Carrier Scan window opens.
  • Page 123 Interfaces Wide Area Networks (WANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 124 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 ICCID : 26587628655003992180 SIM Provider : AT&T RSRQ : Good (-11.0 dB) Digi EX12 User Guide...
  • Page 125   Command line To unlock a SIM card: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 126    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 127 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 128: Configure A Wide Area Network (Wan)

    When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the EX12 device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
  • Page 129 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 130 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the EX12 device.
  • Page 131 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the EX12 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 132    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 133 (config network interface my_wan)> iv. Set the MTU: (config network interface my_wan)> ipv4 mtu num (config network interface my_wan)> v. Configure how to use DNS: (config network interface my_wan)> ipv4 use_dns value (config network interface my_wan)> Digi EX12 User Guide...
  • Page 134 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the EX12 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 135 8. (Optional) To configure 802.1x port based network access control: Note The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the EX12 device: (config network interface my_wan)> 802_1x authentication enable true (config network interface my_wan)>...

  • Page 136: Configure A Wireless Wide Area Network (Wwan)

    The IPv4 Maximum Transmission Unit (MTU) of the WAN. When to use DNS: always, never, or only when this interface is the primary default route. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information. Digi EX12 User Guide...
  • Page 137 WAN/WWAN failures for further information.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 138 Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. 10. Roaming is enabled by default. Click to disable. Digi EX12 User Guide...
  • Page 139 Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN list and APN list only, the EX12 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 140 WWAN is the primary route. Never: Never use DNS servers for this WWAN. The default setting is When primary default route. 1. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring SureLink.    Command line Digi EX12 User Guide...
  • Page 141 Interfaces Wide Area Networks (WANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 142 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)> plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> Digi EX12 User Guide...
  • Page 143 (config network interface my_wwan)> modem operator_technology value (config network interface my_wwan)> where value is one of: all: The best available technology will be used. 2G: Only 2G technology will be used. 3G: Only 3G technology will be used. Digi EX12 User Guide...
  • Page 144 The device will reboot if automatic SIM switching is unavailable. 12. The EX12 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 145 DNS server, the interface with the lowest metric will be used for DNS requests. never: Never use DNS servers for this WWAN. primary: Only use the DNS servers provided for this WWAN when the WWAN is the primary route. Digi EX12 User Guide...

  • Page 146: Show Wan And Wwan Status And Statistics

    Only use the DNS servers provided for this WWAN when the WWAN is the primary route. The default setting is primary. g. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring active recovery. Show WAN and WWAN status and statistics    Web Digi EX12 User Guide...
  • Page 147    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 148: Delete A Wan Or Wwan

    WAN, ETH2, or the preconfigured WWAN, Modem.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 149    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 150: Default Outbound Wan/Wwan Ports

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Default outbound WAN/WWAN ports The following table lists the default outbound network communications for EX12 WAN/WWAN interfaces: Description TCP/UDP Port number Digi Remote Manager connection to my.devicecloud.com...

  • Page 151: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The EX12 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area ETH1 Ethernet: Firewall zone: Network ETH1 Internal (LAN) IP address: 192.168.2.1/24...

  • Page 152: About Local Area Networks (Lans)

    When to use DNS: always, never, or only when this interface is the primary default route. IPv4 DHCP server configuration. See DHCP servers for more information. IPv6 configuration: The metric for IPv6 routes associated with the LAN. The relative weight for IPv6 routes associated with the LAN. Digi EX12 User Guide...
  • Page 153 To create a new LAN or edit an existing LAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 154 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the EX12 device.
  • Page 155    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 156 (config network interface my_lan)> The LAN is configured by default to use a static IP address for its IPv4 configuration. To configure the LAN to be a DHCP client, rather than using a static IP addres: Digi EX12 User Guide...
  • Page 157 Set the IPv6 type to DHCP: (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): Digi EX12 User Guide...
  • Page 158 If the minimum length is not available, then a longer prefix will be used. Configure WAN/WWAN priority and default route metrics for further information about metrics. 8. (Optional) To configure 802.1x port based network access control: Digi EX12 User Guide...

  • Page 159: Change The Default Lan Subnet

    Interfaces Local Area Networks (LANs) Note The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the EX12 device: (config network interface my_lan)> 802_1x authentication enable true (config network interface my_lan)>...
  • Page 160 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 161: Show Lan Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 162 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) IPv6 Status : up IPv6 Type : prefix IPv6 Address(es) : fd00:2704::1/48 IPv6 Gateway IPv6 MTU : 1500 IPv6 Metric IPv6 Weight : 10 IPv6 DNS Server(s) > Digi EX12 User Guide...

  • Page 163: Delete A Lan

    Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 164: Dhcp Servers

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 165 Map static IP addresses to hosts for information about static leases.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 166 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the EX12 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
  • Page 167    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 168 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the EX12 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
  • Page 169 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the EX12 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 170 A label for this instance of the static lease. To map static IP addresses:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 171    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 172    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 173 Delete static IP mapping entries To delete a static IP entry:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 174    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 175 Local Area Networks (LANs) Required configuration items DHCP option number. Value for the DHCP option. Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi EX12 User Guide...
  • Page 176 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 177    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 178 LAN. For the EX12 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 179 Additional configuration items IP address of additional DHCP relay servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 180    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 181    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 182: Create A Virtual Lan (Vlan) Route

    LAN. Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. Digi EX12 User Guide...
  • Page 183 Local Area Networks (LANs) To create a VLAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 184    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 185: Default Services Listening On Lan Ports

    IP address assigned to it on a WAN or cellular modem interface, to a client connected to a LAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 186 When enabled, this option allows forwarding between the source interface and devices connected to this interface, which allows connected devices to forward and receive packets without network address translation (NAT). This should normally be disabled unless it is Digi EX12 User Guide...
  • Page 187 14. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the EX12 device.
  • Page 188    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 189 (config network interface ip_passthrough_interface)> device device (config network interface my_wan)> 7. Set passthrough options 8. Configure IPv4 settings: IPv4 support is enabled by default. To disable: (config network interface ip_passthrough_interface)> ipv4 enable false (config network interface ip_passthrough_interface)> Digi EX12 User Guide...
  • Page 190 (config network interface ip_passthrough_interface)> b. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): (config network interface ip_passthrough_interface)> ipv6 ? IPv6 Parameters Current Value Digi EX12 User Guide...
  • Page 191 Modify any of the remaining default settings as appropriate. 10. (Optional) To configure 802.1x port based network access control: Note The EX12 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the EX12 device: (config network interface ip_passthrough_interface)>...

  • Page 192: Bridging

    Interfaces Bridging Bridging Bridging is a mechanism to create a single network consisting of multiple devices, such as Ethernet devices and wireless access points. This section contains the following topics: Configure a bridge Digi EX12 User Guide...

  • Page 193: Configure A Bridge

    Enable Spanning Tree Protocol (STP). To create a bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 194 For Forwarding delay, enter the number of seconds that the device will spend in each of the listening and learning states before the bridge begins forwarding data. The default is 2 seconds. 8. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 195    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 196: Show Surelink Status And Statistics

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 197: Show Surelink Status For A Specific Interface

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 198: Show Surelink Status For A Specific Ipsec Tunnel

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 199: Show Surelink Status For A Specific Openvpn Client

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 200: Serial Port

    Serial port EX12 devices have a single serial port that provides access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.

  • Page 201: Configure Login Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 202    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 203: Configure Remote Access Mode

    Remote Access mode allows for remote access to another device that is connected to the serial port. To change the configuration to match the serial configuration of the device to which you want to connect:    Web Digi EX12 User Guide...
  • Page 204 Serial port Configure Remote Access mode 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 205 Click to expand Access Control List. For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: Digi EX12 User Guide...
  • Page 206 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: i. Click Interfaces. ii. For Add Interface, click .
  • Page 207 For Idle timeout, type the amount of time to wait before disconnecting due to user inactivity. 11. Expand Monitor Settings. a. Enable CTS to monitor CTS (Clear to Send) changes on this port. b. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port. Digi EX12 User Guide...
  • Page 208    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 209 Set the amount of time to wait before disconnecting due to user inactivity: (config)>serial port1 idle_timeout value (config) where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi EX12 User Guide...
  • Page 210 To disable: (config)>serial port1 autoconnect flush_string false (config)> The default is always. c. Set the option that initiates the connection: Digi EX12 User Guide...
  • Page 211 (config)> h. Set the text to be transmitted to the remote server when the socket connects: (config)>serial port1 socketid string (config)> 14. (Optional) Configure data framing: a. Enable data framing: (config)>serial port1 framing enable true (config) Digi EX12 User Guide...
  • Page 212 (config)>serial port1 service ssh nodelay true (config)> v. (Optional) Configure access control: To limit access to specified IPv4 addresses and networks: (config)> add serial port1 service ssh acl address end value (config)> Where value can be: Digi EX12 User Guide...
  • Page 213 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add serial port1 service ssh acl interface end value (config)>...
  • Page 214 1 and 65535. The default is 4001. iii. Enable TCP keep-alive messages: (config)>serial port1 service tcp keepalive true (config)> iv. Set the option that initiates the connection: (config)>serial port1 service tcp conn_type value (config)> Digi EX12 User Guide...
  • Page 215 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add serial port1 service tcp acl interface end value (config)>...
  • Page 216 ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vii. (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service tcp mdns enable true (config)> c. Configure telnet settings: Digi EX12 User Guide...
  • Page 217 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: Digi EX12 User Guide...
  • Page 218 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback Digi EX12 User Guide...

  • Page 219: Configure Application Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 220    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 221: Configure Ppp Dial-In Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 222 Automatic: Attempt to authenticate using CHAP first, and then PAP. CHAP: Use Challenge Handshake Authentication Protocol (CHAP) to authenticate. PAP: Use Password Authentication Protocol (PAP) to authenticate. If Automatic, CHAP, or PAP are selected, type the Username and Password used to authenticate the remote peer. Digi EX12 User Guide...
  • Page 223 -r line; do case "$line" in ATDT123) echo "CONNECT" # instruct the peer to start PPP exit 0 # start up the local PPP session AT*) echo "OK" # passively accept any other AT command esac done Digi EX12 User Guide...
  • Page 224    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 225 12. Set the priority of routes associated with this interface. If there are multiple active routes that match a destination, then the route with the lowest metric will be used. (config)> serial port1 ppp_dialin metric int (config)> Digi EX12 User Guide...
  • Page 226 If override is not enabled, the custom PPP configuration file is used in addition to the default configuration. c. Paste or type the configuration data in the format of a pppd options file: (config)> serial port1 ppp_dialin custom config_file data (config)> Digi EX12 User Guide...
  • Page 227 16. Save the configuration and apply the change: (config)> save Configuration saved. > 17. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 228: Configure Udp Serial Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 229 Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. 8. Expand UDP Serial Settings. a. For Local port, enter the UDP port. The default is 4001 or serial port 1, 4002 for serial port 2, etc. Digi EX12 User Guide...
  • Page 230 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the EX12 sends new data from the last IP address and port from which data was received. To add a destination: i.
  • Page 231 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: Digi EX12 User Guide...
  • Page 232    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 233 10. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Allowed values are: none rts/cts xon/xoff The default is none. 11. (Optional) Configure data framing: a. Enable data framing: (config)>serial port1 framing enable true (config) Digi EX12 User Guide...
  • Page 234 (config)> 14. Configure the remote sites to which you want to send data. If you do not specify any destinations, the EX12 send new data to the last hostname and port from which data was received. To add a destination: i.
  • Page 235 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 236 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi EX12 User Guide...
  • Page 237 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add serial port1 udp acl interface end value (config)>...

  • Page 238: Configure Modbus Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Digi EX12 User Guide...
  • Page 239 2. Set the number of data bits used by the device to which you want to connect: (config)>path-paramdatabits bits (config)> 3. Set the type of parity used by the device to which you want to connect: (config)>path-paramparity parity (config)> Allowed values are: even none Digi EX12 User Guide...
  • Page 240    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 241 4. Set the stop bits used by the device to which you want to connect: (config)>path-paramstopbits bits (config)> 5. Set the type of flow control used by the device to which you want to connect: (config)>path-paramflow value (config)> Digi EX12 User Guide...

  • Page 242: Show Serial Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 243    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 244 /etc/config/serial will be used as the root directory for the path and file. 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 245: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi EX12 User Guide...

  • Page 246: Ip Routing

    IP routing IP routing The EX12 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 247: Configure A Static Route

    The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 248 7. For Interface, select the interface on the EX12 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 249 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the EX12 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...

  • Page 250: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 251    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 252: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the EX12 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.

  • Page 253: Configure A Routing Policy

    To configure a routing policy:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 254 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the EX12 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 255    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 256 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the EX12 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 257 (config network route policy 0)> where value is one of: zone: Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? Digi EX12 User Guide...
  • Page 258 (config network route policy 0)> address: Matches the source IPv4 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> src address value (config network route policy 0)> Digi EX12 User Guide...
  • Page 259 (config network route policy 0)> dst zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the destination IP address to the selected interface's network address. Set the interface: Digi EX12 User Guide...
  • Page 260 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 261: Example: Dual Wan Policy-Based Routing

    This example routes traffic to a specific IP address to go through the cellular WWAN interface, while all other traffic uses the Ethernet WAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 262    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 263 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 264: Example: Domain-Based Routing With Dual Wan

    This example routes traffic destined for a specific domain to the WAN Ethernet port, and never through the cellular modem.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 265    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 266 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 267: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 268 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: a. Click Network > Routes > Policy-based routing. b. Click the  to add a new route policy. Digi EX12 User Guide...
  • Page 269 For Label, type Reject LAN traffic to cellular WAN. d. For Action, select Drop. e. For Source zone, select Internal. f. For Destination zone, select CellularWAN. 7. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 270    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 271 6. Create a packet filtering rule that rejects all other LAN packets on the cellular WAN interface: a. Create a new packet filtering rule: i. Type ... to move to the root of the configuration: (config network route policy 0)> ... (config)> Digi EX12 User Guide...

  • Page 272: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your EX12 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...

  • Page 273: Configure Routing Services

    Routing IP routing Configure routing services Required configuration items Enable routing services. Enable and configure the types of routing services that will be used. Digi EX12 User Guide...
  • Page 274 Routing IP routing    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 275    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 276: Show The Routing Table

    Show the routing table To display the routing table:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 277: Dynamic Dns

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 278: Configure Dynamic Dns

    Routing Dynamic DNS Configure dynamic DNS This section describes how to cofigure dynamic DNS on a EX12 device. Required configuration items Add a new Dynamic DNS service. The interface that has its IP address registered with the Dynamic DNS provider.
  • Page 279 Routing Dynamic DNS    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 280 14. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 281 (config network ddns new_ddns_instance)> 5. Set the Dynamic DNS provider service: a. Use the ? to determine available services: (config network ddns new_ddns_instance)> service ? Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br Digi EX12 User Guide...
  • Page 282 (config network ddns new_ddns_instance)> The default is 10m. 11. (Optional) Set the amount of time to wait to force an update of the interface's IP address: (config network ddns new_ddns_instance)> force_interval value (config network ddns new_ddns_instance)> Digi EX12 User Guide...

  • Page 283: Virtual Router Redundancy Protocol (Vrrp)

    Multiple EX12 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.

  • Page 284: Vrrp

    VRRP priorty of devices based on the status of their network connectivity.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 285 IP address of the VRRP pool, then the priority of this device should be set to 255 . Allowed values are from 1 and 255, and it is configured to 100 by default. Digi EX12 User Guide...
  • Page 286    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 287 (config network vrrp new_vrrp_instance)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 288: Configure Vrrp

    SureLink tests.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 289 This parameter allows a backup VRRP device to monitor the master device, and increase its priority when the master device is failing SureLink tests. This can allow a device functioning as a backup device to promote itself to master. Digi EX12 User Guide...
  • Page 290 VRRP virtual IP addresses: i. Click to expand DHCP Server > Advanced settings. ii. For Gateway, select Custom. iii. For Custom gateway, enter the IP address of one of the virtual IPs used by this VRRP Digi EX12 User Guide...
  • Page 291    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 292 This allows a backup VRRP device to monitor the master device, and increase its priority when the master device is failing SureLink tests. This can allow a device functioning as a backup device to promote itself to master. (config)> network vrrp VRRP_test vrrp_plus monitor_master true (config)> Digi EX12 User Guide...
  • Page 293 (config)> network interface eth1 ipv4 surelink interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter 5s: Digi EX12 User Guide...
  • Page 294 The interface is considered to be down based on the interfaces down time, and the amount of time an initial connection to the interface takes before this test is considered to have failed. Digi EX12 User Guide...

  • Page 295: Example: Vrrp/Vrrp+ Configuration

    10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two EX12 devices: Digi EX12 User Guide...

  • Page 296: Configure Device One (Master Device)

    Configure device one (master device)    Web Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 297 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. Digi EX12 User Guide...
  • Page 298   Command line Task 1: Configure VRRP on device one 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 299 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, ETH1, on device one 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> Digi EX12 User Guide...

  • Page 300: Configure Device Two (Backup Device)

    Configure device two (backup device)    Web Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 301 The new VRRP instance configuration is displayed. 5. Click Enable. 6. For Interface, select Interface: ETH1. 7. For Router ID, leave at the default setting of 50. 8. For Priority, type 80. 9. Click to expand Virtual IP addresses. Digi EX12 User Guide...
  • Page 302 Task 4: Configure SureLink for ETH1 on device two 1. Click Network > Interfaces > ETH1 > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. Digi EX12 User Guide...
  • Page 303   Command line Task 1: Configure VRRP on device two 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 304 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, ETH1, on device two 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> Digi EX12 User Guide...
  • Page 305 2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 200: (config)> network interface eth1 ipv4 dhcp_server lease_start 200 (config)> b. Set the end address to 250: (config)> network interface eth1 ipv4 dhcp_server lease_end 250 (config)> Digi EX12 User Guide...

  • Page 306: Show Vrrp Status And Statistics

    This section describes how to display VRRP status and statistics for a EX12 device. VRRP status is available from the Web UI only.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 307    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 308 Virtual IP address(es) : 10.10.10.1, 100.100.100.1 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > Digi EX12 User Guide...

  • Page 309: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) L2TP L2TPv3 Ethernet NEMO Digi EX12 User Guide...

  • Page 310: Ipsec

    Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The EX12 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.

  • Page 311: Authentication

    XAUTH client. RSA Signatures With RSA signatures authentication, the EX12 device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key. Certificate-based Authentication X.509 certificate-based authentication makes use of private keys on both the server and client which...
  • Page 312 Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. Digi EX12 User Guide...
  • Page 313    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 314 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. Digi EX12 User Guide...
  • Page 315 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. Digi EX12 User Guide...
  • Page 316 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the EX12 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 317 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. Digi EX12 User Guide...
  • Page 318 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. Digi EX12 User Guide...
  • Page 319 Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. Digi EX12 User Guide...
  • Page 320 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. Digi EX12 User Guide...
  • Page 321 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 322    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 323 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: Digi EX12 User Guide...
  • Page 324 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: Digi EX12 User Guide...
  • Page 325 (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> Digi EX12 User Guide...
  • Page 326 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. Digi EX12 User Guide...
  • Page 327 Repeat for additional hostnames. b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: Digi EX12 User Guide...
  • Page 328 Set the ID in internet email address format: (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. Digi EX12 User Guide...
  • Page 329 Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes. To disable: Digi EX12 User Guide...
  • Page 330 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> Digi EX12 User Guide...
  • Page 331 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal. iii. Repeat to add more phase 1 proposals. Digi EX12 User Guide...
  • Page 332 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> ii. Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> The default is modp2048. vi. (Optional) Add additional phase 2 proposals: Digi EX12 User Guide...
  • Page 333 (config vpn ipsec tunnel ipsec_example nat 0)> b. Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. Digi EX12 User Guide...
  • Page 334 Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local address ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example policy 0)> local address eth2 (config vpn ipsec tunnel ipsec_example policy 0)> Digi EX12 User Guide...
  • Page 335 Set the protocol matching criteria for the local traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> local protocol value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: any: Matches any protocol. tcp: Matches TCP protocol only. Digi EX12 User Guide...
  • Page 336 Allowed values are an integer between 1 and 255. 19. (Optional) You can also configure various IPsec related time out, keep alive, and related values: a. Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example policy 0)> ... (config)> Digi EX12 User Guide...
  • Page 337 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 338: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the EX12 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 339 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line Digi EX12 User Guide...
  • Page 340 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation Digi EX12 User Guide...

  • Page 341: Configure Surelink Active Recovery For Ipsec

    To configure the EX12 device to regularly probe the IPsec connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 342 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 343 Ping test: Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size. DNS test: Tests connectivity by sending a DNS query to the specified DNS server. Digi EX12 User Guide...
  • Page 344    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 345 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> surelink timeout 600s (config vpn ipsec tunnel ipsec_example)> The default is 15 seconds. Digi EX12 User Guide...
  • Page 346 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi EX12 User Guide...
  • Page 347 If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 Digi EX12 User Guide...

  • Page 348: Show Ipsec Status And Statistics

    Show IPsec status and statistics    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 3. To view configuration details about an IPsec tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 349: Debug An Ipsec Configuration

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 350    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 351: Configure A Simple Certificate Enrollment Protocol Client

    The number of days that the certificate enrollment can be renewed, prior to the request expiring.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 352 Virtual Private Networks (VPN) IPsec 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 353 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the EX12 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 354    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 355 Set the Domain Component: (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: Digi EX12 User Guide...
  • Page 356 The default is url. c. If type is set to url, set the URL that should be used: (config network scep_client scep_client_name)> crl url value (config network scep_client scep_client_name)> 11. Configure certificate renewal: Digi EX12 User Guide...
  • Page 357 15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the EX12 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.

  • Page 358: Example: Scep Client Configuration With Fortinet Scep Server

    Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the EX12 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 359 EX12 configuration On the EX12 device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 360 8. Click to expand SCEP server. 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi EX12 User Guide...
  • Page 361 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 362    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 363: Show Scep Client Status And Information

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. Digi EX12 User Guide...
  • Page 364    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 365 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 366: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The EX12 device supports two types of OpenVPN topology:...

  • Page 367: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The EX12 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 368 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 369 If not enabled, certificates must be created externally and added to the server. 9. If Server managed certificates is not enabled: a. Select the Authentication type: Certificate only: Uses only certificates for client authentication. Each client requires a public and private key. Digi EX12 User Guide...
  • Page 370 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 371    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 372 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. Digi EX12 User Guide...
  • Page 373 Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> Digi EX12 User Guide...
  • Page 374 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 375 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to include additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. Digi EX12 User Guide...

  • Page 376: Configure An Openvpn Authentication Group And User

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 377 For Add Group, type a name for the group (for example, OpenVPN_Group) and click . The new authentication group configuration is displayed. c. Click OpenVPN access to enable OpenVPN access rights for users of this group. d. Click to expand the OpenVPN node. e. Click  to add a tunnel. Digi EX12 User Guide...
  • Page 378 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 379    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 380: Configure An Openvpn Client By Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 381    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 382 (config vpn openvpn client name)> password value (config vpn openvpn client name)> 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> Digi EX12 User Guide...

  • Page 383: Configure An Openvpn Client Without Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 384 3. Click VPN > OpenVPN > Clients. 4. For Add, type a name for the OpenVPN client and click . The new OpenVPN client configuration is displayed. 5. The OpenVPN client is enabled by default. To disable, toggle off Enable. Digi EX12 User Guide...
  • Page 385    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 386 (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)> 9. Set the IP address of the OpenVPN server: (config vpn openvpn client name)> server ip_address (config vpn openvpn client name)> Digi EX12 User Guide...

  • Page 387: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the EX12 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Digi EX12 User Guide...
  • Page 388 To configure the EX12 device to regularly probe the OpenVPN connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 389 9. Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. Digi EX12 User Guide...
  • Page 390 Down time: The amount of time that the interface can be down before this test is considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. Digi EX12 User Guide...
  • Page 391    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 392 The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add surelink target end (config vpn openvpn client openvpn_client1 surelink target 0)> b. Set the test type: Digi EX12 User Guide...
  • Page 393 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: Digi EX12 User Guide...
  • Page 394 (config vpn openvpn client openvpn_client1 surelink target 0)> If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface ? Interface: The network interface. Digi EX12 User Guide...
  • Page 395 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Surelink status and statistics for information about showing Surelink status for OpenVPN clients. Digi EX12 User Guide...

  • Page 396: Show Openvpn Server Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 397: Show Openvpn Client Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 398 Virtual Private Networks (VPN) OpenVPN 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 399: Generic Routing Encapsulation (Gre)

    Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 400    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 401 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 402    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 403 (config vpn iptunnel gre_example)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 404: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 405: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The EX12 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 406 Configure the EX12-1 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 407 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the EX12-2 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 408    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 409 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) Digi EX12 User Guide...
  • Page 410 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 411 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). Digi EX12 User Guide...
  • Page 412 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on EX12-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 413 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 414 Configure the EX12-2 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 415 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the EX12-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 416    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 417 Task two: Create an IPsec endpoint interface    Web 1. Click Network > Interfaces. 2. For Add Interface, type ipsec_endpoint2 and click . 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. Digi EX12 User Guide...
  • Page 418 (config network interface ipsec_endpoint2)> ipv4 address 172.30.0.2/32 (config network interface ipsec_endpoint2)> 6. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_endpoint2)> save Configuration saved. > Task three: Create a GRE tunnel    Web Digi EX12 User Guide...
  • Page 419 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on EX12-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 420 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> Digi EX12 User Guide...

  • Page 421: L2Tp

    Your EX12 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your EX12 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
  • Page 422 Optional configuration data in the format of a pppd options file.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 423 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 424 CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. If Automatic, CHAP, or PAP is selected, enter the Username and Password required to authenticate. The default is None. Digi EX12 User Guide...
  • Page 425    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 426 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add vpn l2tp acl interface end value (config)>...
  • Page 427 (Optional) Set the UDP port to use to connect to the L2TP network server: (config vpn l2tp lac lac_tunnel)> port int (config vpn l2tp lac lac_tunnel)> where int is an integer between 1 and 65535. The default is 1701. Digi EX12 User Guide...
  • Page 428 Set the zone: (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> h. (Optional): Custom PPP configuration: i. Enable custom PPP configuration: (config vpn l2tp lac lac_tunnel)> custom enable true (config vpn l2tp lac lac_tunnel)> Digi EX12 User Guide...
  • Page 429 (config vpn l2tp lns lns_server)> local_address IP_address (config vpn l2tp lns lns_server)> d. Set the IP address to assign to the remote peer: (config vpn l2tp lns lns_server)> remote_address IP_address (config vpn l2tp lns lns_server)> e. (Optional) Set the authentication method: Digi EX12 User Guide...
  • Page 430 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn l2tp lns lns_server)> Digi EX12 User Guide...

  • Page 431: Configure Surelink Active Recovery For Ppp-Over-L2Tp

    Type quit to disconnect from the device. Configure SureLink active recovery for PPP-over-L2TP You can configure the EX12 device to regularly probe PPP-over-L2TP access concatenators to determine if the connection has failed and take remedial action. Required configuration items A valid PPP-over-L2TP configuration.
  • Page 432 To configure the EX12 device to regularly probe the PPP-over-L2TP connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 433 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . Digi EX12 User Guide...
  • Page 434 14. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 435 (config vpn l2tp lac lac_tunnel)> surelink interval 600s (config vpn l2tp lac lac_tunnel)> The default is 15 minutes. 8. Determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets: Digi EX12 User Guide...
  • Page 436 (config vpn l2tp lac lac_tunnel surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config vpn l2tp lac lac_tunnel surelink target 0)> ping_size [num] (config vpn l2tp lac lac_tunnel surelink target 0)> Digi EX12 User Guide...
  • Page 437 (config vpn l2tp lac lac_tunnel surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter either 10m or 600s: Digi EX12 User Guide...
  • Page 438 Set the expected status of the alternate interface: (config vpn l2tp lac lac_tunnel surelink target 0)> other_ status value (config vpn l2tp lac lac_tunnel surelink target 0)> Digi EX12 User Guide...

  • Page 439: L2Tp With Ipsec

    Show the status of L2TP access connectors from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 440 Show the status of L2TP network servers from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 441: L2Tpv3 Ethernet

    The Layer2SpecificHeader type. The Sequence numbering control.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: Digi EX12 User Guide...
  • Page 442 Virtual Private Networks (VPN) L2TPv3 Ethernet a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 443    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 444 (Optional) To calculate and check the UDP checksum: (config vpn l2tpeth L2TPv3_example)> udp_checksum true (config vpn l2tpeth L2TPv3_example)> 9. Add a session carried by the parent tunnel: (config vpn l2tpeth L2TPv3_example)> add session session_example (config vpn l2tpeth L2TPv3_example session_example)> Digi EX12 User Guide...
  • Page 445 Add a sequence number to each outgoing packet, and reorder packets if they are received out of order. The default is none. 16. Save the configuration and apply the change: (config)> save Configuration saved. > Digi EX12 User Guide...

  • Page 446: Show L2Tpv3 Tunnel Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 447: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the EX12 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 448 If the local network is set to Interface, identify the local interface to be used.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 449 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the EX12 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 450 Virtual Private Networks (VPN) NEMO 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 451 (config vpn nemo nemo_example)> zone internal (config vpn nemo nemo_example)> The Internal firewall zone configures the EX12 device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network.
  • Page 452 Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end eth1 (config vpn nemo nemo_example)> b. (Optional) Repeat for additional interfaces. 14. Save the configuration and apply the change: (config)> save Configuration saved. > Digi EX12 User Guide...

  • Page 453: Show Nemo Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 454 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...
  • Page 455 Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi EX12 User Guide...

  • Page 456: Allow Remote Access For Web Administration And Ssh

    Add the External firewall zone to the web administration service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 457    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 458 Services Allow remote access for web administration and SSH    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 459 Services Allow remote access for web administration and SSH 5. Select External. 6. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...

  • Page 460: Configure The Web Administration Service

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 461 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 462 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 463 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 464 Legacy port redirection and deselect Enable. 10. For Minimum TLS version, select the minimum TLS version that can be used by client to negotiate the HTTPS session. 11. Click Apply to save the configuration and apply the change.    Command line Digi EX12 User Guide...
  • Page 465 Services Configure the web administration service 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 466 Enclose the certificate and private key contents in quotes ("). (config)> service web_admin cert "ssl-cert-and-private-key" (config)> If SSL certificate is blank, the device will use an automatically-generated, self-signed certificate. The SSL certificate and private key must be in PEM format. Digi EX12 User Guide...
  • Page 467 (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Digi EX12 User Guide...
  • Page 468 (config)> service web_admin port 444 (config)> 7. (Optional) Set the minimum TLS version that can be used by client to negotiate the HTTPS session: (config)> service web_admin legacy_encryption value (config)> where value is one of: TLS-1_1 TLS-1_2 TLS-1_3 Digi EX12 User Guide...
  • Page 469 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 470: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 471    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 472 Services Configure SSH access 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 473 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 474 Services Configure SSH access 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 475 5. (Optional) Configure Multicast DNS (mDNS) mDNS is a protocol that resolves host names in small networks that do not have a DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: Digi EX12 User Guide...
  • Page 476 OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1" (config)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > Digi EX12 User Guide...
  • Page 477 Services Configure SSH access 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 478: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 479 These instructions assume an existing user named temp_user. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 480 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 481: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 482 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 483 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. Digi EX12 User Guide...
  • Page 484    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 485 Services Configure telnet access Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device.

  • Page 486: Configure Dns

    Type quit to disconnect from the device. Configure DNS The EX12 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 487 Services Configure DNS    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 488 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 489    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 490 By default, the device's DNS server caches negative responses. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable: (config)> service dns cache_negative_responses false (config> 5. (Optional) Query all servers Digi EX12 User Guide...
  • Page 491 (config service dns server 0)> 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve a. Add a host: (config)> add service dns host end (config service dns host 0)> Digi EX12 User Guide...

  • Page 492: Show Dns Server

      Command line Show DNS information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 493: Simple Network Management Protocol (Snmp)

    By default, the EX12 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a EX12 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 494 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 495    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 496 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service snmp acl interface end value (config)>...
  • Page 497 (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. Digi EX12 User Guide...

  • Page 498: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the EX12 device.
  • Page 499 Services Simple Network Management Protocol (SNMP) 4. Click Download. Digi EX12 User Guide...

  • Page 500: Location Information

    Location messages forwarded to the device from other location-enabled devices. You can also configure your EX12 device to forward location messages, either from the EX12 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 501: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 502    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 503: Configure The Device To Use A User-Defined Static Location

    You can configured your EX12 device to use a user-defined static location.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 504    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 505: Configure The Device To Accept Location Messages From External Sources

    You can configure the EX12 device to accept NMEA and TAIP messages from external sources. For example, location-enabled devices connected to the EX12 device can forward their location information to the device, and then the EX12 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the EX12 device to forward location messages.
  • Page 506 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 507    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 508 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service location source 1 acl interface end value (config)>...

  • Page 509: Forward Location Information To A Remote Host

    Type quit to disconnect from the device. Forward location information to a remote host You can configure location clients on the EX12 device that forward location messages in either NMEA or TAIP format to a remote host. Digi EX12 User Guide...
  • Page 510 Configure the EX12 device to forward location information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 511 11. For TAIP filters, select the filters that represent the types of messages that will be forwarded. By default, all message types are forwarded. To remove a filter: a. Click the down arrow () next to the appropriate message type. b. Click Delete. Digi EX12 User Guide...
  • Page 512    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 513 Use the ? to determine available talker IDs: (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Format: Default Digi EX12 User Guide...
  • Page 514 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the EX12 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 515 Compact position: reports time, latitude, and longitude. id: Reports the vehicle ID. ln: Long navigation: reports the latitude, longitude, and altitude, the horizontal and vertical speed, and heading. pv: Position/velocity: reports the latitude, longitude, and heading. Digi EX12 User Guide...
  • Page 516 13. Save the configuration and apply the change: (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 517: Configure Geofencing

    Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 518 Services Location information 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 519 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: Digi EX12 User Guide...
  • Page 520 If the script begins with #!, then the proceeding file path will be used to invoke the script interpreter. If not, then the default shell will be used. iii. Enable Log script output to log the output of the script to the system log. Digi EX12 User Guide...
  • Page 521 If not, then the default shell will be used. iii. Enable Log script output to log the output of the script to the system log. iv. Enable Log script errors to log errors from the script to the system log. Digi EX12 User Guide...
  • Page 522    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 523 0)> latitude int (config service location geofence test_geofence coordinates 0)> longitude int (config service location geofence test_geofence coordinates 0)> where int is: For latitude, any integer between -90 and 90, with up to six decimal places. Digi EX12 User Guide...
  • Page 524 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 525 3, the actions will not be performed until the device has been inside the geofence for three minutes. c. Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> Digi EX12 User Guide...
  • Page 526 (Optional) Set the maximum amount of system memory that will be available for the script and it spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory value (config service location geofence test_geofence on_entry action 0)> Digi EX12 User Guide...
  • Page 527 Add an action: i. Type ... to return to the root of the configuration: (config service location geofence test_geofence coordinates 3)> ... (config)> ii. Add the action: (config)> add service location geofence test_geofence on_exit action end Digi EX12 User Guide...
  • Page 528 0)> max_memory value (config service location geofence test_geofence on_exit action 0)> where value is any integer followed by one of the following: b|bytes|KB|k|MB|M|GB|G|TB|T. For example. the allocate one megabyte of memory to the script and its spawned processes: Digi EX12 User Guide...

  • Page 529: Show Location Information

      Command line Show location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 530: Modbus Gateway

    Type quit to disconnect from the device. Show geofence information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 531: Configure The Modbus Gateway

    Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi EX12 User Guide...
  • Page 532 Whether packets should have their Modbus address adjusted downward before to delivery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 533 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the EX12 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 534 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 535 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the EX12 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 536 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 537    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 538 (config service modbus_gateway server test_modbus_server)> where value is either rtu or raw. The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> Digi EX12 User Guide...
  • Page 539 (config service modbus_gateway server test_modbus_ server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. Digi EX12 User Guide...
  • Page 540 (config service modbus_gateway client test_modbus_client)> where type is either socket or serial. The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> Digi EX12 User Guide...
  • Page 541 600s (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> Digi EX12 User Guide...
  • Page 542 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: Digi EX12 User Guide...
  • Page 543 (config service modbus_gateway client test_modbus_client)> filter 1 50-100 (config service modbus_gateway client test_modbus_client)> g. If request messages handled by this client should always be forwarded to a specific device, , use fixed_server_address to set the device's Modbus address: Digi EX12 User Guide...

  • Page 544: Show Modbus Gateway Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line.    Web Digi EX12 User Guide...
  • Page 545    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 546 RX Responses RX Timeouts TX Broadcasts TX Requests modbus_socket_21 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses Digi EX12 User Guide...
  • Page 547 RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 548: System Time

    Additional Configuration Options Additional upstream NTP servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 549 6. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 550 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your EX12 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
  • Page 551    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 552: Manually Set The System Date And Time

    Services Network Time Protocol 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 553: Configure The Device As An Ntp Server

    The time zone setting, if the default setting of UTC is not appropriate. To configure the EX12 device's NTP service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 554 3. Click Services > NTP. 4. Enable the EX12 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the EX12 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 555    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 556 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the EX12 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 557 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service ntp acl interface end value (config)>...

  • Page 558: Show Status And Statistics Of The Ntp Server

    By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the EX12 device can use the NTP service. 7. (Optional) Set the timezone for the location of your EX12 device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 559: Configure A Multicast Route

    To configure a multicast route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 560    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 561 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth2 (config service multicast test)> 7. Set a destination interface that the EX12 device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
  • Page 562 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 563: Ethernet Network Bonding

    Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 564 6. Click to expand Devices. 7. Add Ethernet devices: a. For Add device, click . b. For Device, select an Ethernet device to participate in the bond pool. c. Repeat for each appropriate Ethernet device. Digi EX12 User Guide...
  • Page 565    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 566 (config network bond eth_bond)> ... network device ? Additional Configuration --------------------------------------------------------------------- ------- eth1 eth2 loopback (config network bond eth_bond)> b. Add a device: (config network bond eth_bond)> add device /network/device/eth1 (config network bond eth_bond)> c. Repeat to add additional devices. Digi EX12 User Guide...

  • Page 567: Enable Service Discovery (Mdns)

    Type quit to disconnect from the device. Enable service discovery (mDNS) Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server. You can enable the EX12 device to use mDNS.    Web...
  • Page 568 Services Enable service discovery (mDNS) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 569    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 570 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service mdns acl interface end value (config)>...

  • Page 571: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your EX12 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 572 Services Use the iPerf service When the iPerf server is enabled, the EX12 device will automatically configure its firewall rules to allow incoming connections on the configured listening port. You can restrict access by configuring the access control list for the iPerf server.
  • Page 573 Use the iPerf service To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 574    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 575 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: (config)> add service iperf acl interface end value (config)>...

  • Page 576: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the EX12 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...

  • Page 577: Configure The Ping Responder Service

    IP address, interfaces, and/or zones. To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 578 No limit to IPv6 addresses that can access the ping responder. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the EX12 device: a. Click Interfaces.
  • Page 579    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 580 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. Digi EX12 User Guide...

  • Page 581: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the EX12 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 582 Applications The EX12 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 583: Develop Python Applications

    Note .Beginning with firmware release 21.11.x, python is no longer included as part of the base firmware for the EX12 device. If you require Python in your environment and your device is running firmware 21.11.x or newer, see Install Python for information about installing Python on your device.

  • Page 584: Install Python

    Option 3: Install Python via the Admin CLI Option 1: Enable Python via Digi Remote Manager As part of creating or updating a configuration profile for EX12 devices, you can enable the Python add-on at the automation tab for the configuration: 1.

  • Page 585: Set Up The Ex12 For Python Development

    6. Once the live image has been uploaded to your device, click Apply. This will install and enable Python on the device. Option 3: Install Python via the Admin CLI 1. On your PC, download the Python live image for the EX12 to your local filesystem. For firmware version 22.5.50.62: Download link For firmware version 22.8.33.50:...

  • Page 586: Create And Test A Python Application

    EX12. Develop an application in PyCharm PyCharm allows you to write, build and run Python applications for Digi devices in a quick and easy way.  This is what you can do with it: Create Python projects from scratch or import one of the available examples.

  • Page 587: Python Modules

    Python modules The EX12 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your EX12: The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces.
  • Page 588 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi EX12 User Guide...
  • Page 589 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 590 Get help executing a CLI command from Python by accessing help for cli.execute: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 591 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 592 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 593 Read the device configuration 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 594 Use the set() and commit() methods to modify the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 595 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 596 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your EX12 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 597 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
  • Page 598 This can be done from either the WebUI or the command line:    Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi EX12 User Guide...
  • Page 599 Applications Develop Python applications ii. Access the device configuration: Remote Manager: i. Locate your device as described in Use Digi Remote Manager to view and manage your device. ii. Click the Device ID. iii. Click Settings. iv. Click to expand Config.
  • Page 600 Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 601 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 602 Load Average : 0.10, 0.05, 0.00 RAM Usage : 85.176MB/250.484MB(34%) Disk /etc/config Usage : 0.068MB/13.416MB(1%) Disk /opt Usage : 47.724MB/5309.752MB(1%) Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_ request> </requests> Digi EX12 User Guide...
  • Page 603 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 604 Use the keys() and get() methods to read the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 605 Use the set() method to modify the runtime database: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 606 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 607 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 608 Upload a custom name 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 609 Determine if the device's location 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 610 You can update this snapsot: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 611 You can update this snapsot 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 612 Get help for the digidevice location module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 613 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 614 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the EX12 device. With this submodule, you can:...
  • Page 615 The following example uses an interactive Python session to set the state of all LEDs to flashing: 1. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (default, May 9 2021, 22:49:59) [GCC 8.3.0] on linux Digi EX12 User Guide...

  • Page 616: The Use(Led) Function

    LED state is not updated until Python releases control of the LED. When the LED is returned to system control, the state of the LED will reflect the correct, recorded state information. Setting the state of multi-colored LEDs. Digi EX12 User Guide...

  • Page 617: Use Python To Control The Color Of Multi-Colored Leds

    Use Python to control the color of multi-colored LEDs One or more LEDs in the EX12 are RGB (red, green, and blue) LEDs, capable of producing a wide range of colors. You can use the digidevice.led Python module to control the color as well as the state of these LEDs.

  • Page 618: Example: Set The Lte Connection Indicator To Flashing Purple

    FLASH The digidevice led submodule for a definition of the EX12's LEDs, including RGB leds, and the names of the attributes for each LED that will be used by the digidevice.led module. Example: Set the LTE connection indicator to flashing purple 1.
  • Page 619 SMS scripting. Enable the ability to schedule SMS scripting    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 620    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 621 COND.release() my_callback.unregister_callback() Use Python to access serial ports You can use the Python serial module to access serial ports on your EX12 device that are configured to be in Application mode. See Configure Application mode for information about configuring a serial port in Application mode.
  • Page 622 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your EX12 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 623 "Firmware update completed" in ret: print("Failed to update firmware") return HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return Digi EX12 User Guide...
  • Page 624 {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) Digi EX12 User Guide...
  • Page 625 PREFIX_EVENT = "event/" + PREFIX PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() Digi EX12 User Guide...

  • Page 626: Set Up The Ex12 To Automatically Run Your Applications

    Applications Set up the EX12 to automatically run your applications publish_system() time.sleep(POLL_TIME) Set up the EX12 to automatically run your applications This section contains the following topics: Configure scripts to run automatically Show script information Stop a script that is currently running...
  • Page 627    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 628 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 629 Applications Set up the EX12 to automatically run your applications 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off.
  • Page 630    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 631 Applications Set up the EX12 to automatically run your applications 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)>...
  • Page 632 Applications Set up the EX12 to automatically run your applications If once is set to false, a new instance of the script will be started at every interval, regardless of whether the script is still running from a previous interval.

  • Page 633: Show Script Information

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 634: Stop A Script That Is Currently Running

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 635: Start An Interactive Python Session

    1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.

  • Page 636: Run A Python Application At The Shell Prompt

    1. Upload the Python application to the EX12 device:    Web a. Log into the EX12 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the scripts directory and click  to open the directory.

  • Page 637: Configure Scripts To Run Manually

    You can also create scripts by using the vi command when logged in with shell access. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.

  • Page 638: Task One: Upload The Application

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 639: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 640 If a Python script is being used, include the full path to the Python script. For example: python /etc/config/scripts/test.py If the script begins with #!, then the script will be invoked in the location specified by Digi EX12 User Guide...
  • Page 641    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 642 If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Remove the script from the device and add it again. Make a change to the script. Disable once. Digi EX12 User Guide...

  • Page 643: Start A Manual Script

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 644 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 645: User Authentication

    User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for EX12 users Example user configuration Digi EX12 User Guide...

  • Page 646: Ex12 User Authentication

    User authentication EX12 user authentication EX12 user authentication User authentication on the EX12 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 647 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi EX12 User Guide...

  • Page 648: Add A New Authentication Method

    The types of authentication method to be used: To add an authentication method:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 649 This procedure describes how to add methods to various places in the list. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 650: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 651    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 652: Rearrange The Position Of Authentication Methods

    For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 653    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 654: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the EX12 device by using the serial console. Preconfigured authentication groups The EX12 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.

  • Page 655: Change The Access Rights For A Predefined Group

    By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 656    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 657: Add An Authentication Group

    (config)> where value is either: full: provides users of this group with the ability to manage the EX12 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 658 Access rights to query the device for Nagios monitoring. To add an authentication group:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 659 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the EX12 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 660    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 661 (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> 7. (Optional) Enable users that belong to this group to access the Bluetooth scanning service: Digi EX12 User Guide...

  • Page 662: Delete An Authentication Group

    To delete an authentication group that you have created:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 663    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 664: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each EX12 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 665: Change A Local User's Password

    Change a local user's password To change a user's password:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 666 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...

  • Page 667: Configure A Local User

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 668 One-time use eight-digit emergency scratch codes. To configure a local user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 669 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. Digi EX12 User Guide...
  • Page 670 For time-based verification only, in Code refresh interval, type the amount of time that a code will remain valid. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes, enter 10m or 600s. Digi EX12 User Guide...
  • Page 671    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 672 (config auth user new_user> add group end serial (config auth user new_user)> To remove a group from a user: a. Use the show command to determine the index number of the group to be deleted: (config auth user new_user> show group 0 admin Digi EX12 User Guide...
  • Page 673 The default value is totp. (config auth user new_user 2fa)> type totp (config auth user new_user 2fa)> d. Add a secret key: (config auth user new_user 2fa)> secret key (config auth user new_user 2fa)> Digi EX12 User Guide...
  • Page 674 For example, to set login_limit_period to ten minutes, enter either 10m or 600s: (config auth user name 2fa)> login_limit_period 600s (config auth user name 2fa)> The default is 30s. j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch code: Digi EX12 User Guide...

  • Page 675: Delete A Local User

    Delete a local user To delete a user from your EX12:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 676 Local users 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 677    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 678: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the EX12 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 679: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your EX12. Alternatively, if the user is also configured as a local user on the EX12 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.

  • Page 680: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your EX12 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 681 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 682 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the EX12 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 683    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 684 Note Beginning with firmware release 21.11.x, python is no longer included as part of the base firmware for the EX12 device. If you require Python in your environment and your device is running firmware 21.11.x or newer, see Install Python for information about installing Python on your device.
  • Page 685 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 686: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the EX12 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 687: Radius User Configuration

    EX12. Alternatively, if the user is also configured as a local user on the EX12 device and the RADIUS server authenticates the user but does not return any groups, the local configuration determines the list of groups. See Authentication groups more information about authentication groups.

  • Page 688: Configure Your Ex12 Device To Use A Radius Server

    60 seconds. Enable additional debug messages from the RADIUS client.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 689 5. (Optional) Enable Authoritative to prevent other authentication methods from being used if RADIUS authentication fails. Other authentication methods will only be used if the RADIUS server is unavailable. 6. (Optional) Click RADIUS debug to enable additional debug messages from the RADIUS client. Digi EX12 User Guide...
  • Page 690    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 691 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the EX12 device by using the WebUI, the default value is for NAS ID is httpd.

  • Page 692: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the EX12 device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 693: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your EX12 device.

  • Page 694: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your EX12 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 695 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 696 If this attribute is not set, the user will be denied access. 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of EX12 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 697    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 698 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of EX12 authentication groups that the authenticated user has access to. See...

  • Page 699: Configure Serial Authentication

    This section describes how to configure authentication for serial access.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 700    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 701: Disable Shell Access

    To prohibit access to the shell prompt for all authentication groups, disable the Allow shell parameter.. This does not prevent access to the Admin CLI. Note If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    Web Digi EX12 User Guide...
  • Page 702 User authentication Disable shell access 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 703: Set The Idle Timeout For Ex12 Users

    By default, the Idle timeout is set to 10 minutes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 704    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 705 User authentication Set the idle timeout for EX12 users where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)> auth idle_timeout 600s (config)>...

  • Page 706: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 707    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 708 (config auth user adminuser)> password pwd (config auth user adminuser)> 7. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> 8. Save the configuration and apply the change: Digi EX12 User Guide...

  • Page 709: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the EX12 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 710 The authentication group on the EX12 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
  • Page 711 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 712 1. Configure a user on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: $ sudo gedit /etc/freeradius/3.0/users b. Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" Digi EX12 User Guide...
  • Page 713 Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 714 Assign a password to the user: (config auth user adminuser)> password password1 (config auth user adminuser)> c. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> Digi EX12 User Guide...
  • Page 715 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...
  • Page 716 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering Digi EX12 User Guide...

  • Page 717: Firewall Configuration

    To create a zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 718    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Digi EX12 User Guide...

  • Page 719: Configure The Firewall Zone For A Network Interface

    This example procedure uses an existing network interface named ETH1 and changes the firewall zone from the default zone, Internal, to External.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 720    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 721: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 722 Firewall Firewall configuration 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...

  • Page 723: Port Forwarding Rules

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 724 To configure a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 725    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 726 5. Set the IP version. Allowed values are ipv4 and ipv6. The default is ipv4. (config firewall dnat 0)> ip_version ipv6 (config firewall dnat 0)> 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. Digi EX12 User Guide...
  • Page 727 (config firewall dnat 0 acl> add address6 end ip-address (config firewall dnat 0 acl)> Repeat for each appropriate IP address. To specify the firewall zone for white listing: (config firewall dnat 0 acl)> add zone end zone Digi EX12 User Guide...

  • Page 728: Delete A Port Forwarding Rule

    Delete a port forwarding rule To delete a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 729    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 730 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 731: Packet Filtering

    ICMP6 To configure a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 732 6. Select the IP version. 7. Select the Protocol. 8. For Source zone, select the firewall zone that will be monitored by this rule for incoming connections from network interfaces that are a member of this zone. Digi EX12 User Guide...
  • Page 733    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 734 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> Digi EX12 User Guide...

  • Page 735: Enable Or Disable A Packet Filtering Rule

    Enable or disable a packet filtering rule To enable or disable a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 736    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 737: Delete A Packet Filtering Rule

    Delete a packet filtering rule To delete a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 738    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 739: Configure Custom Firewall Rules

    To configure custom firewall rules:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 740 5. (Optional) Enable Override to override all preconfigured firewall behavior and rely solely on the custom firewall rules. 6. For Rules, type the shell command that will execute the custom firewall rules script. 7. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...

  • Page 741: Configure Quality Of Service Options

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 742 Configure Quality of Service options Enable the preconfigured bindings    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 743 > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Create a new binding    Web Digi EX12 User Guide...
  • Page 744 Firewall Configure Quality of Service options 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 745 Select Default to identify this policy as a fall-back policy. The fall-back policy will be used for traffic that is not matched by any other policy. If there is no default policy associated with this binding, packets that do not match any policy rules will be dropped. Digi EX12 User Guide...
  • Page 746 Interface: Only traffic destined for the selected Interface will be matched. IPv4 address: Only traffic destined for the IP address typed in IPv4 address will be matched. Use the format IPv4_address[/netmask], or use any to match any IPv4 address. Digi EX12 User Guide...
  • Page 747 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi EX12 User Guide...
  • Page 748    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 749 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> Digi EX12 User Guide...
  • Page 750 IP port number, a range of port numbers using the format IP_port- IP_port, or any. vii. Set the destination port to define a destination matching criteria: (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> Digi EX12 User Guide...
  • Page 751 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. Digi EX12 User Guide...
  • Page 752 (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: Digi EX12 User Guide...

  • Page 753: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the EX12 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 754 Web filtering Task two: Configure web filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 755 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your EX12 is invalid, you can clear the device ID.    Command line 1.

  • Page 756: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 757    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 758 Add the first DNS server: i. Add the server: (config)> add firewall web-filter server end (config firewall web-filter server 0)> ii. Set the server's IP address: (config firewall web-filter server 0)> ip 208.67.222.220 (config firewall web-filter server 0)> Digi EX12 User Guide...

  • Page 759: Verify Your Web Filtering Configuration

    Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 760 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the EX12 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.

  • Page 761: Show Web Filter Service Information

    Cisco open DNS servers. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 762 Firewall Web filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 763: Upload A New Lxc Container

    Containers The EX12 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.

  • Page 764: Configure A Container

    Serial ports on the device that the container will have access to.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 765    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 766 (Optional) Set the IP address of the network gateway: (config system container name)> gateway IP_address (config system container name)> 7. (Optional) Assign serial ports that the container will have access to: a. Determine available serial ports: (config system container name)> ... serial Digi EX12 User Guide...

  • Page 767: Starting And Stopping The Container

    To start the container in non-persistent mode: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.

  • Page 768: Stopping The Container

    To start the container in persistent mode, include the -p option at the command line. For example: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.

  • Page 769: View The Status Of Containers

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 770: Show Status Of A Specific Container

    2. Execute a ping command every ten seconds from inside the container.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 771 7. For Interval, type 10s. 8. For Commands, type the following: lxc container_name /bin/ping -c 1 IP_address For example: lxc test_lxc /bin/ping -c 1 192.168.1.146 9. Click to disable Sandbox. Sandbox restrictions are not necessary when a container is used. Digi EX12 User Guide...
  • Page 772    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 773: Create A Custom Container

    2. Change to the rootfs/etc directory: $ cd rootfs/etc 3. Create a file named test.py with the following contents: print("Hello world.\n") 4. Change directories to leave the container file structure: $ cd ../.. Digi EX12 User Guide...

  • Page 774: Test The Custom Container File

    Click Apply. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the EX12 local command line as a user with shell access.
  • Page 775 Review device status Configure system information Update system firmware Update cellular module firmware Reboot your EX12 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks...

  • Page 776: Review Device Status

       Web To display system information: 1. Log into the EX12 WebUI as a user with Admin access. 2. On the main menu, click Status. A secondary menu appears, along with a status panel. 3. On the secondary menu, click to display the details panel for the status you want to view.

  • Page 777: Configure System Information

    Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your EX12 device, such as providing a name and location for the device. Digi EX12 User Guide...
  • Page 778 A banner that will be displayed when users access terminal services on the device. To enter system information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 779: Update System Firmware

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 780: Manage Firmware Updates Using Digi Remote Manager

    For example, EX12-22.8.33.50.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
  • Page 781    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 782 Update firmware from a local file    Web 1. Download the EX12 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the EX12 WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
  • Page 783 1. Download the EX12 operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 784: Dual Boot Behavior

    > reboot Rebooting system > 7. Once the device has rebooted, log into the EX12's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 785: Update Cellular Module Firmware

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 786: Update Modem Firmware Over The Air (Ota)

    OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 787 Newest firmware version available to download is '24.01.5x4_ATT' Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...

  • Page 788: Update Modem Firmware By Using A Local Firmware File

    EX12 device. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 789: Reboot Your Ex12 Device

    Type quit to disconnect from the device. Reboot your EX12 device You can reboot the EX12 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 790: Schedule Reboots Of Your Device

    > reboot Schedule reboots of your device    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 791    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 792: Erase Device Configuration And Reset To Factory Defaults

    With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 793 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the EX12 by using the serial port or by using an Ethernet cable to connect the EX12 ETH1 port to your PC. b. Log into the EX12: User name: Use the default user name: admin.
  • Page 794 2. Enter the following: > system factory-erase 3. After resetting the device: a. Connect to the EX12 by using the serial port or by using an Ethernet cable to connect the EX12 ETH1 port to your PC. b. Log into the EX12: User name: Use the default user name: admin.
  • Page 795 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the EX12 by using the serial port or by using an Ethernet cable to connect the EX12 ETH1 port to your PC. b. Log into the EX12: User name: Use the default user name: admin.

  • Page 796: Configure The Ex12 Device To Use Custom Factory Default Settings

    You can reset the device to the default configuration without removing scripts, keys, and logfiles by using the revert command: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 797 1. Log into the EX12 WebUI as a user with Admin access. 2. Configure your EX12 device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.

  • Page 798: Locate The Device By Using The Find Me Feature

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 799    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 800: Configuration Files

    If you do not save configuration changes, the system discards the changes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 801: Save Configuration To A File

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 802    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 803: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your EX12 device by using a backup from the device, or a backup from a similar device. ...
  • Page 804 System administration Configuration files 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 805: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 806 24 hours can potentially overstress the device and should be used with caution. If Duration window is set to any value other than to Immediately or 24 hours, the maintenance tasks will run at a random time during the time allotted for the duration window. Digi EX12 User Guide...
  • Page 807 Note Beginning with firmware release 21.11.x, python is no longer included as part of the base firmware for the EX12 device. If you require Python in your environment and your device is running firmware 21.11.x or newer, see Install Python for information about installing Python on your device.
  • Page 808    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 809 Configure the frequency that the maintenance tasks should be run: (config system schedule maintenance trigger 0)> frequency value (config system schedule maintenance trigger 0)> where value is either daily or weekly. Daily is the default. Digi EX12 User Guide...
  • Page 810 System administration Schedule system maintenance tasks Note If your device is managed by a Digi Remote Manager configuration, the configuration manages: The device firmware version. The modem firmware version. The device’s configuration settings. You should not enable device and modem firmware update and the configuration check options unless you want the device to automatically check and update firmware and device configuration outside of the control of Remote Manager.

  • Page 811: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your EX12 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
  • Page 812 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Digi EX12 User Guide...

  • Page 813: Configure The Speed Of Your Ethernet Ports

    Gateway: 192.168.210.1 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your EX12 device. 3. Open a telnet session and connect to the EX12 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 814 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 815 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...
  • Page 816 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi EX12 User Guide...

  • Page 817: Intelliflow

    WebUI. To use intelliFlow, the EX12 must be powered on and you must have access to the local WebUI. Once you enable intelliFlow, the Status >...
  • Page 818    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 819 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 820: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 821: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 822 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi EX12 User Guide...

  • Page 823: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 824: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the EX12 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 825 Monitoring Configure NetFlow Probe    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 826    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 827 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. Digi EX12 User Guide...
  • Page 828 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...
  • Page 829 File system This chapter contains the following topics: The EX12 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 830: File System

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 831: Create A Directory

    For example: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 832: Display File Contents

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 833: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 834: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 835: Upload And Download Files

    Upload and download files To delete a directory named temp from /opt: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 836: Upload And Download Files By Using The Secure Copy Command

    EX12 device. local-path is the location on the EX12 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the EX12 device, issue the following command: >...

  • Page 837: Upload And Download Files Using Sftp

    EX12 device. For example: To copy a support report from the EX12 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 838 Transfer a file from the EX12 device to a remote host This example downloads a file named test.py from the EX12 device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
  • Page 839 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi EX12 User Guide...

  • Page 840: Perform A Speedtest

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 841: Support Report Overview

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 842 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system Digi EX12 User Guide...
  • Page 843 AT commands netstat_-i Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report Digi EX12 User Guide...
  • Page 844 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) Digi EX12 User Guide...

  • Page 845: View System And Event Logs

    View System Logs    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 846    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 847: View Event Logs

    View Event Logs    Web 1. Log into the EX12 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 848 Diagnostics View system and event logs 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 849 Diagnostics View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 850: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 851    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 852: Configure Options For The Event And System Logs

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure options for the event and system logs The default configuration for event and system logging is: Digi EX12 User Guide...
  • Page 853 To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 854    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 855 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the EX12 device erases system logs each time the device is powered off or rebooted.
  • Page 856 (config)> system log event dhcpserver status_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set the status interval to ten minutes, enter either 10m or 600s: Digi EX12 User Guide...
  • Page 857 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 858: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The EX12 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 859: Configure Packet Capture For The Network Analyzer

    The frequency with which captured events will be saved. To configure a packet capture configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 860 You can select from preconfigured filters to determine which types of packets to capture or ignore, or you can create your own Berkeley packet filter expression. b. To create a filter that either captures or ignores packets from a particular IP address or network: Digi EX12 User Guide...
  • Page 861 For Ethernet MAC address, type the MAC address to be captured or ingored. iv. For Source or destination Ethernet MAC address, select whether the filter should apply to packets when the Ethernet MAC address is the source, the destination, or both. Digi EX12 User Guide...
  • Page 862 Set time: Runs the capture filter at a specified time of the day. If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. Digi EX12 User Guide...
  • Page 863    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 864 Use the ? to determine available protocols and the appropriate format: (config network analyzer name filter protocol 0)> protocol ? IP protocol to capture or ignore: IP protocol to capture or ignore. Format: icmp icmpv6 Digi EX12 User Guide...
  • Page 865 Set whether the filter should apply to packets when the port is the source, the destination, or both: (config network analyzer name filter port 0)> match value (config network analyzer name filter port 0)> where value is one of: Digi EX12 User Guide...
  • Page 866 By default, is option is set to false, which means that the filter will capture packets from this MAC address. v. Repeat these steps to add additional MAC addresses. e. To create a filter that either captures or ignores packets from one or more specified VLANs: Digi EX12 User Guide...
  • Page 867 (config add network analyzer name)> on_interval value (config add network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set on_interval to ten minutes, enter either 10m or 600s: Digi EX12 User Guide...

  • Page 868: Example Filters For Capturing Data Traffic

    Type quit to disconnect from the device. Example filters for capturing data traffic The following are examples of filters using Berkeley Packet Filter (BPF) syntax for capturing several types of network data. See https://biot.com/capstats/bpf.html for detailed information about BPF syntax. Digi EX12 User Guide...

  • Page 869: Capture Packets From The Command Line

    Alternatively, you can schedule the network analyzer to run based on a specified event or at a particular time. See Configure packet capture for the network analyzer for information about scheduling packet capturing. Digi EX12 User Guide...

  • Page 870: Stop Capturing Packets

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 871: Show Captured Traffic Data

    Diagnostics Analyze network traffic 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 872 See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > show anaylzer name ? name: Name of the capture filter to use. Format: Digi EX12 User Guide...

  • Page 873: Save Captured Data Traffic To A File

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 874: Download Captured Data To Your Pc

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 875: Clear Captured Data

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 876: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 877 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.

  • Page 878: Regulatory Guide

    THIS PRODUCT MAY CAUSE INTERFERENCE IF USED IN RESIDENTIAL AREAS. SUCH USE MUST BE AVOIDED UNLESS THE USER TAKES SPECIAL MEASURES TO REDUCE ELECTROMAGNETIC EMISSIONS TO PREVENT INTERFERENCE TO THE RECEPTION OF RADIO AND TELEVISION BROADCASTS. Supported Countries FOR A FULL LIST OF CERTIFIED COUNTRIES GO VISIT: www.digi.com/legal/terms Digi EX12 User Guide...
  • Page 879 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi EX12 User Guide...

  • Page 880: English

    Do not power on the unit in any aircraft. Operation of this equipment in a residential environment could cause radio interference. For ambient temperatures above 60° C, this equipment must be installed in a Restricted Access Location only. Digi EX12 User Guide...

  • Page 881: Bulgarian--Бъ Л Га Рс Ки

    З а окол ни т е м пе ра т ури на д 60 ° C, т ов а оборудв а не т ря бв а да с е инс т а л ира с а м о на м я с т о с огра нич е н дос т ъ п. Digi EX12 User Guide...

  • Page 882: Croatian--Hrvatski

    ​ ​ j edinicu ni u jednom zrakoplovu. Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje. Za okolne temperature iznad 60 ° C, ova oprema mora biti instalirana samo na mjestu s ograničenim pristupom. Digi EX12 User Guide...

  • Page 883: French--Français

    L'utilisation de cet équipement dans un environnement résidentiel peut provoquer des interférences radio. Pour des températures ambiantes supérieures à 60 °C, cet équipement doit être installé uniquement dans un emplacement à accès restreint. Digi EX12 User Guide...

  • Page 884: Greek--Ε Λλην Ικά

    Γ ια θερ μοκρ ασ ίες περ ιβάλλον τ ος άν ω τ ων 60 ° C, αυτ ός ο εξ οπλισ μός πρ έπει ν α εγ κατ ασ τ αθεί μόν ο σ ε θέσ η περ ιορ ισ μέν ης πρ όσ βασ ης Digi EX12 User Guide...

  • Page 885: Hungarian--Magyar

    60 ° C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. Digi EX12 User Guide...

  • Page 886: Italian--Italiano

    Non accendere l'unità in nessun aereo. Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare interferenze radio. Per temperature ambiente superiori a 60° C, questa apparecchiatura deve essere installata solo in un luogo ad accesso limitato. Digi EX12 User Guide...

  • Page 887: Latvian--Latvietis

    Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus. Ja apkārtējā temperatūra pārsniedz 60 ° C, šī iekārta jāuzstāda tikai ierobežotas piekļuves vietā. Digi EX12 User Guide...

  • Page 888: Lithuanian--Lietuvis

    Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. Naudojant šią įrangą gyvenamojoje aplinkoje, gali kilti radijo trukdžių. Esant aukštesnei nei 60 ° C aplinkos temperatūrai, ši įranga turi būti montuojama tik riboto patekimo vietoje. Digi EX12 User Guide...

  • Page 889: Polish--Polskie

    życie. Nie włączaj urządzenia w żadnym samolocie. Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe. W przypadku temperatur otoczenia powyżej 60°C urządzenie to należy instalować wyłącznie w miejscach o ograniczonym dostępie. Digi EX12 User Guide...

  • Page 890: Portuguese--Português

    Não ligue a unidade em nenhuma aeronave. A operação deste equipamento em um ambiente residencial pode causar interferência de rádio. Para temperaturas ambientes acima de 60 ° C, este equipamento deve ser instalado apenas em locais de acesso restrito. Digi EX12 User Guide...

  • Page 891: Slovak--Slovák

    života. Jednotku nezapínajte v žiadnom lietadle. Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové rušenie. Pri teplotách okolia nad 60 ° C musí byť toto zariadenie inštalované iba na mieste s obmedzeným prístupom. Digi EX12 User Guide...

  • Page 892: Slovenian--Esloveno

    življenja. Enote ne vklopite v nobenem letalu. Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje. Pri temperaturah okolice nad 60 ° C mora biti ta oprema nameščena samo na lokaciji z omejenim dostopom. Digi EX12 User Guide...

  • Page 893: Spanish--Español

    El funcionamiento de este equipo en un entorno residencial puede provocar interferencias de radio. Para temperaturas ambiente superiores a 60 ° C, este equipo debe instalarse únicamente en una ubicación de acceso restringido. End user license agreement To view the end user license agreement, visit: www.digi.com/legal/terms Digi EX12 User Guide...
  • Page 894 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi EX12 User Guide...

  • Page 895: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the EX12 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 896: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. EX12 login: 3. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights.
  • Page 897 Command line interface Execute a command from the web interface The Admin CLI prompt appears. > Digi EX12 User Guide...

  • Page 898: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the EX12 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...

  • Page 899: Display Help For Individual Commands

    Show OpenVPN statistics. route Show IP routing information. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. > show Digi EX12 User Guide...

  • Page 900: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi EX12 User Guide...

  • Page 901: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. reboot Reboots the EX12 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the EX12 device and a remote host. Use the scp command for information about using the scp command. show Displays information about the device and the device's configuration.

  • Page 902: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the EX12 device from a remote host, or to the remote host from the EX12 device.

  • Page 903: Display Status And Statistics Using The Show Command

    EX12 device. For example: To copy a support report from the EX12 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 904: Show System

    The config command allows for device configuration from the command line. All configuration tasks that can be performed by using the WebUI can also be performed by using the config command. There are two ways to invoke the config command from the CLI: Digi EX12 User Guide...

  • Page 905: Execute Configuration Commands At The Root Admin Cli Prompt

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The EX12 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 906 > config service ssh 4. Lastly, display the allowed values and other information for the enable parameter: > config service ssh enable ? Enable: Enable the service. Format: true, false, yes, no, 1, 0 Default value: true Digi EX12 User Guide...

  • Page 907: Configuration Mode

    (config service)> ssh (config service ssh)> 3. Enter enable false to disable the ssh service: (config service ssh)> enable false (config service ssh)> Move within the configuration schema for more information about moving within the configuration. Digi EX12 User Guide...

  • Page 908: Save Changes And Exit Configuration Mode

    Adds a named element, or an element in a list. See Manage elements in lists for information about using the add command with lists. Deletes a named element, or an element in a list. See Manage elements Digi EX12 User Guide...

  • Page 909: Display Command Line Help In Configuration Mode

    At the config prompt, enter service ?: (config)> service ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> b. Enter ? to display help for the service node: (config service)> ? Digi EX12 User Guide...
  • Page 910 Enter ? to display help for the ssh node: (config service ssh)> ? Either of these methods will display the following information: (config)> service ssh ? SSH: An SSH server for managing the device. Parameters Current Value ------------------------------------------------------------------------ enable true Enable [private] Private key Digi EX12 User Guide...

  • Page 911: Move Within The Configuration Schema

    (config)> service ssh enable Move within the configuration schema You can perform configuration tasks at the CLI by moving within the configuration. Move forward one node in the configuration by entering the name of an Additional Configuration option: Digi EX12 User Guide...

  • Page 912: Manage Elements In Lists

    Add elements to a list When used with parameters that contains lists of elements, the add command is used to add an element to the list. For example, to add an authentication method: Digi EX12 User Guide...
  • Page 913 0 admin (config)> Delete elements from a list When used with parameters that contains lists of elements, the del command is used to delete an element in the list. For example, to delete an authentication method: Digi EX12 User Guide...

  • Page 914: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the EX12 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 915 2. Save the configuration and apply the change: (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 916: Enter Strings In Configuration Commands

    (config)> system description "Digi EX12" Example: Create a new user by using the command line In this example, you will use the EX12 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 917 Command line interface Configuration mode 1. Select the device in Remote Manager and click Actions > Open Console, or log into the EX12 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 918 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi EX12 User Guide...

  • Page 919: Command Line Reference

    Digi EX12 User Guide...

  • Page 920: Analyzer Clear

    Clears the traffic captured by the analyzer. Digi EX12 User Guide...

  • Page 921: Analyzer Save

    Stops the traffic capture session. Syntax analyzer stop <name> Parameters name: Name of the capture filter to use. clear dhcp-lease ip-address Clear the DHCP lease for the specified IP address. Syntax clear dhcp-lease ip-address ADDRESS Digi EX12 User Guide...

  • Page 922: Clear Dhcp-Lease Mac

    <source> <destination> [force] Parameters source: The source file or directory to copy. destination: The destination path to copy the source file or directory to. force: Do not ask to overwrite the destination file if it exists. Digi EX12 User Guide...

  • Page 923: Help

    Command line interface Command line reference help Show CLI editing and navigation commands. Syntax help Parameters None Digi EX12 User Guide...
  • Page 924 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. Digi EX12 User Guide...

  • Page 925: Mkdir

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware list List modem firmware files found in the /opt/[MODEM_MODEL]/ directory. Digi EX12 User Guide...

  • Page 926: Modem Firmware Ota Check

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware ota check Query the Digi firmware server for the latest remote modem firmware version. Syntax modem firmware ota check [name STRING] [imei STRING] Parameters name: The configured name of the modem to execute this CLI command on.

  • Page 927: Modem Firmware Update

    Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Syntax modem pin disable <pin> [name STRING] [imei STRING] Parameters pin: The SIM's PIN code. Digi EX12 User Guide...

  • Page 928: Modem Pin Enable

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem puk status Print the PUK status and the number of PUK unlock attempts remaining. Digi EX12 User Guide...

  • Page 929: Modem Puk Unlock

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. timeout: The amount of time in seconds to wait for modem scan to complete. (Default: 300) modem sim-slot Digi EX12 User Guide...

  • Page 930: Monitoring

    Immediately upload current device health metrics. Functions as if a scheduled upload was triggered. Syntax monitoring metrics upload Parameters None more View a file. Syntax more <path> Parameters path: The file to view. Move a file or directory. Digi EX12 User Guide...

  • Page 931: Ping

    The number of bytes sent in the ICMP ping request. (Minimum: 0, Default: 56) count: The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. poweroff Power off the system. Syntax poweroff Parameters None reboot Reboot the system. Parameters None Digi EX12 User Guide...
  • Page 932 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. Digi EX12 User Guide...

  • Page 933: Scp

    Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None Digi EX12 User Guide...

  • Page 934: Show Config

    Show all leases (active and inactive (not in etc/config/dhcp.*lease)). verbose: Display more information (less concise, more detail). show dns Show DNS servers and associated domains. Syntax show dns Parameters None show eth Show ethernet status & statistics. Digi EX12 User Guide...

  • Page 935: Show Event

    Display more details and config data for a specific IPsec tunnel. all: Display all tunnels including disabled tunnels. verbose: Display status of one or all tunnels in plain text. show l2tp lac Show L2TP access concentrator status & statistics. Syntax show l2tp lac [name STRING] Digi EX12 User Guide...

  • Page 936: Show L2Tp Lns

    Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. show manufacture Digi EX12 User Guide...

  • Page 937: Show Modbus-Gateway

    Show NEMO status and statistics. Syntax show nemo [name STRING] Parameters name: Display more details and configuration data for a specific NEMO instance. show network Show network interface status & statistics. Syntax show network [interface STRING] [all] [verbose] Digi EX12 User Guide...

  • Page 938: Show Ntp

    Display more details and config data for a specific OpenVPN server. all: Display all servers including disabled servers. show route Show IP routing information. Syntax show route [ipv4] [ipv6] [verbose] Parameters ipv4: Display IPv4 routes. ipv6: Display IPv6 routes. Digi EX12 User Guide...

  • Page 939: Show Scep-Client

    Show SureLink status & statistics for network interfaces. Syntax show surelink interface [name STRING] [all] Parameters name: The name of a specific network interface. all: Show all network interfaces. show surelink ipsec Show SureLink status & statistics for IPsec tunnels. Digi EX12 User Guide...

  • Page 940: Show Surelink Openvpn

    Show system status & statistics. Syntax show system [verbose] Parameters verbose: Display more information (disk usage, etc). show usb Show USB information. Syntax show usb Parameters None show version Show firmware version. Syntax show version [verbose] Digi EX12 User Guide...

  • Page 941: Show Vrrp

    The type of speed test protocol to run. (Default: nuttcp) output: The format of output to display the speed test results as. (Default: text) Use SSH protocol to log into a remote server. Syntax ssh <host> <user> [port INTEGER] [command STRING] Digi EX12 User Guide...

  • Page 942: System Backup

    ERASE button twice consecutively. Syntax system disable-cryptography Parameters None system duplicate-firmware Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Syntax system duplicate-firmware Parameters None Digi EX12 User Guide...

  • Page 943: System Factory-Erase

    Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update.

  • Page 944: System Firmware Update

    Decrypt the archive with a passphrase. system script start Run a manual script. Scripts that are disabled, not a manual script, or already running can not be run. Syntax system script start <script> Parameters script: Script to start. Digi EX12 User Guide...

  • Page 945: System Script Stop

    Displays the serial log on the screen. Syntax system serial show <port> Parameters port: Serial port. system serial start Start logging data on a serial port. Digi EX12 User Guide...

  • Page 946: System Serial Stop

    The date in year-month-day hour:minute:second format (e.g "2021-09-26 12:24:48"). system time sync Perform a NTP query to the configured server(s) and set the local time to the first server that responds. Syntax system time sync Digi EX12 User Guide...

  • Page 947: System Time Test

    (Minimum: 1, Default: 30) port: Specifies the destination port base traceroute will use (the destination port number will be incremented by each probe). A value of -1 specifies that no specific port will be used. (Minimum: -1, Default: -1) Digi EX12 User Guide...

  • Page 948: Antenna Notes And Solutions

    Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. Antenna notes and solutions This chapter contains the following topics: Antenna terminology Physical specifications Antennas tested by Digi Digi EX12 User Guide...

  • Page 949: Antenna Terminology

    30 feet of cabling. Certain Digi products are designed to provide the ability to place the unit where reception is best (moving the radio is always preferred). This allows the device to capture optimal Radio Frequency (RF) before converting it to IP packets and transmit data via Ethernet cabling, an approach that yields increased performance and cost savings over coax cabling.

  • Page 950: Extra-Small Iot Paddle Antennas

    Directional antennas may improve RF sensitivity, but they will require an expert knowledge to find a specific cellular tower and maintain the ongoing fine-tuning that may be required to keep the antenna positioned properly. Due to the challenges of directional antennas, Digi typically focuses on MIMO omni-directional models.

  • Page 951: Flat Mimo Antenna #1

    This is a hardened antenna designed to be mounted outdoors. This is a MIMO antenna with two short pig tail connectors and the overall dimensions are 187 mm in height and 106 mm at the base. Digi typically provides this antenna with a kit including dual coax cables at 5M in length. If you are using this antenna with a Digi PoE (for example, the Digi 6300-CX) we typically recommend you mount the unit on the inside and run the 5M cables to the outside.

  • Page 952: Paddle Extender

    SMA connector, escaping the limitations of having to stay affixed to the device's chassis. Remote mounting is then simplified thanks to the paddle extender's magnetic base (diameter of 48mm [1.9 inches]). The length of the cable 50cm (19.7 inches). Digi EX12 User Guide...

Table of Contents