Digi IX30 User Manual

page of 1031

/ 1031
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

IX30

User Guide

Firmware version 22.11

Table of Contents

Summary of Contents for Digi IX30

Page 1 IX30 User Guide Firmware version 22.11...
Page 2: Revision History-90002452
5G enhancements: Added 5G slice support for configuring the slice type for the 5G modems. Added WAN Bonding as an add-on feature via Digi Remote Manager for bonding multiple outbound Internet connections together for increased maximum throughput or data redundancy.
Page 3 New settings to control the NMEA message content that the devices sends when there is no valid fix from any of the configured location sources. Release of Digi IX30 firmware version 22.8: September 2022 Cellular modem enhancements: Added modem ota download and system firmware ota download commands for downloading cellular modem and device firmware.
Page 4 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 5 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (IX30 User Guide, 90002452 C) in the subject line of your email. IX30 User Guide...
Page 6: Table Of Contents
What's new in Digi IX30 version 22.11 Digi IX30 Quick start Step 1: Connect your device Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager Step 4: Register your device Step 5: Complete setup Step 6: Configure cellular APN...
Page 7 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple IX30 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
Page 8 Configure RealPort mode using the Digi Navigator Installation and configuration process Digi Navigator features Install the Digi Navigator Configure RealPort on a Digi device from the Digi Navigator Digi Navigator application features Electrical Signalling Mode Change the electrical signalling mode to RS-232...
Page 9 Configure SureLink active recovery for OpenVPN Show OpenVPN server status and statistics Show OpenVPN client status and statistics Generic Routing Encapsulation (GRE) Configuring a GRE tunnel Show GRE tunnels Example: GRE tunnel over an IPSec tunnel L2TP Configure a PPP-over-L2TP tunnel IX30 User Guide...
Page 10 Ethernet network bonding Enable service discovery (mDNS) Use the MQTT broker service Show MQTT broker information Use the iPerf service Example performance test using iPerf3 Configure the ping responder service Example performance test using iPerf3 Applications Develop Python applications IX30 User Guide...
Page 11 Releasing the LEDs to system control Use Python to control the color of multi-colored LEDs Example: Set the LTE connection indicator to flashing purple Set up the IX30 to automatically run your applications Configure scripts to run automatically Show script information...
Page 12 Configure web filtering with manual DNS servers Verify your web filtering configuration Show web filter service information Containers Use Digi Remote Manager to deploy and run containers Use an automation to start the container Upload a new LXC container Configure a container...
Page 13 Configure analog input ports Calibrate analog input ports Send digital and analog I/O monitoring information to a remote server Send digital and analog I/O monitoring information to Digi Remote Manager Show digital I/O and analog input status and statistics System administration...
Page 14 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi IX30 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
Page 15 The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference 1001 analyzer clear 1002 analyzer save 1003 analyzer start 1003 analyzer stop 1003 clear dhcp-lease ip-address 1003 IX30 User Guide...
Page 16 1016 show event 1017 show hotspot 1017 show ipsec 1017 show l2tp lac 1017 show l2tp lns 1018 show l2tpeth 1018 show location 1018 show log 1018 show manufacture 1018 show modbus-gateway 1019 show modem 1019 IX30 User Guide...
Page 17 1027 system serial show 1028 system serial start 1028 system serial stop 1028 system support-report 1028 system time set 1029 system time sync 1029 system time test 1029 tail 1029 telnet 1030 traceroute 1030 IX30 User Guide...
Page 18: What's New In Digi Ix30 Version 22.11
What's new in Digi IX30 version 22.11 Preliminary release of the IX30 device. IX30 User Guide...
Page 19: Digi Ix30 Quick Start
For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX30 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 20 Securely finger tighten each antenna to the threaded barrel using the nut at the base of the antenna. 3. Using an Ethernet cable, connect the IX30's WAN/ETH1 port to the internet, such as a home internet router or LAN Ethernet port in an office environment.
Page 21: Step 2: Connect Dc Power
Step 2: Connect DC power Step 2: Connect DC power Step 3: Set up access to Digi Remote Manager If you already have a Digi Remote Manager account, skip to Register your device. If you prefer to configure the device locally rather than using Remote Manager, see...
Page 22: Step 5: Complete Setup
Digi IX30 Quick start Step 5: Complete setup Step 5: Complete setup 1. The device should connect within a couple of minutes. 2. If newer firmware is available, Remote Manager will prompt you to update the device. Click Update to update the firmware. Remote Manager will perform the update in the background and let you know when the device is up to date.
Page 23: Digi Ix30 Hardware Reference
Two 10/100 BaseT Ethernet ports for high-speed connectivity. For a detailed list of IX30 hardware specifications, see https://www.digi.com/products/networking/cellular-routers/industrial/digi-ix30#specifications. IX30 accessories When accessories are purchased with the IX30 device, the following are provided: Cellular antennas. Power supply. Ethernet cable. DIN rail mounting bracket.
Page 24: Ix30 Front View
GNSS antenna connector Power suppy IX30 power supply requirements. Serial port Digi IX30 serial connector pinout for information about the serial port pin-out. ERASE button The ERASE button is used to perform a device reset, and it has three modes: 1.
Page 25: Ix30 Leds
WAN/ETH1 Ethernet port, WAN-enabled by default. IX30 LEDs The IX30 LEDs are located on the top front panel. The number of LEDs varies by model. During bootup, the front-panel LEDs light up in sequence to indicate boot progress. POWER No power.
Page 26: Signal Quality Indicators
Digi IX30 hardware reference IX30 LEDs Solid yellow (or orange) Initializing or starting up. Flashing yellow (or orange) Flashing white In the process of connecting to the ETH2 port connection established cellular network and to a device on and in the process of connecting to its ETH2 port.
Page 27: Ethernet Link And Activity
Solid amber: 10/100 Mbps link detected. Signal quality bars explained The signal status bars for the Digi IX30 measure more than simply signal strength. The value reported by the signal bars is calculated using an algorithm that takes into consideration the Reference Signals Received Power (RSRP), the Signal-to-noise ratio (SNR), and the Received Signal Strength Indication (RSSI) to provide an accurate indicator of the quality of the signal that the device is receiving.
Page 28: Ix30 Power Supply Requirements
IX30 power supply requirements IX30 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum. Use the power supply part number 24000154.
Page 29  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 30: Ix30 Serial Pinouts
Digi IX30 hardware reference Digi IX30 serial connector pinout 3. Set the signalling mode: (config)> serial port1 signal_mode value (config)> where value is one of: rs-232 rs-422 rs-485 If this is the end device along a cabled RS-485 daisy chain and termination resistors are recommended, enable an internal electrical termination: (config)>...
Page 31: Ix30 Rs-232 Pinout
Digi IX30 hardware reference Digi IX30 serial connector pinout IX30 RS-232 pinout DB9 pin Pin direction RS-232 function Input Input Output Output Ground Input Output Input Input IX30 RS-422 pinout DB9 pin Pin direction RS-422 function Input CTS- Input RXD+...
Page 32: Configuration For Extreme Thermal Conditions
10 Mpbs is acceptable.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 33  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 34: Qr Code Definition
Digi IX30 hardware reference QR code definition 7. Add a rule to the policy: (config firewall qos 2 policy 0)> add rule end (config firewall qos 2 policy 0 rule 0)> The default settings for the policy and rule are sufficient.
Page 35: Hardware Setup
Hardware setup This chapter contains the following topics: Install SIM cards Tips for improving cellular signal strength Connect data cables IX30 User Guide...
Page 36: Install Sim Cards
2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX30 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.
Page 37: Sim Removal
SIM removal The IX30 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch. Tips for improving cellular signal strength...
Page 38 This chapter contains the following topics: Review IX30 default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Using the local web interface Use the local REST API to configure the IX30 device Using the command line IX30 User Guide...
Page 39: Firmware Configuration
Firmware configuration Review IX30 default settings Review IX30 default settings You can review the default settings for your IX30 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the IX30 WebUI as a user with Admin access. See Using the local web interface details.
Page 40: Other Default Configuration Settings
Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Remote...
Page 41: Change The Default Password For The Admin User
To change the default password for the admin user:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 42: Configuration Methods
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 43: Using Digi Remote Manager
Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX30 device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager, either: As part of the getting started process.
Page 44: Log Out Of The Web Interface
On the main menu, click your user name. Click Log out. Use the local REST API to configure the IX30 device Your IX30 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
Page 45: Use The Get Method To Return Device Configuration Information
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 46 Firmware configuration Use the local REST API to configure the IX30 device multicast Multicast ping Ping responder snmp SNMP telnet Telnet web_admin Web administration (config)> service For example, to use curl to return the ssh configuration: $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh -...
Page 47: Use The Post Method To Modify Device Configuration Parameters And List Arrays
Firmware configuration Use the local REST API to configure the IX30 device Use the POST method to modify device configuration parameters and list arrays Use the POST method to modify device configuration parameters To modify configuration parameters, use the POST method with the path and value parameters.
Page 48 Firmware configuration Use the local REST API to configure the IX30 device where path is the path to the list item, including the list number, in dot notation (for example, service.ssh.acl.zone.4). For example, to remove the external firewall zone to the ssh service: 1.
Page 49: Using The Command Line
Log in to the command line interface  Command line 1. Connect to the IX30 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 50: Exit The Command Line Interface
Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX30 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...
Page 51: Central Management
Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple IX30 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
Page 52: Digi Remote Manager Support
This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
Page 53 HTTP proxy server support. To configure your device's Digi Remote Manager support:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 54 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the IX30 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
Page 55 CLI. If disabled, no login prompt will be presented and the user will be logged in as admin. The default is disabled. 16. (Optional) Configure the IX30 device to communicate with remote cloud services by using SMS: a. Click to expand Short message service.
Page 56 Central management Configure your device for Digi Remote Manager support 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 57 (config)> cloud drm keep_alive 600s (config)> 8. (Optional) Set the amount of time that the IX30 device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
Page 58 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 15. (Optional) Configure the IX30 device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...
Page 59: Collect Device Health Data And Set The Sample Interval
To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 60  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 61 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 62: Enable Event Log Upload To Digi Remote Manager
To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 63  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 64: Log Into Digi Remote Manager
1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
Page 65: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
Page 66: Configure Multiple Ix30 Devices By Using Digi Remote Manager Configurations
Remote Manager configurations. Typically, if you want to provision multiple IX30 routers: 1. Using the IX30 local WebUI, configure one IX30 router to use as the model configuration for all subsequent IX30s you need to manage. 2. Register the configured IX30 device in your Remote Manager account.
Page 67: View Digi Remote Manager Connection Status
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 68: Learn More
Central management Learn more Learn more To learn more about Digi Remote Manager features and functions, see the Digi Remote Manager User Guide. IX30 User Guide...
Page 69: Interfaces
Interfaces IX30 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs)
Page 70: Wide Area Networks (Wans)
Interfaces Wide Area Networks (WANs) Wide Area Networks (WANs) The IX30 device is preconfigured with one Wide Area Network (WAN), named ETH1, and one Wireless Wide Area Network (WWAN), named Modem. Default Interface type Preconfigured interfaces Devices configuration Wide Area...
Page 71: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)
The metric for each WAN.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 72 For Metric, type 1. c. Click IPv6. d. For Metric, type 1. 4. Set the metrics for ETH1: a. Click Network > Interfaces > ETH1 > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. IX30 User Guide...
Page 73  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 74: Wan/Wwan Failover
WAN, and its Ethernet WAN, ETH1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the IX30 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
Page 75: Configure Surelink Active Recovery To Detect Wan/Wwan Failures
Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX30 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
Page 76 The Switch SIM behavior only applies if the modem is connected, but SureLink tests are failing. If the modem is not connected, SIM failover applies. See Configure a Wireless Wide Area Network (WWAN) for details about SIM failover. IX30 User Guide...
Page 77 7. Seventh Surelink failure: The device will reboot.  Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 78 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the IX30 device to automatically recover the modem in the event that it cannot obtain an IP address.
Page 79 Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. IX30 User Guide...
Page 80 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 81 If switch_sim is enabled, set the number of times that Surelink tests must fail prior to switching SIMS: (config network interface my_wan ipv4 surelink)> switch_sim_attempts (config network interface my_wan ipv4 surelink> IX30 User Guide...
Page 82 Specify the DNS server. Allowed value is the IP address of the DNS server. (config network interface my_wan ipv4 surelink target 0)> dns_ server ip_address (config network interface my_wan ipv4 surelink target 0)> dns_configured: Tests connectivity by sending a DNS query to the DNS servers configured for this interface. IX30 User Guide...
Page 83 The default is 60 seconds. other: Allows you to test another interface's status, to create a failover or coupled relationship between interfaces: (config network interface my_wan ipv4 surelink target 0)> other value (config network interface my_wan ipv4 surelink target 0)> IX30 User Guide...
Page 84 (Optional) Repeat to add additional test targets. 11. Optional active recovery configuration parameters: a. Move back two levels in the configuration by typing ..: (config network interface my_wan ipv4 surelink target 0)> ..(config network interface my_wan ipv4 surelink> IX30 User Guide...
Page 85 (config network interface my_wan ipv4 surelink)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 86: Configure The Device To Reboot When A Failure Is Detected
To configure the IX30 device to reboot when an interface has failed:  Web SureLink can be configured for both IPv4 and IPv6. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 87 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the IX30 device to automatically recover the modem in the event that it cannot obtain an IP address.
Page 88 Initial connection time: The amount of time to wait for an initial connection to the interface before this test is considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. IX30 User Guide...
Page 89 IPv6 active recovery, replace ipv4 in the command line with ipv6. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 90 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the IX30 device to automatically recover the modem in the event that it cannot obtain an IP address.
Page 91 (config network interface my_wan ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: IX30 User Guide...
Page 92 Use the ? to determine available interfaces: (config network interface my_wan ipv4 surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config network interface my_wan ipv4 surelink target 0)> other_interface IX30 User Guide...
Page 93 (config network interface my_wan ipv4 surelink)> success_condition value (config network interface my_wan ipv4 surelink> Where value is either one or all. IX30 User Guide...
Page 94: Disable Surelink
You can also disable DNS lookup or other internet activity, while retaining the SureLink interface test.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 95  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 96 IP address assigned to it, that the physical link is up, and that a route is present to send traffic out of the network interface.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 97 5. After selecting the WAN or WWAN, click IPv4 > SureLink. 6. Click to expand Test targets. 7. Click to expand the second test target. This test target has its Test type set to Test DNS servers configured for this interface. IX30 User Guide...
Page 98  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 99: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular
To achieve this WAN failover from the ETH1 to the Modem interface, the WAN failover configuration is:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 100 For Add Test Target, click . f. For Test type, select Ping test. g. For Ping host, type 43.66.93.111. h. For Ping payload size, type 256. 4. Repeat the above step for Modem to enable SureLink on that interface. IX30 User Guide...
Page 101  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 102: Using Ethernet Devices In A Wan
Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX30 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX30 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
Page 103 SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 104 11. For Access technology, select the type of cellular technology that this modem should use to access the cellular network, or select All technologies to configure the modem to use the best available technology. The default is All technologies. IX30 User Guide...
Page 105  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 106 For example, to set query_interval to ten minutes, enter either 10m or 600s: (config)> network modem wan query_interval 600s (config)> The default is 30s. 8. Set the maximum number of interfaces. This is used when using dual-APN SIMs. The default is (config)> network modem modem max_intfs int (config)> IX30 User Guide...
Page 107 12. Save the configuration and apply the change: (config)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 108 APN. To configure the APN:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 109  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 110 If auto, chap, or pap is selected, enter the Username and Password required to authenticate: (config)> network interface modem modem apn 0 username name (config)> network interface modem modem apn 0 password pwd (config)> The default is none. IX30 User Guide...
Page 111 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 112 Interfaces Wide Area Networks (WANs) Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
Page 113 For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the IX30 will attempt to determine the APN. i. Click to expand APN list > APN.
Page 114 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN1. f. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. IX30 User Guide...
Page 115  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 116 Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the IX30 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
Page 117 Set the interface to WWANPublic : (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> f. Use to periods (..) to move back one level in the configuration: (config nnetwork route policy 0)> .. (config nnetwork route policy)> IX30 User Guide...
Page 118 Type quit to disconnect from the device. Configure manual carrier selection By default, your IX30 automatically selects the most appropriate cellular carrier based on the SIM that is in use and the status of available carriers in your area. IX30 User Guide...
Page 119 Select Manual or Manual/Automatic carrier selection mode. The Network PLMN ID.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 120  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 121 Admin CLI.  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. croll to the Connection Status section and click SCAN. The Carrier Scan window opens.
Page 122  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 123  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 124 Command line To unlock a SIM card: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 125 Move the IX30 device to another location. Try connecting a different set of antennas, if available. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1m AT command access To run AT commands from the IX30 command line: IX30 User Guide...
Page 126  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 127: Configure A Wide Area Network (Wan)
When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the IX30 device's hostname in DHCP requests. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information.
Page 128 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 129 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX30 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the IX30 device.
Page 130 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the IX30 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 131  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 132 (config network interface my_wan)> ipv4 mgmt num (config network interface my_wan)> iv. Set the MTU: (config network interface my_wan)> ipv4 mtu num (config network interface my_wan)> v. Configure how to use DNS: (config network interface my_wan)> ipv4 use_dns value (config network interface my_wan)> IX30 User Guide...
Page 133 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the IX30 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
Page 134 8. (Optional) To configure 802.1x port based network access control: Note The IX30 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the IX30 device: (config network interface my_wan)> 802_1x authentication enable true (config network interface my_wan)>...
Page 135: Configure A Wireless Wide Area Network (Wwan)
The IPv4 Maximum Transmission Unit (MTU) of the WAN. When to use DNS: always, never, or only when this interface is the primary default route. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information. IX30 User Guide...
Page 136 WAN/WWAN failures for further information.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 137 Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. 10. Roaming is enabled by default. Click to disable. IX30 User Guide...
Page 138 Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN list and APN list only, the IX30 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 139 WWAN is the primary route. Never: Never use DNS servers for this WWAN. The default setting is When primary default route. 1. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring SureLink.  Command line IX30 User Guide...
Page 140 Interfaces Wide Area Networks (WANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 141 (config network interface my_wwan)> modem imsi IMSI (config network interface my_wwan)> plmn_id Set the PLMN id that must be in active for this WWAN to be used: (config network interface my_wwan)> modem plmn_id PLMN_ID (config network interface my_wwan)> IX30 User Guide...
Page 142 (config network interface my_wwan)> modem operator_technology value (config network interface my_wwan)> where value is one of: all: The best available technology will be used. 2G: Only 2G technology will be used. 3G: Only 3G technology will be used. IX30 User Guide...
Page 143 The device will reboot if automatic SIM switching is unavailable. 12. The IX30 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
Page 144 DNS server, the interface with the lowest metric will be used for DNS requests. never: Never use DNS servers for this WWAN. primary: Only use the DNS servers provided for this WWAN when the WWAN is the primary route. IX30 User Guide...
Page 145: Show Wan And Wwan Status And Statistics
Only use the DNS servers provided for this WWAN when the WWAN is the primary route. The default setting is primary. g. See Configure SureLink active recovery to detect WAN/WWAN failures for information about configuring active recovery. Show WAN and WWAN status and statistics  Web IX30 User Guide...
Page 146  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 147: Delete A Wan Or Wwan
WAN, ETH1, or the preconfigured WWAN, Modem.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 148  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 149: Default Outbound Wan/Wwan Ports
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Default outbound WAN/WWAN ports The following table lists the default outbound network communications for IX30 WAN/WWAN interfaces: Port Description...
Page 150: Local Area Networks (Lans)
Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX30 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area ETH2 Ethernet: Firewall zone: Network ETH2 Internal (LAN) IP address: 192.168.2.1/24...
Page 151: About Local Area Networks (Lans)
The relative weight for IPv6 routes associated with the LAN. The IPv6 management priority of the LAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. IX30 User Guide...
Page 152 To create a new LAN or edit an existing LAN:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 153 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX30 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the IX30 device.
Page 154  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 155 (config network interface my_lan)> ipv4 enable false (config network interface my_lan)> The LAN is configured by default to use a static IP address for its IPv4 configuration. To configure the LAN to be a DHCP client, rather than using a static IP addres: IX30 User Guide...
Page 156 Set the IPv6 type to DHCP: (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): IX30 User Guide...
Page 157 (config network interface my_lan)> If the minimum length is not available, then a longer prefix will be used. Configure WAN/WWAN priority and default route metrics for further information about metrics. 8. (Optional) To configure 802.1x port based network access control: IX30 User Guide...
Page 158: Configure The Wan/Eth1 Port As A Lan Or In A Bridge
Type quit to disconnect from the device. Configure the WAN/ETH1 port as a LAN or in a bridge By default, the WAN/ETH1 Ethernet port on your IX30 is configured to function as a WAN port, which means that it:...
Page 159 Has SureLink enabled to test the quality of its internet connection. Alternatively, you can configure the WAN/ETH1 port to function as a LAN port, or you can create a bridge that includes the WAN/ETH1 and ETH2 ports. This section contains the following topics: IX30 User Guide...
Page 160 To configure the WAN/ETH1 Ethernet port as a LAN:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 161  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 162 To bridge the IX30 device's WAN/ETH1 Ethernet port with the ETH2 port:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 163 Interfaces Local Area Networks (LANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 164  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 165 For example, to create a interface named LAN_bridge_interface: (config)> add network interface LAN_bridge_interface (config network interface LAN_bridge_interface)> c. Set the zone to internal: (config network interface LAN_bridge_interface)> zone internal (config network interface LAN_bridge_interface)> IX30 User Guide...
Page 166: Change The Default Lan Subnet
DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 167  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 168: Show Lan Status And Statistics
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 169: Delete A Lan
Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 170  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 171: Dhcp Servers
Type quit to disconnect from the device. DHCP servers You can enable DHCP on your IX30 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
Page 172 Interfaces Local Area Networks (LANs)  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 173 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the IX30 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
Page 174 Interfaces Local Area Networks (LANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 175 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the IX30 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
Page 176 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the IX30 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
Page 177 A label for this instance of the static lease. To map static IP addresses:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 178  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 179  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 180 Delete static IP mapping entries To delete a static IP entry:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 181  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 182 Force the option to be sent to the DHCP clients. A label for the custom option.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 183  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 184 If the incorrect data type is selected, the device will send the value as a string. (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> datatype value (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> where value is one of: 1byte 2byte 4byte ipv4 The default is str. IX30 User Guide...
Page 185 Additional configuration items IP address of additional DHCP relay servers.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 186  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 187 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the IX30 device and to diagnose DHCP issues. ...
Page 188: Default Services Listening On Lan Ports
Interfaces Local Area Networks (LANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 189 Local Area Networks (LANs) connected to a LAN interface.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 190 For Access concentrator name, type the name of the access concentrator to report to the client. If no name is provided, the host name is used. d. For Authentication method, select the authentication method used to connect to the remote peer. IX30 User Guide...
Page 191 14. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX30 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication. b. Click Enable server to enable the 802.1x authenticator on the IX30 device.
Page 192  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 193 (config network interface ip_passthrough_interface)> ipv4 mgmt num (config network interface ip_passthrough_interface)> d. Set the MTU: (config network interface ip_passthrough_interface)> ipv4 mtu num (config network interface ip_passthrough_interface)> e. Configure how to use DNS: (config network interface ip_passthrough_interface)> ipv4 use_dns value (config network interface ip_passthrough_interface)> IX30 User Guide...
Page 194 Modify any of the remaining default settings as appropriate. 10. (Optional) To configure 802.1x port based network access control: Note The IX30 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the IX30 device: (config network interface ip_passthrough_interface)>...
Page 195: Virtual Lans (Vlans)
VLAN can only access other devices on the same VLAN and each device is unaware of any other VLAN, which isolates networks from one another, even though they run over the same physical network. Your IX30 device supports two VLANs modes: Trunking: Supports multiple VLANs per Ethernet port, which enables you to extend your VLAN across multiple switches through your entire network.
Page 196: Create A Trunked Vlan Route
The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 197 Interfaces Virtual LANs (VLANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 198: Create A Vlan Using Switchport Mode
The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 199  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 200 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 201: Bridging
You can also use bridging to create a Vitural LAN switchport bridge. See Create a VLAN using switchport mode for more information about switchport bridging for VLANs. This section contains the following topics: Configure a bridge IX30 User Guide...
Page 202: Configure A Bridge
Enable Spanning Tree Protocol (STP). To create a bridge:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 203  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 204 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 205: Show Surelink Status And Statistics
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 206: Show Surelink Status For All Ipsec Tunnels
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 207: Show Surelink Status For All Openvpn Clients
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 208 Passed test_client1 194.43.79.75 (Ping) 5 seconds Passed > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 209: Serial Port
Serial port IX30 devices have a single serial port that provides access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.
Page 210: Configure Login Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
Page 211  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 212 10. Set the stop bits used by the device to which you want to connect: (config)>path-paramstopbits bits (config)> 11. Set the type of flow control used by the device to which you want to connect: (config)>path-paramflow value (config)> where value is one of: none rts/cts xon/xoff IX30 User Guide...
Page 213: Configure Remote Access Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. IX30 User Guide...
Page 214 For End Pattern, enter the end pattern. The packet is sent when this pattern is received from the serial port. e. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. IX30 User Guide...
Page 215 Click to expand the appropriate type of service. iv. Click to expand Access Control List. For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: IX30 User Guide...
Page 216 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: i. Click Interfaces. ii. For Add Interface, click .
Page 217  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 218 8. Set the number of data bits used by the device to which you want to connect: (config)>serial port databits bits (config)> 9. Set the type of parity used by the device to which you want to connect: (config)>serial port parity parity (config)> Allowed values are: IX30 User Guide...
Page 219 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)>serial port1 idle_timeout 600s (config) The default is 15m. IX30 User Guide...
Page 220 To disable: (config)>serial port1 autoconnect flush_string false (config)> The default is always. c. Set the option that initiates the connection: (config)>serial port1 autoconnect conn_type value (config)> where value is one of: IX30 User Guide...
Page 221 (config)>serial port1 socketid string (config)> 15. (Optional) Configure data framing: a. Enable data framing: (config)>serial port1 framing enable true (config) b. Set the maximum size of the packet: (config)>serial port1 framing max_count int (config) The default is 1024. IX30 User Guide...
Page 222 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. IX30 User Guide...
Page 223 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add serial port1 service ssh acl interface end value (config)>...
Page 224 1 and 65535. The default is 4001. iii. Enable TCP keep-alive messages: (config)>serial port1 service tcp keepalive true (config)> iv. Set the option that initiates the connection: (config)>serial port1 service tcp conn_type value (config)> IX30 User Guide...
Page 225 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add serial port1 service tcp acl interface end value (config)>...
Page 226 Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vii. (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service tcp mdns enable true (config)> c. Configure telnet settings: IX30 User Guide...
Page 227 A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: IX30 User Guide...
Page 228 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec IX30 User Guide...
Page 229: Configure Application Mode
Use Python to access serial ports for information about creating Python applications that access the serial port. To change the configuration to match the serial configuration of the device to which you want to connect:  Web IX30 User Guide...
Page 230  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 231: Configure Ppp Dial-In Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX30 User Guide...
Page 232 Configure PPP dial-in mode 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
Page 233 For Connect script filename, type the name of the script. Scripts are located in the /etc/config/serial directory. An example script, windows_dun.sh is provided. Example windows_dun.sh file: #!/bin/sh # Example connect script for connecting from a PC using a Windows IX30 User Guide...
Page 234  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 235 Use Challenge Handshake Authentication Protocol (CHAP) to authenticate. pap: Use Password Authentication Protocol (PAP) to authenticate. The default is none. If auto, chap, or pap are set, set the username and password used to authenticate the remote peer: IX30 User Guide...
Page 236 14. (Optional) Configure the serial port to use a custom PPP configuration file: a. Enable the use of a custom PPP configuration file: (config)> serial port1 ppp_dialin custom enable true (config)> b. Enable override to override the default PPP configuration and only use the custom configuration file: IX30 User Guide...
Page 237 -r line; do case "$line" in ATDT123) echo "CONNECT" # instruct the peer to start PPP exit 0 # start up the local PPP session AT*) echo "OK" # passively accept any other AT command IX30 User Guide...
Page 238: Configure Udp Serial Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
Page 239 For Stop bits, select the number of stop bits used by the device to which you want to connect. e. For Flow control, select the type of flow control used by the device to which you want to connect. IX30 User Guide...
Page 240 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the IX30 sends new data from the last IP address and port from which data was received. To add a destination: i.
Page 241 The Configuration window is displayed. b. Access the configuration for the appropriate type of service: i. Click to expand Serial. ii. Click to expand the appropriate serial port. iii. Click to expand UDP serial. iv. Click to expand Access Control List. IX30 User Guide...
Page 242 10. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 243 8. Set the number of data bits used by the device to which you want to connect: (config)>serial port1 label databits bits (config)> 9. Set the type of parity used by the device to which you want to connect: (config)>serial port1 label parity parity (config)> Allowed values are: IX30 User Guide...
Page 244 Set the end pattern. The packet is sent when this pattern is received from the serial port: (config)>serial port1 framing end_pattern backslash-escaped-string (config) e. Set the strip end pattern if you want to remove the end pattern from the packet before it is sent: (config)>serial port1 framing strip_pattern true (config) IX30 User Guide...
Page 245 (config)> 15. Configure the remote sites to which you want to send data. If you do not specify any destinations, the IX30 send new data to the last hostname and port from which data was received. To add a destination: i.
Page 246 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add serial port1 udp acl interface end value (config)>...
Page 247 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add serial port1 udp acl interface end value (config)>...
Page 248 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. IX30 User Guide...
Page 249: Configure Modbus Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. IX30 User Guide...
Page 250  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 251 2. Set the number of data bits used by the device to which you want to connect: (config)>path-paramdatabits bits (config)> 3. Set the type of parity used by the device to which you want to connect: (config)>path-paramparity parity (config)> Allowed values are: even none The default is none. IX30 User Guide...
Page 252: Configure Realport Mode Using The Digi Navigator
Digi Navigator on your computer, the RealPort application is automatically installed as well. With Digi Navigator, you can set all serial ports on the device to RealPort mode, and then also enable the RealPort service. The COM ports on your laptop are also configured. These processes ensure that RealPort is configured on the device and on your computer.
Page 253: Install The Digi Navigator
5. When the download is complete, click on the downloaded .exe file. The Digi Navigator Setup wizard displays. 6. Select which user(s) should be able to launch the Digi Navigator from this computer after it has been installed: Anyone who uses this computer (all users): Any user who logs into this computer can launch the Digi Navigator.
Page 254: Configure Realport On A Digi Device From The Digi Navigator
Advanced RealPort configuration without using the Digi Navigator. Download and install the Digi Navigator. 2. Make sure the IX30 is powered connected your local network or computer with an Ethernet cable. 3. Launch the Digi Navigator. 4. Specify the IP address of the Digi device: To add a device, you will need the devices's IP address, and the user name and password for the device.
Page 255 RealPort from within the Digi Navigator. 1. Launch the Digi Navigator if it is not currently open. A list of devices that have RealPort enabled and configured displays in the RealPort Devices section at the bottom of the application screen.
Page 256: Digi Navigator Application Features
Item Description Filters Click Filters to display the types of filters that can be applied to Digi devices, services, and IP types. Device Filters: A list of the Digi device types displays. All types are disabled by default, and when all are disabled, all types are displayed.
Page 257 After you have enabled and configured RealPort on at least one Digi device, a list of configured devices displays at the bottom of the Digi Navigator. You can refresh the list and easily access the COM port configuration on your computer.
Page 258 Click Login. Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to determine the types of Digi devices you want to display. Only the devices that are powered on and are discoverable are included.
Page 259: Electrical Signalling Mode
Enter your Remote Manager user name and password. b. Click Login. Electrical Signalling Mode The IX30 is a DTE serial device capable of supporting the RS-232, RS-422, or RS-485 electrical signalling modes. The default setting RS-232 signaling. This section contains the following topics:...
Page 260: Change The Electrical Signalling Mode To
To change the signalling mode:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 261  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 262 Serial port Electrical Signalling Mode 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 263: Change The Electrical Signalling Mode To
Change the electrical signalling mode to RS-485 To change the signalling mode:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 264 3. Click Serial > Port 1. 4. For Electrical signalling mode, select RS-485. 5. If this IX30 is the end device along a cabled RS-485 daisy chain and termination resistors are recommended, enable an internal Electrical termination: 6. Click Apply to save the configuration and apply the change.
Page 265: Advanced Realport Configuration Without Using The Digi Navigator
Serial port Advanced RealPort configuration without using the Digi Navigator 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 266: Download The Realport Driver
1. Navigate to the downloaded Realport .zip file. 2. Open the .zip file. 3. Click on setup.exe to launch the RealPort wizard. The Welcome to the Digi RealPort Setup Wizard screen displays. 4. If this is not the first time you have run the wizard, select the Add a New Device option. If this is the first time running the wizard, no options are available on the screen.
Page 267 Serial port Advanced RealPort configuration without using the Digi Navigator 7. Click Finish to complete the process and close the wizard. Note If this is the first time that you have run the RealPort wizard, Realport is installed on your laptop.
Page 268: Configure The Serial Port For Realport Mode
To change the configuration to match the serial configuration of the device to which you want to connect:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
Page 269  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 270: Configure The Realport Service
Configure the RealPort service After you have configured RealPort mode on the IX30, you must enable and configure the RealPort service. When this step is complete, all of the serial ports on the IX30 are configured to use the RealPort service.
Page 271: Show Serial Status And Statistics
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 272  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 273 /etc/config/serial will be used as the root directory for the path and file. 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 274: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) IX30 User Guide...
Page 275: Ip Routing
IP routing IP routing The IX30 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
Page 276: Configure A Static Route
The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 277 7. For Interface, select the interface on the IX30 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
Page 278 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the IX30 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...
Page 279: Delete A Static Route
Type quit to disconnect from the device. Delete a static route  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 280  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 281: Policy-Based Routing
However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX30 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
Page 282: Configure A Routing Policy
To configure a routing policy:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 283 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX30 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
Page 284  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 285 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the IX30 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
Page 286 (config network route policy 0)> where value is one of: zone: Matches the source IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> src zone ? IX30 User Guide...
Page 287 (config network route policy 0)> address: Matches the source IPv4 address to the specified IP address or network. Set the address that will be matched: (config network route policy 0)> src address value (config network route policy 0)> IX30 User Guide...
Page 288 Set the zone. For example: (config network route policy 0)> dst zone external (config network route policy 0)> Firewall configuration for more information about firewall zones. interface: Matches the destination IP address to the selected interface's network address. Set the interface: IX30 User Guide...
Page 289 11. Save the configuration and apply the change: (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 290: Example: Dual Wan Policy-Based Routing
This example routes traffic to a specific IP address to go through the cellular WWAN interface, while all other traffic uses the Ethernet WAN interface.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 291  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 292: Example: Domain-Based Routing With Dual Wan
This example routes traffic destined for a specific domain to the WAN Ethernet port, and never through the cellular modem.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 293 Routing IP routing a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 294  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 295: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address
Example: Route traffic to a specific WAN interface based on the client MAC address This example routes all data from a certain client device through a cellular WAN based on the device's MAC address, while all other client devices are routed through the Ethernet WAN.  Web IX30 User Guide...
Page 296 Routing IP routing 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 297 Click to expand Source address. ii. For Type, select MAC address. iii. For MAC address, type 26:88:0E:23:50:C2. f. Configure the destination zone: i. Click to expand Destination address. ii. For Type, select Zone. iii. For Zone, select CellularWAN. IX30 User Guide...
Page 298  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 299 (config)> 5. Configure the policy-based route for traffic from the client device that will be sent over the cellular WAN: a. Add a new routing policy: (config)> add network route policy end (config network route policy 0)> IX30 User Guide...
Page 300 Create the packet filtering rule: (config)> add firewall filter end (config firewall filter 2)> b. Set the lable to Reject LAN traffic to cellular WAN: (config firewall filter 2)> label "Reject LAN traffic to cellular WAN" (config firewall filter 2)> IX30 User Guide...
Page 301: Routing Services
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your IX30 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...
Page 302: Configure Routing Services
Enable and configure the types of routing services that will be used.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 303  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 304: Show The Routing Table
6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show the routing table To display the routing table:  Web IX30 User Guide...
Page 305 Routing Show the routing table 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 306: Dynamic Dns
The number of times to retry a failed IP address update.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 307 3. Click Network > Dynamic DNS. 4. Type a name for this Dynamic DNS instance in Add Service and click . The Dynamic DNS configuration page displays. New Dynamic DNS configurations are enabled by default. To disable, toggle off Enable. IX30 User Guide...
Page 308  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 309 Service: The provider of the dynamic DNS service. Format: custom 3322.org changeip.com ddns.com.br dnsdynamic.org Default value: custom Current value: custom (config network ddns new_ddns_instance)> service b. Set the service: (config network ddns new_ddns_instance)> service service_name (config network ddns new_ddns_instance)> IX30 User Guide...
Page 310 For example, to set force_interval to ten minutes, enter either 10m or 600s: (config network ddns new_ddns_instance)> force_interval 600s (config network ddns new_ddns_instance)> The default is 3d. 12. (Optional) Set the amount of time to wait for an IP address update to succeed before retrying the update: IX30 User Guide...
Page 311: Virtual Router Redundancy Protocol (Vrrp)
Multiple IX30 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
Page 312: Configure Vrrp
VRRP priorty of devices based on the status of their network connectivity.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 313 255 . Allowed values are from 1 and 255, and it is configured to 100 by default. 9. (Optional) For Password, type a password that will be used to authenticate this VRRP router with VRRP peers. If the password length exceeds 8 characters, it will be truncated to 8 characters. IX30 User Guide...
Page 314  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 315: Configure Vrrp
VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX30 device. IX30 User Guide...
Page 316 SureLink tests.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 317 SureLink connectivity fails. For example, if the VRRP master device has a priority of 100 and the backup device has a priority of 80, then the Priority modifier should be set to an amount greater than 20 so that if IX30 User Guide...
Page 318 For backup devices, enable and configure SureLink on the VRRP interface. Generally, this should be a LAN interface; VRRP+ will then monitor the LAN using SureLink to determine if the interface has network connectivity and promote a backup to master if SureLink fails. IX30 User Guide...
Page 319  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 320 (config)> network vrrp VRRP_test vrrp_plus monitor_master true (config)> 8. Configure the VRRP interface: a. Configure the VRRP interface's DHCP server to use a custom gateway that corresponds to one of the VRRP virtual IP addresses: IX30 User Guide...
Page 321 (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter 5s: (config)> network interface eth2 ipv4 surelink interval 5s (config)> IX30 User Guide...
Page 322 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX30 User Guide...
Page 323: Example: Vrrp/Vrrp+ Configuration
10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two IX30 devices: IX30 User Guide...
Page 324: Configure Device One (Master Device)
Configure device one (master device)  Web Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 325 9. Click to expand Virtual IP addresses. 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. IX30 User Guide...
Page 326 Command line Task 1: Configure VRRP on device one 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 327 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, ETH2, on device one 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> IX30 User Guide...
Page 328: Configure Device Two (Backup Device)
Configure device two (backup device)  Web Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 329 The new VRRP instance configuration is displayed. 5. Click Enable. 6. For Interface, select Interface: ETH2. 7. For Router ID, leave at the default setting of 50. 8. For Priority, type 80. 9. Click to expand Virtual IP addresses. IX30 User Guide...
Page 330 Task 4: Configure SureLink for ETH2 on device two 1. Click Network > Interfaces > ETH2 > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. IX30 User Guide...
Page 331 Command line Task 1: Configure VRRP on device two 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 332 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, ETH2, on device two 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> IX30 User Guide...
Page 333 2. Set the start and end addresses of the DHCP pool to use to assign DHCP addresses to clients: a. Set the start address to 200: (config)> network interface eth2 ipv4 dhcp_server lease_start 200 (config)> b. Set the end address to 250: (config)> network interface eth2 ipv4 dhcp_server lease_end 250 (config)> IX30 User Guide...
Page 334: Show Vrrp Status And Statistics
This section describes how to display VRRP status and statistics for a IX30 device. VRRP status is available from the Web UI only.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 335  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 336 Virtual IP address(es) : 10.10.10.1, 100.100.100.1 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > IX30 User Guide...
Page 337: Virtual Private Networks (Vpn)
Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) L2TP L2TPv3 Ethernet NEMO IX30 User Guide...
Page 338: Ipsec
Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The IX30 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.
Page 339: Authentication
Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX30 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX30 device uses a private RSA key to authenticate with a...
Page 340 Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. Depending on your network and firewall configuration, you may need to add a packet filtering rule to allow incoming IPsec traffic. IX30 User Guide...
Page 341  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 342 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. IX30 User Guide...
Page 343 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. IX30 User Guide...
Page 344 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the IX30 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
Page 345 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. IX30 User Guide...
Page 346 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. IX30 User Guide...
Page 347 For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. IX30 User Guide...
Page 348 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. IX30 User Guide...
Page 349 27. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 350 Default value: ipsec Current value: ipsec (config vpn ipsec tunnel ipsec_example)> Note Depending on your network configuration, you may need to add a packet filtering rule to allow incoming traffic. For example, for the IPsec zone: IX30 User Guide...
Page 351 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. IX30 User Guide...
Page 352 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key (config vpn ipsec tunnel ipsec_example)> IX30 User Guide...
Page 353 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> IX30 User Guide...
Page 354 Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. (config vpn ipsec tunnel ipsec_example)> local id type ipv4_id (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. IX30 User Guide...
Page 355 Attempts to connect to hostnames sequentially based on the list order. random: Randomly selects an IPsec peer to connect to from the hostname list. priority: Selects the first hostname in the list that is resolvable. IX30 User Guide...
Page 356 ID_FQDN IKE identity. keyid: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity. Set the key ID: (config vpn ipsec tunnel ipsec_example)> remote id type keyid_id (config vpn ipsec tunnel ipsec_example)> IX30 User Guide...
Page 357 To disable: (config vpn ipsec tunnel ipsec_example)> ike pad false (config vpn ipsec tunnel ipsec_example)> f. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: IX30 User Guide...
Page 358 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ii. Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> IX30 User Guide...
Page 359 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 2: i. Move back two levels in the schema: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> .. (config vpn ipsec tunnel ipsec_example ike)> IX30 User Guide...
Page 360 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> (config vpn ipsec tunnel ipsec_example ike phase2_proposal)> ii. Add an additional proposal: (config vpn ipsec tunnel ipsec_example ike phase2_proposal)> add end (config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)> IX30 User Guide...
Page 361 18. Configure policies that define the network traffic that will be encapsulated by this tunnel: a. Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example nat 0)> ... (config)> b. Add a policy: IX30 User Guide...
Page 362 The subnet of a local network interface. Set the network: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)> local network ? Interface: The network interface. Format: defaultip defaultlinklocal eth1 eth2 loopback Current value: IX30 User Guide...
Page 363 Matches an unlisted protocol. If other is used, set the number of the protocol: (config vpn ipsec tunnel ipsec_example policy 0)> local protocol_other int (config vpn ipsec tunnel ipsec_example policy 0)> Allowed values are an integer between 1 and 255. IX30 User Guide...
Page 364 (config)> vpn ipsec advanced ? Advanced: Advanced configuration that applies to all IPsec tunnels. Parameters Current Value --------------------------------------------------------------------- --------- debug none Debug level ike_fragment_size 1280 Maximum IKE fragment size ike_retransmit_tries IKE retransmit tries keep_alive NAT keep alive time IX30 User Guide...
Page 365 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 366: Configure Ipsec Failover
Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the IX30 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
Page 367 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).  Command line IX30 User Guide...
Page 368 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation IX30 User Guide...
Page 369: Configure Surelink Active Recovery For Ipsec
To configure the IX30 device to regularly probe the IPsec connection:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 370 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 371 Ping test: Tests connectivity by sending an ICMP echo request to the hostname or IP address specified in Ping host. You can also optionally change the number of bytes in the Ping payload size. DNS test: Tests connectivity by sending a DNS query to the specified DNS server. IX30 User Guide...
Page 372  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 373 For example, to set timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> surelink timeout 600s (config vpn ipsec tunnel ipsec_example)> The default is 15 seconds. IX30 User Guide...
Page 374 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX30 User Guide...
Page 375 If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example surelink target 0)> other_interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 IX30 User Guide...
Page 376: Show Ipsec Status And Statistics
Show IPsec status and statistics  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 3. To view configuration details about an IPsec tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 377: Debug An Ipsec Configuration
 Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 378  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 379: Configure A Simple Certificate Enrollment Protocol Client
The number of days that the certificate enrollment can be renewed, prior to the request expiring.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX30 User Guide...
Page 380 Virtual Private Networks (VPN) IPsec 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
Page 381 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the IX30 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
Page 382  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 383 Set the Domain Component: (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: IX30 User Guide...
Page 384 The default is url. c. If type is set to url, set the URL that should be used: (config network scep_client scep_client_name)> crl url value (config network scep_client scep_client_name)> 11. Configure certificate renewal: IX30 User Guide...
Page 385 15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the IX30 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
Page 386: Example: Scep Client Configuration With Fortinet Scep Server
Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the IX30 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
Page 387 IX30 configuration On the IX30 device:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 388 Fortinet server. 7. (Optional) Click Debug to enable verbose logging in /var/log/scep_client. 8. Click to expand SCEP server. 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. IX30 User Guide...
Page 389  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 390 8. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortinet server. IX30 User Guide...
Page 391: Show Scep Client Status And Information
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 392 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 393: Openvpn
OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX30 device supports two types of OpenVPN topology:...
Page 394: Configure An Openvpn Server
Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The IX30 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
Page 395 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 396 If not enabled, certificates must be created externally and added to the server. 9. If Server managed certificates is not enabled: a. Select the Authentication type: Certificate only: Uses only certificates for client authentication. Each client requires a public and private key. IX30 User Guide...
Page 397 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces. b. For Add Interface, click .
Page 398  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 399 1 and 255. The number entered here will represent the first client IP address. For example, if address is set to 192.168.1.1/24 and server_first_ip is set to 80, the first client IP address will be 192.168.1.80. The default is from 80. IX30 User Guide...
Page 400 Authentication Group and User for instructions. ii. Paste the contents of the CA certificate (usually in a ca.crt file) into the value of the cacert parameter: (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> IX30 User Guide...
Page 401 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
Page 402 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config vpn openvpn server name)> Repeat this step to include additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. IX30 User Guide...
Page 403: Configure An Openvpn Authentication Group And User
 Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 404 For Add Group, type a name for the group (for example, OpenVPN_Group) and click . The new authentication group configuration is displayed. c. Click OpenVPN access to enable OpenVPN access rights for users of this group. d. Click to expand the OpenVPN node. e. Click  to add a tunnel. IX30 User Guide...
Page 405 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. IX30 User Guide...
Page 406  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 407: Configure An Openvpn Client By Using An .Ovpn File
Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 408  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 409 (config vpn openvpn client name)> password value (config vpn openvpn client name)> 7. Paste the content of the client.ovpn file into the value of the config_file parameter: (config vpn openvpn client name)> config_file value (config vpn openvpn client name)> IX30 User Guide...
Page 410: Configure An Openvpn Client Without Using An .Ovpn File
Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 411 3. Click VPN > OpenVPN > Clients. 4. For Add, type a name for the OpenVPN client and click . The new OpenVPN client configuration is displayed. 5. The OpenVPN client is enabled by default. To disable, toggle off Enable. IX30 User Guide...
Page 412  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 413 (config vpn openvpn client name)> username value (config vpn openvpn client name)> password value (config vpn openvpn client name)> 9. Set the IP address of the OpenVPN server: (config vpn openvpn client name)> server ip_address (config vpn openvpn client name)> IX30 User Guide...
Page 414: Configure Surelink Active Recovery For Openvpn
Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the IX30 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. IX30 User Guide...
Page 415 To configure the IX30 device to regularly probe the OpenVPN connection:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 416 9. Change the Interval between connectivity tests. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Interval to ten minutes, enter 10m or 600s. The default is 15 minutes. IX30 User Guide...
Page 417 Down time: The amount of time that the interface can be down before this test is considered to have failed. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Down time to ten minutes, enter 10m or 600s. IX30 User Guide...
Page 418  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 419 (config vpn openvpn client openvpn_client1)> The default is 15 seconds. 11. Configure test targets: a. Add a test target: (config vpn openvpn client openvpn_client1)> add surelink target end (config vpn openvpn client openvpn_client1 surelink target 0)> b. Set the test type: IX30 User Guide...
Page 420 (Optional) Set the amount of time that the interface can be down before this test is considered to have failed: IX30 User Guide...
Page 421 (config vpn openvpn client openvpn_client1 surelink target 0)> If other is set: Set the alternate interface to be tested: i. Use the ? to determine available interfaces: (config vpn openvpn client openvpn_client1 surelink target 0)> other_interface ? Interface: The network interface. IX30 User Guide...
Page 422 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Surelink status and statistics for information about showing Surelink status for OpenVPN clients. IX30 User Guide...
Page 423: Show Openvpn Server Status And Statistics
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 424: Show Openvpn Client Status And Statistics
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 425 Virtual Private Networks (VPN) OpenVPN 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 426: Generic Routing Encapsulation (Gre)
Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 427  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 428 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 429  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 430 (config vpn iptunnel gre_example)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 431: Show Gre Tunnels
To view information about currently configured GRE tunnels:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
Page 432: Example: Gre Tunnel Over An Ipsec Tunnel
Example: GRE tunnel over an IPSec tunnel The IX30 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
Page 433 Configure the IX30-1 device Task one: Create an IPsec tunnel  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 434 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the IX30-2 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
Page 435  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 436 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change.  Command line IX30 User Guide...
Page 437 Task three: Create a GRE tunnel  Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). IX30 User Guide...
Page 438 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX30-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
Page 439 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface1: (config)> add network interface gre_interface1 (config network interface gre_interface1)> IX30 User Guide...
Page 440 Configure the IX30-2 device Task one: Create an IPsec tunnel  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 441 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX30-1 (testkey). 7. Click to expand Remote endpoint.
Page 442  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 443 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.  Command line IX30 User Guide...
Page 444 Task three: Create a GRE tunnel  Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). IX30 User Guide...
Page 445 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX30-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
Page 446 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> IX30 User Guide...
Page 447: L2Tp
Your IX30 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your IX30 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
Page 448 Optional configuration data in the format of a pppd options file.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 449 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces. b. For Add Interface, click .
Page 450 CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. If Automatic, CHAP, or PAP is selected, enter the Username and Password required to authenticate. The default is None. IX30 User Guide...
Page 451  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 452 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add vpn l2tp acl interface end value (config)>...
Page 453 (Optional) Set the UDP port to use to connect to the L2TP network server: (config vpn l2tp lac lac_tunnel)> port int (config vpn l2tp lac lac_tunnel)> where int is an integer between 1 and 65535. The default is 1701. IX30 User Guide...
Page 454 Set the zone: (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> h. (Optional): Custom PPP configuration: i. Enable custom PPP configuration: (config vpn l2tp lac lac_tunnel)> custom enable true (config vpn l2tp lac lac_tunnel)> IX30 User Guide...
Page 455 (config vpn l2tp lns lns_server)> local_address IP_address (config vpn l2tp lns lns_server)> d. Set the IP address to assign to the remote peer: (config vpn l2tp lns lns_server)> remote_address IP_address (config vpn l2tp lns lns_server)> e. (Optional) Set the authentication method: IX30 User Guide...
Page 456 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn l2tp lns lns_server)> IX30 User Guide...
Page 457: Configure Surelink Active Recovery For Ppp-Over-L2Tp
Type quit to disconnect from the device. Configure SureLink active recovery for PPP-over-L2TP You can configure the IX30 device to regularly probe PPP-over-L2TP access concatenators to determine if the connection has failed and take remedial action. Required configuration items A valid PPP-over-L2TP configuration.
Page 458 To configure the IX30 device to regularly probe the PPP-over-L2TP connection:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 459 For example, to set Response timeout to ten minutes, enter 10m or 600s. The default is 15 seconds. 13. Add a test target: a. Click to expand Test targets. b. For Add Test target, click . IX30 User Guide...
Page 460 14. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 461 (config vpn l2tp lac lac_tunnel)> surelink interval 600s (config vpn l2tp lac lac_tunnel)> The default is 15 minutes. 8. Determine whether the interface should fail over based on the failure of one of the test targets, or all of the test targets: IX30 User Guide...
Page 462 (config vpn l2tp lac lac_tunnel surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config vpn l2tp lac lac_tunnel surelink target 0)> ping_size [num] (config vpn l2tp lac lac_tunnel surelink target 0)> IX30 User Guide...
Page 463 (config vpn l2tp lac lac_tunnel surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter either 10m or 600s: IX30 User Guide...
Page 464 Set the expected status of the alternate interface: (config vpn l2tp lac lac_tunnel surelink target 0)> other_ status value (config vpn l2tp lac lac_tunnel surelink target 0)> IX30 User Guide...
Page 465: L2Tp With Ipsec
Show the status of L2TP access connectors from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 466 Show the status of L2TP network servers from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 467: L2Tpv3 Ethernet
The Layer2SpecificHeader type. The Sequence numbering control.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: IX30 User Guide...
Page 468 Virtual Private Networks (VPN) L2TPv3 Ethernet a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 469  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 470 (Optional) To calculate and check the UDP checksum: (config vpn l2tpeth L2TPv3_example)> udp_checksum true (config vpn l2tpeth L2TPv3_example)> 9. Add a session carried by the parent tunnel: (config vpn l2tpeth L2TPv3_example)> add session session_example (config vpn l2tpeth L2TPv3_example session_example)> IX30 User Guide...
Page 471 Reorder packets if they are received out of order. both: Add a sequence number to each outgoing packet, and reorder packets if they are received out of order. The default is none. 16. Save the configuration and apply the change: (config)> save Configuration saved. > IX30 User Guide...
Page 472: Show L2Tpv3 Tunnel Status
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 473: Nemo
Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX30 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
Page 474 If the local network is set to Interface, identify the local interface to be used.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 475 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX30 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 476 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX30 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
Page 477 (config vpn nemo nemo_example)> zone internal (config vpn nemo nemo_example)> The Internal firewall zone configures the IX30 device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network.
Page 478 Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end eth2 (config vpn nemo nemo_example)> b. (Optional) Repeat for additional interfaces. 14. Save the configuration and apply the change: (config)> save Configuration saved. > IX30 User Guide...
Page 479: Show Nemo Status
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 480 ---------- lan1 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 481 Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the MQTT broker service Use the iPerf service Configure the ping responder service IX30 User Guide...
Page 482: Allow Remote Access For Web Administration And Ssh
Add the External firewall zone to the web administration service  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 483  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 484 Services Allow remote access for web administration and SSH  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 485 Services Allow remote access for web administration and SSH 5. Select External. 6. Click Apply to save the configuration and apply the change. IX30 User Guide...
Page 486: Configure The Web Administration Service
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 487 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 488 Type quit to disconnect from the device. Configure the service  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 489 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 490 Legacy port redirection and deselect Enable. 10. For Minimum TLS version, select the minimum TLS version that can be used by client to negotiate the HTTPS session. 11. Click Apply to save the configuration and apply the change. IX30 User Guide...
Page 491  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 492 Enclose the certificate and private key contents in quotes ("). (config)> service web_admin cert "ssl-cert-and-private-key" (config)> If SSL certificate is blank, the device will use an automatically-generated, self-signed certificate. The SSL certificate and private key must be in PEM format. IX30 User Guide...
Page 493 (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI IX30 User Guide...
Page 494 (config)> service web_admin port 444 (config)> 7. (Optional) Set the minimum TLS version that can be used by client to negotiate the HTTPS session: (config)> service web_admin legacy_encryption value (config)> where value is one of: TLS-1_1 TLS-1_2 TLS-1_3 IX30 User Guide...
Page 495 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 496: Configure Ssh Access
The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 497  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 498 Services Configure SSH access 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 499 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 500  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 501 5. (Optional) Configure Multicast DNS (mDNS) mDNS is a protocol that resolves host names in small networks that do not have a DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: IX30 User Guide...
Page 502 OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1" (config)> 8. Save the configuration and apply the change: (config)> save Configuration saved. > IX30 User Guide...
Page 503 Services Configure SSH access 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 504: Use Ssh With Key Authentication
SSH service to allow SSH access for the External firewall zone.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 505 These instructions assume an existing user named temp_user. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 506 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 507: Configure Telnet Access
The telnet service is disabled by default. To enable the service:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 508 Type quit to disconnect from the device. Configure the service  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 509 Services Configure telnet access a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 510  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 511 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service telnet acl interface end value (config)>...
Page 512: Configure Dns
Type quit to disconnect from the device. Configure DNS The IX30 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
Page 513 192.168.210.1 IP address. To configure the DNS server:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 514 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 515  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 516 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. 4. (Optional) Cache negative responses IX30 User Guide...
Page 517 (Optional) Set a label for this DNS server: (config service dns server 0)> label label (config service dns server 0)> 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve IX30 User Guide...
Page 518: Show Dns Server
Command line Show DNS information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 519: Wan Bonding
The firewall zone for the new bonded interface, if other than External.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 520 4. To enable, toggle on Enable the WAN bonding service. Note The WAN bonding service must be enabled for this device in Digi Remote Manager. Contact your Digi sales representative for information. 5. For Hostname, type the hostname or IPv4 address of the external server hosting the WAN bonding service.
Page 521  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 522 Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config)> network interface ii. Set the interface. For example: (config)> network interface /network/interface/eth1 (config)> a. Set the first interface: (config)> add network sdwan wan_bonding interfaces end interface-path- and-name (config)> IX30 User Guide...
Page 523 The WAN bonding web interface can be used to view detailed WAN bonding statistics and to fine-tune the WAN bonding process, and is accessed via a web browser at http://ip- address:8088, where ip-address is the IP address of the local IX30 device. (config)> network sdwan wan_bonding web_interface password password (config)>...
Page 524: Simple Network Management Protocol (Snmp)
Enable Multicast DNS (mDNS) support. To configure the SNMP agent on your IX30 device:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 525 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 526  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 527 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service snmp acl interface end value (config)>...
Page 528 (config)> service snmp auth_type SHA (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. (config)> service snmp privacy pwd (config)> 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. IX30 User Guide...
Page 529: Download Mibs
To download a .zip archive of the SNMP MIBs supported by this device:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX30 device.
Page 530 Services Simple Network Management Protocol (SNMP) 4. Click Download. IX30 User Guide...
Page 531: Location Information
Location messages forwarded to the device from other location-enabled devices. You can also configure your IX30 device to forward location messages, either from the IX30 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
Page 532: Configure The Location Service
The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 533  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 534: Configure The Device To Use A User-Defined Static Location
You can configured your IX30 device to use a user-defined static location.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 535  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 536: Configure The Device To Accept Location Messages From External Sources
You can configure the IX30 device to accept NMEA and TAIP messages from external sources. For example, location-enabled devices connected to the IX30 device can forward their location information to the device, and then the IX30 device can serve as a central repository for this location information and forward it to a remote host. See Forward location information to a remote host information about configuring the IX30 device to forward location messages.
Page 537 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 538  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 539 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service location source 1 acl interface end value (config)>...
Page 540 8. 1. Save the configuration and apply the change: (config)> save Configuration saved. > 2. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 541: Forward Location Information To A Remote Host
Configure the IX30 device to forward location information:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 542 RMC: Reports position, velocity, and time. VTG: Reports direction and speed over ground. 11. For TAIP filters, select the filters that represent the types of messages that will be forwarded. By default, all message types are forwarded. IX30 User Guide...
Page 543  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 544 Use the ? to determine available talker IDs: (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Format: IX30 User Guide...
Page 545 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the IX30 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
Page 546 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. id: Reports the vehicle ID. IX30 User Guide...
Page 547: Configure Geofencing
Type quit to disconnect from the device. Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your IX30 device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
Page 548 Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 549 Type the Latitude and Longitude of the center point of the circle. Allowed values are: For Latitude, any integer between -90 and 90, with up to six decimal places. For Longitude, any integer between -180 and 180, with up to six decimal places. IX30 User Guide...
Page 550 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
Page 551 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: IX30 User Guide...
Page 552 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change.  Command line IX30 User Guide...
Page 553 Services Location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 554 Configure additional vortices: (config service location geofence test_geofence coordinates 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int IX30 User Guide...
Page 555 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
Page 556 Add the action: (config)> add service location geofence test_geofence on_ entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value IX30 User Guide...
Page 557 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> IX30 User Guide...
Page 558 (config)> add service location geofence test_geofence on_exit action end (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> IX30 User Guide...
Page 559 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: IX30 User Guide...
Page 560: Show Location Information
Command line Show location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 561: Modbus Gateway
Type quit to disconnect from the device. Show geofence information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 562: Configure The Modbus Gateway
The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. IX30 User Guide...
Page 563 Whether packets should have their Modbus address adjusted downward before to delivery.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 564 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX30 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 565 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 566 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX30 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
Page 567 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 568  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 569 (config service modbus_gateway server test_modbus_server)> where value is either rtu or raw. The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> IX30 User Guide...
Page 570 (config service modbus_gateway server test_modbus_ server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. IX30 User Guide...
Page 571 (config service modbus_gateway client test_modbus_client)> where type is either socket or serial. The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> IX30 User Guide...
Page 572 600s (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> IX30 User Guide...
Page 573 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: IX30 User Guide...
Page 574 (config service modbus_gateway client test_modbus_client)> filter 1 50-100 (config service modbus_gateway client test_modbus_client)> g. If request messages handled by this client should always be forwarded to a specific device, , use fixed_server_address to set the device's Modbus address: IX30 User Guide...
Page 575: Show Modbus Gateway Status And Statistics
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line.  Web IX30 User Guide...
Page 576  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 577 Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_socket_21 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses IX30 User Guide...
Page 578 Modbus gateway RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 579: System Time
Additional Configuration Options Additional upstream NTP servers.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 580 6. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 581 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your IX30 device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
Page 582  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 583: Manually Set The System Date And Time
Services Network Time Protocol 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 584: Configure The Device As An Ntp Server
The time zone setting, if the default setting of UTC is not appropriate. To configure the IX30 device's NTP service:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 585 3. Click Services > NTP. 4. Enable the IX30 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the IX30 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
Page 586  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 587 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the IX30 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
Page 588 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service ntp acl interface end value (config)>...
Page 589: Show Status And Statistics Of The Ntp Server
By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX30 device can use the NTP service. 7. (Optional) Set the timezone for the location of your IX30 device. The default is UTC. (config)> system time timezone value (config)>...
Page 590: Configure A Multicast Route
To configure a multicast route:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX30 User Guide...
Page 591 9. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 592 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 7. Set a destination interface that the IX30 device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
Page 593: Ethernet Network Bonding
Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: IX30 User Guide...
Page 594 Services Ethernet network bonding Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 595 Disable any other interfaces associated with the devices that were added to the Ethernet bond. For example, if ETH1 and ETH2 were added to the Ethernet bond, disable the ETH1 and ETH2 interfaces: IX30 User Guide...
Page 596  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 597 For example, if ETH1 and ETH2 were added to the Ethernet bond, and they are included with the ETH1 and ETH2 interfaces: a. Type ... to return to the root of the configuration: (config network interface eth_bonding_interface)> ... (config)> IX30 User Guide...
Page 598: Enable Service Discovery (Mdns)
You can enable the IX30 device to use mDNS.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 599 No limit to IPv6 addresses that can access the mDNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 600  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 601 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. IX30 User Guide...
Page 602: Use The Mqtt Broker Service
Whether to allow clients that have no client ID to connect. Whether replace the client's ID with its username.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 603 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the iperf service. d. Click  again to list additional IP addresses or networks. IX30 User Guide...
Page 604 Services Use the MQTT broker service To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces. b. For Add Interface, click . c. For Interface, select the appropriate interface from the dropdown. d. Click  again to allow access through additional interfaces.
Page 605 For Topic, type the topic. The variables %c and %u can be used as substitutes for the client ID or username. If a variable is used, it can be the only text for that level of the hierarchy.. d. For Access, select the level of access that the client will have: Read Write IX30 User Guide...
Page 606  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 607 Services Use the MQTT broker service To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service mqtt acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 608 (config service mqtt client 0)> add topic_acl end (config service mqtt client 0 topic_acl 0)> ii. Set the topic: (config service mqtt client 0 topic_acl 0)> topic value (config service mqtt client 0 topic_acl 0)> where value is one of: IX30 User Guide...
Page 609 (Optional) Set a string that identifies the listener and is sent to the clients: (config)> service mqtt encryption identifier string (config)> b. Enable the PSK identity sent by the client to be used as its username: (config)> service mqtt encryption use_identity_as_username true (config)> IX30 User Guide...
Page 610 (config service mqtt topic_acl anonymous 0)> c. Set the topic: (config service mqtt topic_acl anonymous 0)> topic value (config service mqtt topic_acl anonymous 0)> where value is one of: The topic. The signal level wildcard, +. The multi-level wildcard, #. IX30 User Guide...
Page 611 If a variable is used, it can be the only text for that level of the hierarchy. d. Set the access type to apply to the topic: (config service mqtt topic_acl pattern 0)> access value (config service mqtt topic_acl pattern 0)> where value is one of: deny read IX30 User Guide...
Page 612: Show Mqtt Broker Information
Command line Show MQTT broker information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 613: Use The Iperf Service
Type quit to disconnect from the device. Use the iPerf service Your IX30 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
Page 614 To enable the iPerf3 server:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 615 No limit to IPv6 addresses that can access the iperf service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: a. Click Interfaces.
Page 616  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 617 Services Use the iPerf service To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service iperf acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
Page 618: Example Performance Test Using Iperf3
Done. Configure the ping responder service Your IX30 device's ping responder service replies to ICMP and ICMPv6 echo requests. The service is enabled by default. You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones.
Page 619 Services Configure the ping responder service 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 620  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 621 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX30 device: (config)> add service iperf acl interface end value (config)>...
Page 622: Example Performance Test Using Iperf3
Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX30 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
Page 623 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. IX30 User Guide...
Page 624 Applications The IX30 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
Page 625: Develop Python Applications
Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. Create and test a Python application. In addition to the standard Python library, the IX30 includes a set of extensions to access its configuration and interfaces. See Python modules.
Page 626: Set Up The Ix30 For Python Development
Set up the IX30 for Python development 1. Access the IX30 local web interface a. Use an Ethernet cable to connect the IX30 to your local laptop or PC. The factory default IP address is 192.168.2.1 b. Log into the IX30 WebUI as a user with full admin access rights.
Page 627 Applications Develop Python applications Develop an application in PyCharm PyCharm allows you to write, build and run Python applications for Digi devices in a quick and easy way. This is what you can do with it: Create Python projects from scratch or import one of the available examples.
Page 628: Python Modules
Develop Python applications Python modules The IX30 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your IX30: The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces.
Page 629 Digidevice module section. Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: IX30 User Guide...
Page 630 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 631 Get help executing a CLI command from Python by accessing help for cli.execute: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 632 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 633 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 634 Read the device configuration 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 635 Use the set() and commit() methods to modify the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 636 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 637 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX30 device, and use the device_request module to send responses to those requests to Remote Manager.
Page 638 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
Page 639 This can be done from either the WebUI or the command line:  Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX30 User Guide...
Page 640 Applications Develop Python applications ii. Access the device configuration: Remote Manager: i. Locate your device as described in Use Digi Remote Manager to view and manage your device. ii. Click the Device ID. iii. Click Settings. iv. Click to expand Config.
Page 641 Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 642 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 643 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX30 Serial Number : IX30-000068 Hostname : IX30 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 22.11.48.10...
Page 644 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 645 Use the keys() and get() methods to read the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 646 Use the set() method to modify the runtime database: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 647 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
Page 648 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
Page 649 Upload a custom name 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 650 Determine if the device's location 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 651 You can update this snapsot: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 652 You can update this snapsot 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 653 Get help for the digidevice location module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 654 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 655 Get help for the digidevice maintenance module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 656 Return information about digital I/O ports 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 657 If the direction of a digital I/O port is set to output, you can set the current state of the port: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 658 Get help for the digidevice dio module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 659 Develop Python applications 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 660 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the IX30 device. With this submodule, you can: Gain control of the LED with the led.acquire() function.
Page 661 2. Import the led submodule: >>> from digidevice import led 3. Import the Led and State objects from the led submodule: >>> from digidevice.led import Led, State 4. Use led.acquire() to gain control of the all LEDs: >>> led.acquire(Led.ALL) IX30 User Guide...
Page 662: The Use(Led) Function
Use Python to control the color of multi-colored LEDs One or more LEDs in the IX30 are RGB (red, green, and blue) LEDs, capable of producing a wide range of colors. You can use the digidevice.led Python module to control the color as well as the state of these LEDs.
Page 663 Green flashing Led.ETH FLASH Led.ONLINE Led.COM Blue Led.ETH Led.ONLINE Led.COM Blue flashing Led.ETH Led.ONLINE FLASH Led.COM White Led.ETH Led.ONLINE Led.COM White flashing FLASH Led.ETH FLASH Led.ONLINE FLASH Led.COM Yellow Led.ETH Led.ONLINE Led.COM Yellow flashing FLASH Led.ETH FLASH Led.ONLINE IX30 User Guide...
Page 664: Example: Set The Lte Connection Indicator To Flashing Purple
FLASH The digidevice led submodule for a definition of the IX30's LEDs, including RGB leds, and the names of the attributes for each LED that will be used by the digidevice.led module. Example: Set the LTE connection indicator to flashing purple 1.
Page 665 SMS scripting. Enable the ability to schedule SMS scripting  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 666  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 667 COND.release() my_callback.unregister_callback() Use Python to access serial ports You can use the Python serial module to access serial ports on your IX30 device that are configured to be in Application mode. See Configure Application mode for information about configuring a serial port in Application mode.
Page 668 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your IX30 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
Page 669 "Firmware update completed" in ret: print("Failed to update firmware") return HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): IX30 User Guide...
Page 670 {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) IX30 User Guide...
Page 671 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) IX30 User Guide...
Page 672: Set Up The Ix30 To Automatically Run Your Applications
Applications Set up the IX30 to automatically run your applications Set up the IX30 to automatically run your applications This section contains the following topics: Configure scripts to run automatically Show script information Stop a script that is currently running...
Page 673  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 674 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 675 Applications Set up the IX30 to automatically run your applications 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off.
Page 676  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 677 Applications Set up the IX30 to automatically run your applications 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)>...
Page 678 Applications Set up the IX30 to automatically run your applications If once is set to false, a new instance of the script will be started at every interval, regardless of whether the script is still running from a previous interval.
Page 679: Show Script Information
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 680: Stop A Script That Is Currently Running
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 681: Start An Interactive Python Session
1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 682: Run A Python Application At The Shell Prompt
1. Upload the Python application to the IX30 device:  Web a. Log into the IX30 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the scripts directory and click  to open the directory.
Page 683: Configure Scripts To Run Manually
You can also create scripts by using the vi command when logged in with shell access. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 684: Task One: Upload The Application
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 685: Task Two: Configure The Application To Run Automatically
This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 686 7. For Commands, type the commands that will execute the script. If a Python script is being used, include the full path to the Python script. For example: python /etc/config/scripts/test.py If the script begins with #!, then the script will be invoked in the location specified by IX30 User Guide...
Page 687  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 688 If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Remove the script from the device and add it again. Make a change to the script. Disable once. IX30 User Guide...
Page 689: Start A Manual Script
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 690 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 691: User Authentication
User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for IX30 users Example user configuration IX30 User Guide...
Page 692: Ix30 User Authentication
User authentication IX30 user authentication IX30 user authentication User authentication on the IX30 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
Page 693 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. IX30 User Guide...
Page 694: Add A New Authentication Method
The types of authentication method to be used: To add an authentication method:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 695 This procedure describes how to add methods to various places in the list. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 696: Delete An Authentication Method
Type quit to disconnect from the device. Delete an authentication method  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 697  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 698: Rearrange The Position Of Authentication Methods
For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 699  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 700: Authentication Groups
Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the IX30 device by using the serial console. Preconfigured authentication groups The IX30 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.
Page 701: Change The Access Rights For A Predefined Group
By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 702  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 703: Add An Authentication Group
(config)> where value is either: full: provides users of this group with the ability to manage the IX30 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 704 Access rights to query the device for Nagios monitoring. To add an authentication group:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 705 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the IX30 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
Page 706  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 707 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> IX30 User Guide...
Page 708: Delete An Authentication Group
To delete an authentication group that you have created:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 709  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 710: Local Users
TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX30 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
Page 711: Change A Local User's Password
Change a local user's password To change a user's password:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 712  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 713: Configure A Local User
One-time use eight-digit emergency scratch codes. To configure a local user:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 714 User authentication Local users a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 715 In Add SSH key, paste or type a public encryption key that this user can use for passwordless SSH login and click . 10. (Optional) Configure two-factor authentication for SSH, telnet, and serial console login: a. Click Two-factor authentication. b. Check Enable to enable two-factor authentication for this user. IX30 User Guide...
Page 716 11. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. IX30 User Guide...
Page 717 (config auth user new_user> lockout duration value (config auth user new_user)> where value is any number of minutes, or seconds, and takes the format number{m|s}. For example, to set duration to ten minutes, enter either 10m or 600s: IX30 User Guide...
Page 718 Add the key by using the ssh_key command and pasting or typing a public encryption key that this user can use for passwordless SSH login: (config auth user new_user ssh_key)> ssh_key key (config auth user new_user ssh_key)> IX30 User Guide...
Page 719 Configure the valid code window size. This represents the allowed number of concurrently valid codes. In cases where TOTP is being used, increasing the valid code window size may be necessary when the clocks used by the server and client are not synchronized. IX30 User Guide...
Page 720: Delete A Local User
11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a local user To delete a user from your IX30:  Web IX30 User Guide...
Page 721 User authentication Local users 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 722 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 723: Terminal Access Controller Access-Control System Plus (Tacacs+)
With TACACS+ support, the IX30 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
Page 724: Tacacs+ User Configuration
The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX30. Alternatively, if the user is also configured as a local user on the IX30 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
Page 725: Tacacs+ Server Failover And Fallback To Local Authentication
$ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX30 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
Page 726 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 727 TACACS+ login fails. 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX30 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
Page 728 User authentication Terminal Access Controller Access-Control System Plus (TACACS+) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 729 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 730: Remote Authentication Dial-In User Service (Radius)
To use RADIUS authentication, you must set up a RADIUS server that is accessible by the IX30 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.
Page 731: Radius User Configuration
(password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication. This section outlines how to configure a RADIUS server to be used for user authentication on your IX30 device.
Page 732: Configure Your Ix30 Device To Use A Radius Server
60 seconds. Enable additional debug messages from the RADIUS client.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 733 (Optional) Click  again to add additional RADIUS servers. 5. (Optional) Enable Authoritative to prevent other authentication methods from being attempted if RADIUS login fails. 6. (Optional) Click RADIUS debug to enable additional debug messages from the RADIUS client. IX30 User Guide...
Page 734  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 735 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX30 device by using the WebUI, the default value is for NAS ID is httpd.
Page 736: Ldap
When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX30 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
Page 737: Ldap User Configuration
(password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX30 device.
Page 738: Ldap Server Failover And Fallback To Local Configuration
LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX30 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
Page 739 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 740 If this attribute is not set, the user will be denied access. 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of IX30 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
Page 741  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 742 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of IX30 authentication groups that the authenticated user has access to. See...
Page 743: Configure Serial Authentication
This section describes how to configure authentication for serial access.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 744  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 745: Disable Shell Access
To prohibit access to the shell prompt for all authentication groups, disable the Allow shell parameter.. This does not prevent access to the Admin CLI. Note If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.  Web IX30 User Guide...
Page 746 User authentication Disable shell access 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 747: Set The Idle Timeout For Ix30 Users
By default, the Idle timeout is set to 10 minutes.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 748  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 749 User authentication Set the idle timeout for IX30 users where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)> auth idle_timeout 600s (config)>...
Page 750: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 751  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 752 (config auth user adminuser)> password pwd (config auth user adminuser)> 7. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> 8. Save the configuration and apply the change: IX30 User Guide...
Page 753: Example 2: Radius, Tacacs+, And Local Authentication For One User
Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the IX30 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
Page 754 The authentication group on the IX30 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
Page 755 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 756 1. Configure a user on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: $ sudo gedit /etc/freeradius/3.0/users b. Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" IX30 User Guide...
Page 757 Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 758 Assign a password to the user: (config auth user adminuser)> password password1 (config auth user adminuser)> c. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> IX30 User Guide...
Page 759 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 760 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering IX30 User Guide...
Page 761: Firewall Configuration
To create a zone:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 762  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 763: Configure The Firewall Zone For A Network Interface
This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone, Internal, to External.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 764  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 765: Delete A Custom Firewall Zone
You cannot delete preconfigured firewall zones. To delete a custom firewall zone:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 766: Port Forwarding Rules
Firewall Port forwarding rules 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 767 To configure a port forwarding rule:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 768  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 769 5. Set the IP version. Allowed values are ipv4 and ipv6. The default is ipv4. (config firewall dnat 0)> ip_version ipv6 (config firewall dnat 0)> 6. Set the public-facing port number that network connections must use for their traffic to be forwarded. IX30 User Guide...
Page 770 (config firewall dnat 0 acl> add address6 end ip-address (config firewall dnat 0 acl)> Repeat for each appropriate IP address. To specify the firewall zone for white listing: (config firewall dnat 0 acl)> add zone end zone IX30 User Guide...
Page 771: Delete A Port Forwarding Rule
Delete a port forwarding rule To delete a port forwarding rule:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 772  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 773 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 774: Packet Filtering
ICMP6 To configure a packet filtering rule:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 775 Accept: Allows matching network connections. Reject: Blocks matching network connections, and sends an ICMP error if appropriate. Drop: Blocks matching network connections, and does not send a reply. 6. Select the IP version. 7. Select the Protocol. IX30 User Guide...
Page 776  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 777 7. Set the IP version. (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> IX30 User Guide...
Page 778: Enable Or Disable A Packet Filtering Rule
Enable or disable a packet filtering rule To enable or disable a packet filtering rule:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 779  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 780: Delete A Packet Filtering Rule
Delete a packet filtering rule To delete a packet filtering rule:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 781  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 782: Configure Custom Firewall Rules
To configure custom firewall rules:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 783  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 784: Configure Quality Of Service Options
These example bindings are disabled by default. Enable the preconfigured bindings  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 785  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 786 Type quit to disconnect from the device. Create a new binding  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 787 Typically, this should be 95% of the available bandwidth. Allowed value is any integer between 1 and 1000. 9. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. IX30 User Guide...
Page 788 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. IX30 User Guide...
Page 789  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 790 1 and 1000. Typically, this should be 95% of the available bandwidth. The default is 95. 7. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. IX30 User Guide...
Page 791 If the policy is not a fall-back policy, you must configure at least one rule: i. Change to the rule node of the configuration: (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)> IX30 User Guide...
Page 792 IP port number, a range of port numbers using the format IP_port- IP_port, or any. viii. Set the source address type: (config network qos 2 policy 0 rule 0)> src type value (config network qos 2 policy 0 rule 0)> IX30 User Guide...
Page 793 Only traffic from the MAC address typed in MAC address will be matched. Set the MAC address to be matched: (config network qos 2 policy 0 rule 0)> src mac MAC_address (config network qos 2 policy 0 rule 0)> IX30 User Guide...
Page 794 (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. IX30 User Guide...
Page 795: Web Filtering
Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the IX30 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
Page 796 Firewall Web filtering 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 797 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your IX30 is invalid, you can clear the device ID.  Command line 1.
Page 798: Configure Web Filtering With Manual Dns Servers
To configure web filtering with manual DNS servers:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 799  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 800 Add the first DNS server: i. Add the server: (config)> add firewall web-filter server end (config firewall web-filter server 0)> ii. Set the server's IP address: (config firewall web-filter server 0)> ip 208.67.222.220 (config firewall web-filter server 0)> IX30 User Guide...
Page 801: Verify Your Web Filtering Configuration
Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 802 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the IX30 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.
Page 803: Show Web Filter Service Information
Cisco open DNS servers. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 804 Firewall Web filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 805: Use Digi Remote Manager To Deploy And Run Containers
Containers The IX30 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.
Page 806 Containers Use Digi Remote Manager to deploy and run containers lxc container_name /bin/ping -c 30 1.1.1.1 b. For the Containers step: i. Click  to add a container to the configuration. If no containers have been uploaded, or if Click  to upload a container file.
Page 807 Containers Use Digi Remote Manager to deploy and run containers iv. (Optional) Select the Device Type and Firmware Version that applies to the container. If set, these options will limit the container to only be included in Configuration templates that match the specified device type and firmware version. If these are left blank, the container can be included in any Configuration template.
Page 808: Use An Automation To Start The Container
Containers Use Digi Remote Manager to deploy and run containers iii. Type the device ID and press the Enter key. iv. Click in the search text bar again and select Stream ID from the menu. v. Type container and press the Enter key.
Page 809 Containers Use Digi Remote Manager to deploy and run containers system script start StartContainerScript Once the automation has been created, you can: Run the automation manually. Include the automation in a Configuration template as a post-remediation or post-scan step. When creating or editing a Configuration template, at the Automation page: 1.
Page 810: Upload A New Lxc Container
Upload a new LXC container  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. From the main menu, click Status. Under Services, click Containers. 3. Click Upload New Container. 4. From your local file system, select the container file in *.tgz format.
Page 811 Serial ports on the device that the container will have access to.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 812  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 813 Determine available serial ports: (config system container name)> ... serial Serial Additional Configuration --------------------------------------------------------------------- ---------- port1 Port 1 (config system container name)> b. Add the port: (config system container name)> add ports end port1 (config system container name)> IX30 User Guide...
Page 814: Starting And Stopping The Container
To start the container in non-persistent mode: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 815: Stopping The Container
View the status of containers 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 816: Show Status Of All Containers
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 817: Schedule A Script To Run In The Container
2. Execute a ping command every ten seconds from inside the container.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 818  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 819: Create A Custom Container
In this example, we will use a simple container file named test_lxc.tgz. You can download test_lxc.tgz from the Digi website. At the command line of a Linux host, we will unpack the file, add a simple python script, and create a new container file that includes the python script.
Page 820: Create The Custom Container File
Test the custom container file 1. Add the new container to your IX30 device: i. Log into the IX30 WebUI as a user with Admin access. ii. From the main menu, click Status. Under Services, click Containers. iii. Click Upload New Container.
Page 821 Click Apply. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX30 local command line as a user with shell access.
Page 822: Digital Input/Output And Analog Input
Configure digital Input/Output ports Configure analog input ports Send digital and analog I/O monitoring information to a remote server Send digital and analog I/O monitoring information to Digi Remote Manager Show digital I/O and analog input status and statistics IX30 User Guide...
Page 823: Digital Input/Output And Analog Input Connections
Digital Input/Output and Analog Input Digital input/output and analog input connections Digital input/output and analog input connections The IX30 has an input/output connector with four digital input/output connections, and four analog input connections. I/O connector pin assignments The figure and table show the I/O connector, pin assignments, and the signals for each pin.
Page 824: Ix30 Digital Input/Output: Representative Circuit
Digital Input/Output and Analog Input IX30 digital input/output: representative circuit IX30 digital input/output: representative circuit IX30 analog input: representative circuit IX30 User Guide...
Page 825: Example Digital And Analog I/O Wiring
Example digital and analog I/O wiring Digital input with pullup Digital input without pullup Note that input is HIGH when the contact is CLOSED. Digital output The wiring diagram assumes a current-limiting resistor provided by installation or connected device is in use. IX30 User Guide...
Page 826: Analog Input, 4-20Ma Input Mode
The current limiter is limiting over 30mA. Digital input specifications This input is a non-inverting Schmitt-trigger input. The default state at power-up with no voltage applied is LOW. Specification Units + Threshold - Threshold Input impedance 4.7M Ohms IX30 User Guide...
Page 827: Digital Output
Configure digital Input/Output ports Required configuration items Whether the Input/Output pin should be handled as active low or active high. The bias on the pin to enable pull-up/pull-down. The direction of the pin, either Input or Output. IX30 User Guide...
Page 828 Additional configuration items A label for the Input/Output pin.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 829  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 830: Change The Output State Of Digital I/O Ports
 Web 1. Log into the IX30 WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Connections, click I/O. The I/O Status page is displayed:...
Page 831: Configure Analog Input Ports
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 832 Digital Input/Output and Analog Input Configure analog input ports  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 833: Calibrate Analog Input Ports
To calibrate analog inputs:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. Click System > I/O Configuration. 3. Click to expand an analog input. 4. Type or select the Low setpoint and click Calibrate.
Page 834: Send Digital And Analog I/O Monitoring Information To A Remote Server
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 835 Send digital and analog I/O monitoring information to a remote server  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 836 Send digital and analog I/O monitoring information to a remote server 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 837: Send Digital And Analog I/O Monitoring Information To Digi Remote Manager
The polling period that the device will use to gather monitoring information.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 838  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 839 Digital Input/Output and Analog Send digital and analog I/O monitoring information to Digi Remote Input Manager (config)> io monitoring drm poll_period value (config)> where value is an integer between 1 and 60. The default is 5 seconds. 6. You can also control individual data points that are uploaded to Remote Manager, to control bandwidth usage and data size.
Page 840: Show Digital I/O And Analog Input Status And Statistics
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 841 Reading : 15 mV Calibrated : false > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 842 Review device status Configure system information Update system firmware Update cellular module firmware Reboot your IX30 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configure a power profile Configuration files...
Page 843: Review Device Status
 Web To display system information: 1. Log into the IX30 WebUI as a user with Admin access. 2. On the main menu, click Status. A secondary menu appears, along with a status panel. 3. On the secondary menu, click to display the details panel for the status you want to view.
Page 844: Configure System Information
Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your IX30 device, such as providing a name and location for the device. IX30 User Guide...
Page 845 A banner that will be displayed when users access terminal services on the device. To enter system information:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 846: Update System Firmware
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 847: Manage Firmware Updates Using Digi Remote Manager
For example, IX30-22.11.48.10.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 848  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 849 Update firmware from a local file  Web 1. Download the IX30 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX30 WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
Page 850 1. Download the IX30 operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 851: Dual Boot Behavior
> reboot Rebooting system > 7. Once the device has rebooted, log into the IX30's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
Page 852: Update Cellular Module Firmware
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 853: Update Modem Firmware Over The Air (Ota)
OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 854 Newest firmware version available to download is '24.01.5x4_ATT' Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...
Page 855: Update Modem Firmware By Using A Local Firmware File
IX30 device. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 856: Reboot Your Ix30 Device
Type quit to disconnect from the device. Reboot your IX30 device You can reboot the IX30 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...
Page 857: Schedule Reboots Of Your Device
> reboot Schedule reboots of your device  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 858  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 859: Erase Device Configuration And Reset To Factory Defaults
With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
Page 860 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX30 by using the serial port or by using an Ethernet cable to connect the IX30 ETH2 port to your PC. b. Log into the IX30: User name: Use the default user name: admin.
Page 861 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the IX30 by using the serial port or by using an Ethernet cable to connect the IX30 ETH2 port to your PC. b. Log into the IX30: User name: Use the default user name: admin.
Page 862: Configure The Ix30 Device To Use Custom Factory Default Settings
Configure the IX30 device to use custom factory default settings You can configure your IX30 device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
Page 863  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 864: Locate The Device By Using The Find Me Feature
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 865: Configure A Power Profile
You can also disable the IX30's LEDs to save power and reduce light pollution. To change the active power profile:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 866  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 867 6. Save the configuration and apply the change: (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 868: Configuration Files
If you do not save configuration changes, the system discards the changes.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 869: Save Configuration To A File
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 870  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 871: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX30 device by using a backup from the device, or a backup from a similar device. ...
Page 872 System administration Configuration files 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 873: Schedule System Maintenance Tasks
The frequency (daily, weekly, or monthly) that checks for firmware updates will run.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 874 24 hours can potentially overstress the device and should be used with caution. If Duration window is set to any value other than to Immediately or 24 hours, the maintenance tasks will run at a random time during the time allotted for the duration window. IX30 User Guide...
Page 875  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 876 Configure a time period for the maintenance window: i. Configure the time of day that the maintenance window should start, using the syntax HH:MM. If the start time is not set, maintenance tasks are not scheduled and will not be run. IX30 User Guide...
Page 877 If updated firmware is found, it will then be installed. The device will look for updated firmware both on the local device and over the network, using either a WAN or cellular connection. IX30 User Guide...
Page 878 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 879: Disable Device Encryption
Disable device encryption Disable device encryption You can disable the cryptography on your IX30 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped. When device encryption is disabled, the following occurs: The device is reset to the default configuration and rebooted.
Page 880 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 IX30 User Guide...
Page 881: Configure The Speed Of Your Ethernet Ports
Configure the speed of your Ethernet ports 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your IX30 device. 3. Open a telnet session and connect to the IX30 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
Page 882 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 883: Configure The System Watchdog
You can configure your IX30 device's advanced watchdog to test the system for problems, and to reboot the device when problems are encountered.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 884  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 885 The minimum value is 60 percent, the maximum is 100 percent. The default is 95 percent. d. To log memory usage with every watchdog memory usage test, enable log_memory: (config)> system watchdog tests memory log_memory true (config)> IX30 User Guide...
Page 886 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 887 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe IX30 User Guide...
Page 888: Intelliflow
Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.
Page 889: Enable Intelliflow
The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 890  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 891: Configure Service Types
For example, to define a service type called "MyService" using ports 9000 and 9001:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 892  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 893: Configure Domain Name Groups
Type quit to disconnect from the device. Configure domain name groups Domain name groups are used to categorize serveral domains names in one group. For example, digi.com and devicecloud.com could be grouped together in an intelliFlow group called Digi.  Web...
Page 894 Monitoring intelliFlow 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 895  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 896: Use Intelliflow To Display Average Cpu And Ram Usage
This procedure is only available from the WebUI. To display display average CPU and RAM usage:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 897: Use Intelliflow To Display Top Data Usage Information
Top data usage by service To generate a top data usage chart:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
Page 898 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. IX30 User Guide...
Page 899: Use Intelliflow To Display Data Usage By Host Over Time
Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
Page 900: Configure Netflow Probe
To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX30 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
Page 901 Monitoring Configure NetFlow Probe  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 902  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 903 1 and 1800. The default is 1800. 8. Set the maximum number of flows to probe simultaneously: (config)> monitoring netflow max_flows value (config)> where value is any is any number between 0 and 2000000. The default is 2000000. IX30 User Guide...
Page 904 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 905 File system This chapter contains the following topics: The IX30 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...
Page 906: File System
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 907: Create A Directory
For example: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 908: Display File Contents
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 909: Move Or Rename A File Or Directory
Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 910: Delete A File Or Directory
Command line To delete a file named test.py in /etc/config/scripts: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 911: Upload And Download Files
Upload and download files To delete a directory named temp from /opt: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 912: Upload And Download Files By Using The Secure Copy Command
IX30 device. local-path is the location on the IX30 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX30 device, issue the following command: >...
Page 913: Upload And Download Files Using Sftp
IX30 device. For example: To copy a support report from the IX30 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 914 Transfer a file from the IX30 device to a remote host This example downloads a file named test.py from the IX30 device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
Page 915 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems IX30 User Guide...
Page 916: Perform A Speedtest
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 917: Support Report Overview
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 918 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system IX30 User Guide...
Page 919 AT commands netstat_-i Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report IX30 User Guide...
Page 920 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) IX30 User Guide...
Page 921: View System And Event Logs
View System Logs  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
Page 922  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 923: View Event Logs
View Event Logs  Web 1. Log into the IX30 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
Page 924 Diagnostics View system and event logs 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 925 Diagnostics View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 926: Configure Syslog Servers
You can configure remote syslog servers for storing event and system logs.  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 927  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 928: Configure Options For The Event And System Logs
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure options for the event and system logs The default configuration for event and system logging is: IX30 User Guide...
Page 929 To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 930  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 931 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the IX30 device erases system logs each time the device is powered off or rebooted.
Page 932 For example, to set the status interval to ten minutes, enter either 10m or 600s: (config)> system log event dhcpserver status_interval 600s (config)> 6. (Optional) See Configure syslog servers for information about configuring remote syslog servers to which log messages will be sent. IX30 User Guide...
Page 933 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 934: Analyze Network Traffic
Analyze network traffic Analyze network traffic The IX30 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
Page 935: Configure Packet Capture For The Network Analyzer
The frequency with which captured events will be saved. To configure a packet capture configuration:  Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 936 You can select from preconfigured filters to determine which types of packets to capture or ignore, or you can create your own Berkeley packet filter expression. b. To create a filter that either captures or ignores packets from a particular IP address or network: IX30 User Guide...
Page 937 For Ethernet MAC address, type the MAC address to be captured or ingored. iv. For Source or destination Ethernet MAC address, select whether the filter should apply to packets when the Ethernet MAC address is the source, the destination, or both. IX30 User Guide...
Page 938 Set time: Runs the capture filter at a specified time of the day. If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. IX30 User Guide...
Page 939  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 940 Use the ? to determine available protocols and the appropriate format: (config network analyzer name filter protocol 0)> protocol ? IP protocol to capture or ignore: IP protocol to capture or ignore. Format: icmp icmpv6 igmp ospf other IX30 User Guide...
Page 941 The filter will apply to packets when the port is the source. destination: The filter will apply to packets when the port is the destination. either: The filter will apply to packets when the port is either the source or the destination. IX30 User Guide...
Page 942 To create a filter that either captures or ignores packets from one or more specified VLANs: i. Add a new VLAN filter: (config network analyzer name)> add filter vlan end (config network analyzer name filter vlan 0)> IX30 User Guide...
Page 943 (config network analyzer name)> on_interval 600s (config network analyzer name)> set_time: Runs the script at a specified time of the day. If set_time is set, set the time that the script should run, using the format HH:MM: IX30 User Guide...
Page 944: Example Filters For Capturing Data Traffic
The following are examples of filters using Berkeley Packet Filter (BPF) syntax for capturing several types of network data. See https://biot.com/capstats/bpf.html for detailed information about BPF syntax. Example IPv4 capture filters Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 IX30 User Guide...
Page 945: Capture Packets From The Command Line
See Configure packet capture for the network analyzer for information about scheduling packet capturing. Additional analyzer commands allow you to: IX30 User Guide...
Page 946: Stop Capturing Packets
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 947: Show Captured Traffic Data
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 948 See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > show anaylzer name ? name: Name of the capture filter to use. Format: test_capture capture_ping IX30 User Guide...
Page 949: Save Captured Data Traffic To A File
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 950  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 951: Clear Captured Data
 Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 952: Use The Ping Command To Troubleshoot Network Connections
Ping to check internet connection To check your internet connection: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
Page 953 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 954: Digi Ix30 Regulatory And Safety Statements
Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX30 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 955 Digi IX30 regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market. Refer to the radio regulatory agency in the desired countries of operation for more information.
Page 956: Maximum Transmit Power For Radio Frequencies
Digi IX30 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Maximum transmit power for the EC25-AU modem Frequency Max. Min. GSM850/GSM900 33dBm±2dB...
Page 957: Rohs Compliance Statement
However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance. Digi International assumes no liability for an end user’s failure to comply with these precautions.
Page 958: Product Disposal Instructions
At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU IX30 User Guide...
Page 959 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español IX30 User Guide...
Page 960: English
Do not power on the unit in any aircraft. Operation of this equipment in a residential environment could cause radio interference. For ambient temperatures above 60° C, this equipment must be installed in a Restricted Access Location only. IX30 User Guide...
Page 961: Bulgarian--Бъ Л Га Рс Ки
З а окол ни т е м пе ра т ури на д 60 ° C, т ов а оборудв а не т ря бв а да с е инс т а л ира с а м о на м я с т о с огра нич е н дос т ъ п. IX30 User Guide...
Page 962: Croatian--Hrvatski
j edinicu ni u jednom zrakoplovu. Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje. Za okolne temperature iznad 60 ° C, ova oprema mora biti instalirana samo na mjestu s ograničenim pristupom. IX30 User Guide...
Page 963: French--Français
L'utilisation de cet équipement dans un environnement résidentiel peut provoquer des interférences radio. Pour des températures ambiantes supérieures à 60 °C, cet équipement doit être installé uniquement dans un emplacement à accès restreint. IX30 User Guide...
Page 964: Greek--Ε Λλην Ικά
Γ ια θερ μοκρ ασ ίες περ ιβάλλον τ ος άν ω τ ων 60 ° C, αυτ ός ο εξ οπλισ μός πρ έπει ν α εγ κατ ασ τ αθεί μόν ο σ ε θέσ η περ ιορ ισ μέν ης πρ όσ βασ ης IX30 User Guide...
Page 965: Hungarian--Magyar
60 ° C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. IX30 User Guide...
Page 966: Italian--Italiano
Non accendere l'unità in nessun aereo. Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare interferenze radio. Per temperature ambiente superiori a 60° C, questa apparecchiatura deve essere installata solo in un luogo ad accesso limitato. IX30 User Guide...
Page 967: Latvian--Latvietis
Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus. Ja apkārtējā temperatūra pārsniedz 60 ° C, šī iekārta jāuzstāda tikai ierobežotas piekļuves vietā. IX30 User Guide...
Page 968: Lithuanian--Lietuvis
Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. Naudojant šią įrangą gyvenamojoje aplinkoje, gali kilti radijo trukdžių. Esant aukštesnei nei 60 ° C aplinkos temperatūrai, ši įranga turi būti montuojama tik riboto patekimo vietoje. IX30 User Guide...
Page 969: Polish--Polskie
życie. Nie włączaj urządzenia w żadnym samolocie. Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe. W przypadku temperatur otoczenia powyżej 60°C urządzenie to należy instalować wyłącznie w miejscach o ograniczonym dostępie. IX30 User Guide...
Page 970: Portuguese--Português
Não ligue a unidade em nenhuma aeronave. A operação deste equipamento em um ambiente residencial pode causar interferência de rádio. Para temperaturas ambientes acima de 60 ° C, este equipamento deve ser instalado apenas em locais de acesso restrito. IX30 User Guide...
Page 971: Slovak--Slovák
života. Jednotku nezapínajte v žiadnom lietadle. Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové rušenie. Pri teplotách okolia nad 60 ° C musí byť toto zariadenie inštalované iba na mieste s obmedzeným prístupom. IX30 User Guide...
Page 972: Slovenian--Esloveno
življenja. Enote ne vklopite v nobenem letalu. Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje. Pri temperaturah okolice nad 60 ° C mora biti ta oprema nameščena samo na lokaciji z omejenim dostopom. IX30 User Guide...
Page 973: Spanish--Español
Para temperaturas ambiente superiores a 60 ° C, este equipo debe instalarse únicamente en una ubicación de acceso restringido. DigiIX30 Certifications International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. IX30 User Guide...
Page 974 DigiIX30 Certifications International EMC (Electromagnetic Compatibility) and safety standards There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1 Electromagnetic Compatibility (EMC) compliance standards EN 301 893 v1.7.2...
Page 975 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 1001 IX30 User Guide...
Page 976: Command Line Interface
Log in to the command line interface  Command line 1. Connect to the IX30 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.
Page 977: Exit The Command Line Interface
2. At the main menu, click Terminal. The device console appears. IX30 login: 3. Select the device in Remote Manager and click Actions > Open Console, or log into the IX30 local command line as a user with full Admin access rights.
Page 978 Command line interface Execute a command from the web interface The Admin CLI prompt appears. > IX30 User Guide...
Page 979: Display Help For Commands And Parameters
Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX30 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...
Page 980: Display Help For Individual Commands
Show IP routing information. scep-client Show SCEP client statistics. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. > show IX30 User Guide...
Page 981: Use The Tab Key Or The Space Bar To Display Abbreviated Help
Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. IX30 User Guide...
Page 982: Available Commands
Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the IX30 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX30 device and a IX30 User Guide...
Page 983: Use The Scp Command
The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the IX30 device from a remote host, or to the remote host from the IX30 device.
Page 984 IX30 device. For example: To copy a support report from the IX30 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
Page 985: Display Status And Statistics Using The Show Command
Command line interface Display status and statistics using the show command Display status and statistics using the show command The IX30 show command display status and statistics for various features. For example: show config show config command displays all the configuration settings for the device that have been changed from the default settings.
Page 986: Show Network
For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX30 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
Page 987 Multicast remote_control Remote control snmp SNMP telnet Telnet web_admin Web administration > config service 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. IX30 User Guide...
Page 988: Configuration Mode
There are two ways to enter configuration commands while in configuration mode: Enter the full command string from the config prompt. For example, to disable the ssh service by entering the full command string at the config prompt: IX30 User Guide...
Page 989: Save Changes And Exit Configuration Mode
In configuration mode, configuration actions are available to perform tasks related to saving or canceling the configuration changes, and to manage items and elements in lists. The commands can be listed by entering a question mark (?) at the config prompt. IX30 User Guide...
Page 990: Display Command Line Help In Configuration Mode
(?) character at the config prompt. For example: 1. Enter ? at the config prompt: (config)> ? This will display the following help information: (config)> ? Additional Configuration ------------------------------------------------------------------------ application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network IX30 User Guide...
Page 991 SNMP telnet Telnet web_admin Web administration (config)> service 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)> service ssh ? IX30 User Guide...
Page 992 (config)> service ssh enable ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> IX30 User Guide...
Page 993: Move Within The Configuration Schema
You can also enter multiple nodes at once to move multiple steps in the configuration: (config)> service ssh acl zone (config service ssh acl zone)> Move backward one node in the configuration by entering two periods (..): (config service ssh acl zone)> .. (config service ssh acl)> IX30 User Guide...
Page 994: Manage Elements In Lists
As demonstrated above, the end keyword is used to add an element to the end of a list. Additionally, the end keyword is used to add an element to a list that does not have any elements. For example, to add an authentication group to a user that has just been created: IX30 User Guide...
Page 995 Use the show command to verify that the local authentication method was removed: (config)> show auth method 0 tacacs+ 1 radius (config)> Move elements within a list Use the move command to reorder elements in a list. For example, to reorder the authentication methods: IX30 User Guide...
Page 996: The Revert Command
(config)> The revert command The revert command is used to revert changes to the IX30 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
Page 997 3. Save the configuration and apply the change: (config auth method)> save Configuration saved. > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide...
Page 998: Enter Strings In Configuration Commands
(config)> system description "Digi IX30" Example: Create a new user by using the command line In this example, you will use the IX30 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
Page 999 IX30 User Guide...
Page 1000 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX30 User Guide 1000...

Digi IX30 User Manual

Quick Links

Related Manuals for Digi IX30

Summary of Contents for Digi IX30