Digi Connect IT 4 User Manual

Hide thumbs Also See for Connect IT 4:
Table of Contents

Advertisement

Quick Links

Digi Connect IT® 4
User Guide
Firmware version 23.3

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Connect IT 4 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Digi Connect IT 4

  • Page 1 Digi Connect IT® 4 User Guide Firmware version 23.3...
  • Page 2 Revision history—90002355 Revision Date Description Release of Digi Connect IT 4 firmware version 23.3: May 2023 Surelink: Redesigned Surelink configuration settings. Added show surelink state Admin CLI command to display the overall pass/fail status of enabled Surelink tests. Added a AT&T LWM2M support setting to enable or disable AT&T lightweight M2M on cellular modems.
  • Page 3 Added Monitoring > Device Health > Only report changed values to Digi Remote Manager option to control sending metrics to Digi Remote Manager on the basis of whether the values have changed since they were last reported. Added Monitoring > Device Health > Data point tuning configuration options to fine tune what datapoints are uploaded as health metrics to Digi Remote Manager.
  • Page 4 Additional changes: Updated LED information: Connect IT 4 hardware and LEDs Release of Digi Connect IT 4 firmware version 22.5: June 2022 5G enhancements: Added 5G slice support for configuring the slice type for the 5G modems.
  • Page 5 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
  • Page 6 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect IT® 4 User Guide, 90002355 A) in the subject line of your email. Digi Connect IT® 4 User Guide...
  • Page 7: Table Of Contents

    Using the local web interface Log out of the web interface Use the local REST API to configure the Connect IT 4 device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and list arrays...
  • Page 8 Local Area Networks (LANs) About Local Area Networks (LANs) Configure a Local Area Network (LAN) Configure the WAN port as a LAN or in a bridge Change the default LAN subnet Show LAN status and statistics Digi Connect IT® 4 User Guide...
  • Page 9 Configure routing services Show the routing table Dynamic DNS Configure dynamic DNS Virtual Router Redundancy Protocol (VRRP) VRRP+ Configure VRRP Configure VRRP+ Example: VRRP/VRRP+ configuration Configure device one (master device) Configure device two (backup device) Digi Connect IT® 4 User Guide...
  • Page 10 Allow remote access for web administration and SSH Configure the web administration service Configure SSH access Use SSH with key authentication Generating SSH key pairs Configure telnet access Configure DNS Show DNS server Simple Network Management Protocol (SNMP) Digi Connect IT® 4 User Guide...
  • Page 11 Set up the Connect IT 4 for Python development Create and test a Python application Python modules Set up the Connect IT 4 to automatically run your applications Configure scripts to run automatically Show script information Stop a script that is currently running...
  • Page 12 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your Connect IT 4 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
  • Page 13 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple Connect IT 4 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 14 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Hardware Connect IT 4 hardware and LEDs Front panel and LEDs Back panel LTE status indicators Signal strength...
  • Page 15 Move within the configuration schema Manage elements in lists The revert command Enter strings in configuration commands Example: Create a new user by using the command line Command line reference analyzer clear analyzer save Digi Connect IT® 4 User Guide...
  • Page 16 Digi Connect IT® 4 User Guide...
  • Page 17 Digi Connect IT® 4 User Guide...
  • Page 18: Digi Connect It® 4 User Guide

    This guide provides reference and usage information for the Connect IT. The Connect IT 4 provides out-of-band management for remote network or infrastructure devices. Cellular connectivity, available as standard in some models and as an option in other models, provides fast reliable cellular connections without additional equipment.
  • Page 19: Get Started With Connect It

    Cellular ONLY: Insert the CORE module. Connect the hardware to a network. Using the local web interface. Update system firmware Change a local user's password Connect equipment to the Connect IT serial ports. Digi Connect IT® 4 User Guide...
  • Page 20: Verify Product Components

    If you purchased the global variant (-GLB) you will receive the Universal power supply kit. For instructions about exchanging power tips, see Exchange power tips. Antennas (2) CORE module This is included with some versions of the Connect IT 4 modules. Digi Connect IT® 4 User Guide...
  • Page 21: Required Additional Equipment

    Required additional equipment Equipment Description CAT 5/6 Ethernet cable Ethernet cable The cable is used to connect your PC to the Connect IT 4 for initial configuration. Connect hardware and connect to site network using an Ethernet LAN. An activated SIM card provided by your cellular network operator.
  • Page 22: Prerequisites

    Get started with Connect IT Cellular ONLY: Insert the CORE module This section explains how to connect the Digi CORE® module and cellular antennas to the Connect IT hardware. Prerequisites Activated SIM card from your cellular network provider. CORE module. This may be included with your device. If it is not, you must purchase one separately.
  • Page 23: Connect The Hardware To A Network

    Connect IT 4. 2. Connect one end of an Ethernet cable to your site gateway. 3. Connect the other end of the Ethernet cable to the Ethernet LAN port on the Connect IT 4. Digi Connect IT® 4 User Guide...
  • Page 24: Connect Equipment To The Connect It Serial Ports

    The RS232 standard requires support for baud rates up to 9600 baud on shielded multicore cable up to 50 feet (15 meters) long. For the Connect IT 4, the use of standard CAT 5 cables enables serial communication at all baud rates up to 50 feet. CAT5 unshielded twisted pair cable lengths much longer than 50 feet have been verified at 9600 baud but are non-standard and are not guaranteed.
  • Page 25 Connect equipment to the Connect IT serial ports Serial port pinout and use The Connect IT 4 RS232 serial ports are DTE and have the following pin configuration. Description Signal Pin 1 Output from Connect IT 4 Request to send...
  • Page 26 Using Digi Remote Manager Access Digi Remote Manager Using the local web interface Use the local REST API to configure the Connect IT 4 device Access the terminal screen from the web UI Using the command line Digi Connect IT® 4 User Guide...
  • Page 27: Firmware Configuration

    Firmware configuration Review Connect IT 4 default settings Review Connect IT 4 default settings You can review the default settings for your Connect IT 4 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect IT 4 WebUI as a user with Admin access. See Using the local web interface for details.
  • Page 28: Other Default Configuration Settings

    Packet filtering allows all outbound traffic. Security policies SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Login...
  • Page 29 Firmware configuration Change the default password for the admin user 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 30: Configuration Methods

    A robust command line allows you to perform all configuration and management tasks from within a command shell. Both the Remote Manager and the local web interface also have the option to open a terminal emulator for executing commands on your Connect IT 4 device. See Using the command line for more information about using the command line to manage and configure your Connect IT 4 device.
  • Page 31: Using Digi Remote Manager

    Using the local web interface To connect to the Connect IT 4 local Web UI: 1. Use an Ethernet cable to connect the Connect IT 4's ETH2 port to a laptop or PC. 2. Open a browser and go to 192.168.2.1.
  • Page 32: Log Out Of The Web Interface

    Use the local REST API to configure the Connect IT 4 device Your Connect IT 4 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
  • Page 33 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 34: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Firmware configuration Use the local REST API to configure the Connect IT 4 device $ curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/value/service/ssh -X Enter host password for user 'admin': ok": true, "result": { "type": "object", "path": "service.ssh" "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge"...
  • Page 35: Use The Delete Method To Remove Items From A List Array

    Firmware configuration Use the local REST API to configure the Connect IT 4 device path is the path to the configuration parameter, in dot notation (for example, ssh.service.enable). new_value is the new value for the parameter. For example, to disable the ssh service using curl: $ curl -k -u admin "https://192.168.210.1/cgi-...
  • Page 36: Access The Terminal Screen From The Web Ui

    Type '~b.' to disconnect from port Type '~b?' to list commands 6. Enter ~b? to display additional commands. Note The ~bP, ~bO, and ~bN commands are used with the remote power management feature. See Configure Remote Power Management. Digi Connect IT® 4 User Guide...
  • Page 37 Power off all the outlets on this port. Power on all the outlets on this port. Display a list of commands. 7. Enter ~b. to disconnect from the port. Digi Connect IT® 4 User Guide...
  • Page 38: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the Connect IT 4 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.
  • Page 39: Exit The Command Line Interface

    1: Serial: port1 (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type a or admin to access the Connect IT 4 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands...
  • Page 40: Configure Remote Power Management

    Manage power to the power controller outlets You can manage the power to an individual outlet on the power controller from the web UI or a terminal. Manage the power to the power controller outlets from the Connect IT Digi Connect IT® 4 User Guide...
  • Page 41: Configure The Connect It To Connect To A Power Controller Using A Serial Port

    7. Expand the Serial Settings section. The entries in the following fields must match the information for the power controller. Refer to your power controller manual for the correct entries: Baud rate, Data bits, Parity, Stop bits, and Flow control. 8. Click Apply. Digi Connect IT® 4 User Guide...
  • Page 42: Connect A Power Controller To The Connect It Serial Port

    The serial port you configure for an outlet must be configured for Remote Access mode. d. Repeat the process to configure additional outlets. You can click Add Outlet to add another outlet. 12. Click Apply. Digi Connect IT® 4 User Guide...
  • Page 43: Connect A 3Rd-Party Device To The Connect It Serial Port And The Power Controller

    2. Connect one end of a serial cable to the serial port on the Connect IT that is configured to communicate with a 3rd-party device plugged into the power controller. In this example, serial port 5 is configured to communicate. Digi Connect IT® 4 User Guide...
  • Page 44: Configure The Connect It To Connect To A Power Controller Using The Network

    From the Controlled Device list box, select a serial port. In this example, outlet 1 is configured for serial port 4. d. Repeat the process to configure additional outlets. You can click Add Outlet to add another outlet. 12. Click Apply. Digi Connect IT® 4 User Guide...
  • Page 45: Connect The Connect It To Your Network

    Connect a 3rd-party device to a serial port on the Connect IT and then to the power controller You can complete the connection between the power controller, the Connect IT, and the 3rd-party device that you want to manage from the Connect IT. Digi Connect IT® 4 User Guide...
  • Page 46: Create An Access Control Group For Power Management And Assign To Users

    Expand the Power outlets section. b. Click + next to Add Outlet. c. From the Outlet list box, select an outlet for the group. d. Repeat the process to add additional outlets. 9. Click Apply. Digi Connect IT® 4 User Guide...
  • Page 47: Manage The Power To The Power Controller Outlets From The Connect It

    7. Enter ~b. to disconnect from the port. View power controller status and manage power (Administrators) You can view the status of each outlet configured for a power controller and turn the power to an outlet on and off. Digi Connect IT® 4 User Guide...
  • Page 48: Control The Outlet Power From The Serial Status Page

    Click ON to turn power to the outlet off. OFF: OFF displays in red when there is no power to the outlet configured for the serial port. Click OFF to turn power to the outlet on. Digi Connect IT® 4 User Guide...
  • Page 49: Configure Connect It Features

    Log in to the web 2. Make sure your device is in remote access mode. 3. Click System > Serial Configuration. 4. Expand the port that you want to configure for use with the power controller. Digi Connect IT® 4 User Guide...
  • Page 50: Configure Automatic Detection From The Script

    3. Modify the script (serial-detect) from the shell prompt 4. Save your changes. File System web page Log in to the web 2. Click System > File System. 3. Navigate to the script: /opt/serial-detect 4. Highlight the script. Digi Connect IT® 4 User Guide...
  • Page 51: Configure Data Pattern Matching

    5. Look in the Message column for the message, which is in the following format: "Received <data pattern> on port <label>" Where <data pattern> is the matched data pattern that you configured and <label> is the port number from which the message originated. Digi Connect IT® 4 User Guide...
  • Page 52: Send Email Notification And/Or An Snmp Trap When An Event Occurs

    3. Expand System > Log. 4. Expand Email notifications. 5. Click Enable. The slider is blue when enabled. a. From the Server type list box, select the method used to connect and authenticate with the SMTP server. Digi Connect IT® 4 User Guide...
  • Page 53: Configure An Snmp Trap

    In the Community name field, enter the SNMP destination community name. The default is public. e. Repeat this process to add an additional destination, if needed. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 54: Interfaces

    Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wide Area Networks (WANs) Local Area Networks (LANs) Virtual LANs (VLANs) Bridging Show SureLink status and statistics Digi Connect IT® 4 User Guide...
  • Page 55: Wide Area Networks (Wans)

    Wide Area Networks (WANs) Wide Area Networks (WANs) The Connect IT 4 device is preconfigured with one Wide Area Network (WAN), named WAN, and one Wireless Wide Area Network (WWAN), named Modem. You can modify configuration settings for the existing WAN and WWANs, and you can create new WANs and WWANs.
  • Page 56: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)

    Wireless Wide Area Network (WWAN), named Modem. You can also create additional WANs and WWANs. When a WAN is initialized, the Connect IT 4 device automatically adds a default IP route for the WAN. The priority of the WAN is based on the metric of the default route, as configured in the WAN's IPv4 and IPv6 metric settings.
  • Page 57 Click IPv6. d. For Metric, type 1. 4. Set the metrics for WAN: a. Click Network > Interfaces > WAN > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. Digi Connect IT® 4 User Guide...
  • Page 58 5. Click Apply to save the configuration and apply the change. The Connect IT 4 device is now configured to use the cellular modem WWAN, Modem, as its highest priority WAN, and its Ethernet WAN, WAN, as its secondary WAN.
  • Page 59: Wan/Wwan Failover

    WAN, and its Ethernet WAN, WAN, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the Connect IT 4 device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
  • Page 60: Configure Surelink Active Recovery To Detect Wan/Wwan Failures

    Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the Connect IT 4 device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 61 Otherwise, the device will reboot and all recovery actions listed after the Reboot Device action will be ignored.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 62 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the Connect IT 4 device to automatically recover the modem in the event that it cannot obtain an IP address. See...
  • Page 63 DHCP, or statically configured for this interface. Test the interface status: Tests the current status of the interface. The test fails if the interface is down. Failing this test infers that all other tests fail. Digi Connect IT® 4 User Guide...
  • Page 64 Click to expand Recovery actions. By default, there are two preconfigured recovery actions: Update routing: Uses the Change default gateway action, which increases the interface's metric by 100 to change the default gateway. Restart interface. Digi Connect IT® 4 User Guide...
  • Page 65 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect IT® 4 User Guide...
  • Page 66 The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 67 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the Connect IT 4 device to automatically recover the modem in the event that it cannot obtain an IP address. See...
  • Page 68 Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: (config network interface my_wan surelink tests 1)> dns_server IP_ address (config network interface my_wan surelink tests 1)> Digi Connect IT® 4 User Guide...
  • Page 69 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan surelink tests 1)> interface_ timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: Digi Connect IT® 4 User Guide...
  • Page 70 Current value: (config network interface my_wan surelink tests 1)> other_ interface ii. Set the interface. For example: (config network interface my_wan surelink tests 1)> other_ interface /network/interface/wan (config network interface my_wan surelink tests 1)> Digi Connect IT® 4 User Guide...
  • Page 71 Set the type of recovery action. If multiple recovery actions are configured, they are performed in the order that they are listed. The command varies depending on whether the interface is a WAN or WWAN: Digi Connect IT® 4 User Guide...
  • Page 72 Set the number of attempts for this recovery action to perform, before moving to the next recovery action: (config network interface my_wan surelink actions 0)> max_ attempts int (config network interface my_wan surelink actions 0)> The default is 3. Digi Connect IT® 4 User Guide...
  • Page 73 This recovery action is available for WWAN interfaces only. If modem_power_cycle is selected, complete the following: Set the number of attempts for this recovery action to perform, before moving to the next recovery action: Digi Connect IT® 4 User Guide...
  • Page 74 (config network interface my_wan surelink actions 0)> custom_ action_commands_modem "string" (config network interface my_wan surelink actions 0)> Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect IT® 4 User Guide...
  • Page 75 (config)> network interface my_wan surelink timeout value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: Digi Connect IT® 4 User Guide...
  • Page 76 IP address is not accessible due to networking issues. To set to an alternate host: (config)> network interface my_wan surelink advanced interface_gateway hostname/IP_address (config)> 8. Save the configuration and apply the change: (config network interface my_wan ipv4 surelink)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 77: Configure The Device To Reboot When A Failure Is Detected

    Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the Connect IT 4 device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 78 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 79 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi Connect IT® 4 User Guide...
  • Page 80 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 81 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 82 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect IT® 4 User Guide...
  • Page 83 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 84 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the Connect IT 4 device to automatically recover the modem in the event that it cannot obtain an IP address. See...
  • Page 85 (config network interface my_wan surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: Digi Connect IT® 4 User Guide...
  • Page 86 Set the TCP port to create a TCP connection to. (config network interface my_wan surelink tests 1)> tcp_port port (config network interface my_wan surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 87 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). f. Repeat for each additional test. Digi Connect IT® 4 User Guide...
  • Page 88 Type ... to return to the root of the configuration: (config network interface my_wan surelink actions 0)> ... (config)> b. Set the test interval between connectivity tests: (config)> network interface my_wan surelink interval value (config)> Digi Connect IT® 4 User Guide...
  • Page 89 For example, to set delayed_start to ten minutes, enter either 10m or 600s: (config)> network interface my_wan surelink advanced delayed_start 600s (config)> Digi Connect IT® 4 User Guide...
  • Page 90: Disable Surelink

    SureLink to disable the DNS test and use one or more other tests.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: Digi Connect IT®...
  • Page 91 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 92 WAN connections that do not allow DNS resolution, and configure alternate test.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 93 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect IT® 4 User Guide...
  • Page 94 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect IT® 4 User Guide...
  • Page 95 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 96 Failing this test infers that all other tests fail. If interface_up is set, complete the following: Set the amount of time that the interface is down before the test can be considered to have failed. Digi Connect IT® 4 User Guide...
  • Page 97 If tcp_connection is selected, complete the following: Set the hostname or IP address of the host to create a TCP connection to: (config network interface my_wan surelink tests 1)> tcp_host hostname/IP_address (config network interface my_wan surelink tests 1)> Digi Connect IT® 4 User Guide...
  • Page 98 The IPv6 connection must be up. The status required for the test to past. (config network interface my_wan surelink tests 1)> other_ status value (config network interface my_wan surelink tests 1)> where value is one of: Digi Connect IT® 4 User Guide...
  • Page 99: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular

    Update Routing recovery action will increase the metric for the WAN interface by 100, which will cause the Connect IT 4 device to start using the Modem interface as the default route. It continues to regularly test the connection to WAN, and when tests on WAN succeed, the device falls back to that interface.
  • Page 100 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 101: Using Ethernet Devices In A Wan

    Using Ethernet devices in a WAN The Connect IT 4 device has two Ethernet devices, named WAN and LAN. You can use these Ethernet interfaces as a WAN when connecting to the Internet, through a device such as a cable modem:...
  • Page 102: Using Cellular Modems In A Wireless Wan (Wwan)

    SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 103 Interfaces Wide Area Networks (WANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 104 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 105 Current value: all (config)> The default is all, which uses the best available technology. 10. Set whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas: Digi Connect IT® 4 User Guide...
  • Page 106 APN. To configure the APN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 107    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 108 No authentication is required. auto: The device will attempt to connect using CHAP first, and then PAP. chap: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. pap: Uses the Password Authentication Profile (PAP) to authenticate. Digi Connect IT® 4 User Guide...
  • Page 109 Dual-APN connections with the Telit LE910-NAv2 module when using a Verizon SIM are not supported. Using an AT&T SIM with the Telit LE910-NAv2 module is supported. The Telit LE910-NAv2 module is used in the 1002-CM04 CORE modem. Digi Connect IT® 4 User Guide...
  • Page 110 Interfaces Wide Area Networks (WANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 111 Interfaces Wide Area Networks (WANs) f. (Optional): Configure the public APN. If the public APN is not configured, the Connect IT 4 will attempt to determine the APN. i. Click to expand APN list > APN. ii. For APN, type the public APN for your cellular carrier.
  • Page 112 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. Digi Connect IT® 4 User Guide...
  • Page 113 (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the Connect IT 4 will attempt to determine the APN. (config network interface WWANPublic)> modem apn public_apn (config network interface WWANPublic)>...
  • Page 114 (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> d. Configure the source address: i. Set the source type to interface: (config network route policy 0)> src type interface (config network route policy 0)> Digi Connect IT® 4 User Guide...
  • Page 115 Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> ii. Set the interface to LAN2: (config network route policy 1)> src interface LAN2 (config network route policy 1)> Digi Connect IT® 4 User Guide...
  • Page 116 Select Manual or Manual/Automatic carrier selection mode. The Network PLMN ID.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 117 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 118    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. From the main menu, click Status > Modems. 3. croll to the Connection Status section and click SCAN.
  • Page 119 If Manual is selected, your modem must support the Network technology or the modem will lose cellular connectivity. If you are using a cellular connection to perform this procedure, you may lose your connection and the device will no longer be accessible.    Command line Digi Connect IT® 4 User Guide...
  • Page 120 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 121 : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) SIM Slot SIM Status : ready IMSI : 61582122197895 ICCID : 26587628655003992180 SIM Provider : AT&T RSRQ : Good (-11.0 dB) Digi Connect IT® 4 User Guide...
  • Page 122 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 123 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 124 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 125: Configure A Wide Area Network (Wan)

    When to use DNS: always, never, or only when this interface is the primary default route. When to use DNS servers for this interface. Whether to include the Connect IT 4 device's hostname in DHCP requests. IPv6 configuration: The metric for IPv6 routes associated with the WAN.
  • Page 126 Interfaces Wide Area Networks (WANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 127 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 128 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the Connect IT 4 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 129 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 130 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the Connect IT 4 device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 131 Modify any of the remaining default settings as appropriate. For example, to change the metric: (config network interface my_wan)> ipv6 metric 1 (config network interface my_wan)> If the minimum length is not available, then a longer prefix will be used. Digi Connect IT® 4 User Guide...
  • Page 132 8. (Optional) To configure 802.1x port based network access control: Note The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the Connect IT 4 device: (config network interface my_wan)>...
  • Page 133: Configure A Wireless Wide Area Network (Wwan)

    The IPv6 Maximum Transmission Unit (MTU) of the WAN. When to use DNS: always, never, or only when this interface is the primary default route. SureLink active recovery configuration. See Configure SureLink active recovery to detect WAN/WWAN failures for further information. Digi Connect IT® 4 User Guide...
  • Page 134 Interfaces Wide Area Networks (WANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 135 SIM before failing over to the next available SIM. b. For SIM failover alternative, configure how SIM failover will function if automatic SIM switching is unavailable: None: The device will perform no alternative action if automatic SIM switching is unavailable. Digi Connect IT® 4 User Guide...
  • Page 136 Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN list and APN list only, the Connect IT 4 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 137 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 138 Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T (config network interface my_wwan)> b. Set the carrier: (config network interface my_wwan)> modem carrier value (config network interface my_wwan)> Digi Connect IT® 4 User Guide...
  • Page 139 9. Roaming is enabled by default. To disable: (config network interface my_wwan)> modem roaming false (config network interface my_wwan)> 10. Set the carrier selection mode: (config network interface my_wwan)> modem operator_mode value (config network interface my_wwan)> where value is one of: Digi Connect IT® 4 User Guide...
  • Page 140 Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: (config network interface my_wwan)> modem sim_failover_retries num (config network interface my_wwan)> The default setting is 5. Digi Connect IT® 4 User Guide...
  • Page 141 The device will reboot if automatic SIM switching is unavailable. 12. The Connect IT 4 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 142 (config network interface my_wwan)> ipv4 weight num (config network interface my_wwan)> d. Set the management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. Digi Connect IT® 4 User Guide...
  • Page 143: Show Wan And Wwan Status And Statistics

    Type quit to disconnect from the device. Show WAN and WWAN status and statistics    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Networking, click Interfaces. ...
  • Page 144 WAN. For example, to display information about WAN, enter show network interface wan: > show network interface wan wan1 Interface Status --------------------- Device : wan Zone : external IPv4 Status : up IPv4 Type : dhcp Digi Connect IT® 4 User Guide...
  • Page 145: Delete A Wan Or Wwan

    WAN, WAN, or the preconfigured WWAN, Modem.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 146: Default Outbound Wan/Wwan Ports

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 147: Local Area Networks (Lans)

    Local Area Networks (LANs) Local Area Networks (LANs) The Connect IT 4 device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for LAN, and you can create new LANs. This section contains the following topics:...
  • Page 148: About Local Area Networks (Lans)

    The relative weight for IPv6 routes associated with the LAN. The IPv6 management priority of the LAN. The active interface with the highest management priority will have its address reported as the preferred contact address for central management and direct device access. Digi Connect IT® 4 User Guide...
  • Page 149 To create a new LAN or edit an existing LAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 150 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 151 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 152 (config network interface my_lan)> ii. Set the relative weight for default routes associated with this interface. For multiple active interfaces with the same metric, the weight is used to load balance traffic to the interfaces. Digi Connect IT® 4 User Guide...
  • Page 153 (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value ----------------------------------------------------------------------- -------- enable true Enable metric Metric mgmt Management priority 1500 prefix_id Prefix ID prefix_length Prefix length type prefix_delegation Type weight Weight Additional Configuration ----------------------------------------------------------------------- -------- Digi Connect IT® 4 User Guide...
  • Page 154 8. (Optional) To configure 802.1x port based network access control: Note The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the Connect IT 4 device: (config network interface my_lan)>...
  • Page 155: Configure The Wan Port As A Lan Or In A Bridge

    Type quit to disconnect from the device. Configure the WAN port as a LAN or in a bridge By default, the WAN Ethernet port on your Connect IT 4 is configured to function as a WAN port, which means that it: Uses the External firewall zone.
  • Page 156 To configure the WAN Ethernet port as a LAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 157 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 158 To add the WAN port to the LAN1 bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 159 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 160 This procedure will bridge the WAN port with the ETH2 port, which will configure the two Ethernet ports other devices, which will configure the included devices to function as a hub. To create a new bridge, and bridge the Connect IT 4 device's WAN Ethernet port with the ETH2 port: ...
  • Page 161 Click to expand IPv4. f. For Address, type the IPv4 address and netmask, using the format IPv4_address/netmask, for example, 192.168.3.1/24. g. Enable the DHCP server: i. Click to expand DHCP server. ii. Click to toggle on Enable. Digi Connect IT® 4 User Guide...
  • Page 162 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 163: Change The Default Lan Subnet

    DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 164 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 165: Show Lan Status And Statistics

    Interfaces Local Area Networks (LANs) Show LAN status and statistics    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. From the menu, click Status. 3. Under Networking, click Interfaces.    Command line 1.
  • Page 166: Delete A Lan

    Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 167 Interfaces Local Area Networks (LANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 168: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your Connect IT 4 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 169 Map static IP addresses to hosts for information about static leases.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 170 None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the Connect IT 4 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
  • Page 171 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 172 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the Connect IT 4 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)>...
  • Page 173 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the Connect IT 4 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 174 A label for this instance of the static lease. To map static IP addresses:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 175 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 176 Show current static IP mapping To view your current static IP mapping:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click DHCP Leases. ...
  • Page 177 Delete static IP mapping entries To delete a static IP entry:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 178 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 179 Required configuration items DHCP option number. Value for the DHCP option. Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi Connect IT® 4 User Guide...
  • Page 180 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 181 (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. Digi Connect IT® 4 User Guide...
  • Page 182 LAN. For the Connect IT 4 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 183 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 184 DHCP issues.    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click DHCP Leases. Digi Connect IT® 4 User Guide...
  • Page 185: Default Services Listening On Lan Ports

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Default services listening on LAN ports The following table lists the default services listening on the specified ports on the Connect IT 4 LAN interfaces: Description...
  • Page 186: Configure An Interface To Operate In Passthrough Mode

    IP address assigned to it on a WAN or cellular modem interface, to a client connected to a LAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 187 Custom PPP configuration is disabled by default. Click toggle on Enable. g. Enable Override to override the default configuration and use only the custom configuration file. h. For Configuration file, type or paste configuration data using the format of a pppd options file. Digi Connect IT® 4 User Guide...
  • Page 188 Local Area Networks (LANs) 14. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 189 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 190 (config network interface ip_passthrough_interface)> ipv6 enable true (config network interface ip_passthrough_interface)> b. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): Digi Connect IT® 4 User Guide...
  • Page 191: Virtual Lans (Vlans)

    10. (Optional) To configure 802.1x port based network access control: Note The Connect IT 4 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the Connect IT 4 device: (config network interface ip_passthrough_interface)>...
  • Page 192 VLAN ID for that switchport. This allows devices on the network that aren’t configured with a VLAN to act as if they are directly connected to the VLAN. This section contains the following topics: Create a trunked VLAN route Create a VLAN using switchport mode Digi Connect IT® 4 User Guide...
  • Page 193: Create A Trunked Vlan Route

    The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 194: Create A Vlan Using Switchport Mode

    Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode:    Web Digi Connect IT® 4 User Guide...
  • Page 195 Interfaces Virtual LANs (VLANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 196 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 197: Bridging

    VLANs. By default, the Connect IT 4 has the following preconfigured bridges: You can modify configuration settings for the existing bridge, and you can create new bridges. This section contains the following topics:...
  • Page 198: Edit The Preconfigured Lan Bridge

    Enable Spanning Tree Protocol (STP). To edit the preconfigured LAN1 bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 199 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 200 0 /network/device/eth2 1 /network/wireless/ap/digi_ap (config)> ii. Use the index number to delete the appropriate device. For example, to delete the Digi AP (Wi-Fi1) Wi-Fi access point from the bridge: (config)> del network bridge lan device (config)> Note If you are deleting multiple devices from the bridge, the device index may be reordered after each deletion.
  • Page 201: Configure A Bridge

    Enable Spanning Tree Protocol (STP). To create a bridge:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 202 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 203: Show Surelink Status And Statistics

    You can show SureLink status for all interfaces, or for an individual interface. You can also show Surelink status for ipsec tunnels and OpenVPN clients. SureLink status is only available from the Admin CLI.    Command line Digi Connect IT® 4 User Guide...
  • Page 204: Show Surelink State

    Interfaces Show SureLink status and statistics Show SureLink State To show the current state of SureLink for the Connect IT 4 device, use the show surelink state command: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights.
  • Page 205: Show Surelink Status For A Specific Interface

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 206: Show Surelink Status For A Specific Ipsec Tunnel

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 207: Show Surelink Status For A Specific Openvpn Client

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 208: Serial Port

    Serial port Connect IT 4 devices have multiple serial ports that provide access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.
  • Page 209: Configure Login Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 210 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 211 (config)>serial port1 flow value (config)> where value is one of: none rts/cts xon/xoff 11. Configure serial port logging: a. Enable serial port logging: (config)>serial port1 logging enable true (config)> b. Set the file name: Digi Connect IT® 4 User Guide...
  • Page 212: Configure Remote Access Mode

    Remote Access mode allows for remote access to another device that is connected to the serial port. To change the configuration to match the serial configuration of the device to which you want to connect:    Web Digi Connect IT® 4 User Guide...
  • Page 213 Serial port Configure Remote Access mode 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 214 Click to expand Access Control List. For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: Digi Connect IT® 4 User Guide...
  • Page 215 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: i. Click Interfaces.
  • Page 216 For Idle timeout, type the amount of time to wait before disconnecting due to user inactivity. 11. Expand Monitor Settings. a. Enable CTS to monitor CTS (Clear to Send) changes on this port. b. Enable DCD to monitor DCD (Data Carrier Detect) changes on this port. Digi Connect IT® 4 User Guide...
  • Page 217 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 218 (config)>serial port1 exclusive true (config) c. Set the number of bytes of output from the serial port that are written to buffer. These bytes are redisplayed when a user connects to the serial port. Digi Connect IT® 4 User Guide...
  • Page 219 (config)>serial port1 autoconnect enable true (config)> b. Set the option that will trigger the connection: (config)>serial port1 autoconnect trigger value (config)> where value is one of: always data destination match If match is selected: Digi Connect IT® 4 User Guide...
  • Page 220 (config)>serial port1 autoconnect port int (config)> where int is any integer between 1 and 65535. f. To enable TCP keepalive: (config)>serial port1 autoconnect keepalive true (config)> g. To enable TCP nodelay: (config)>serial port1 autoconnect nodely true (config)> Digi Connect IT® 4 User Guide...
  • Page 221 (config)>serial port1 service ssh port int (config)> where int is any integer between 1 and 65535. The default is 3001. iii. Enable TCP keep-alive messages: (config)>serial port1 service ssh keepalive true (config)> iv. Enable TCP nodelay messages: Digi Connect IT® 4 User Guide...
  • Page 222 Display a list of available interfaces: Use ... network interface ? to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- defaultip Default IP defaultlinklocal Default Link-local IP loopback Loopback modem Modem Digi Connect IT® 4 User Guide...
  • Page 223 (config)>serial port1 service tcp enable true (config)> ii. Set the port to be used for ssh communications: (config)>serial port1 service tcp port int (config)> where int is any integer between 1 and 65535. The default is 4001. Digi Connect IT® 4 User Guide...
  • Page 224 To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add serial port1 service tcp acl interface end value (config)> Where value is an interface defined on your device. Digi Connect IT® 4 User Guide...
  • Page 225 Additional Configuration -------------------------------------------------- ----------------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vii. (Optional) Enable Multicast DNS (mDNS): Digi Connect IT® 4 User Guide...
  • Page 226 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect IT® 4 User Guide...
  • Page 227 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------- ----------------------------- dynamic_routes edge Digi Connect IT® 4 User Guide...
  • Page 228 This is the default. e. Log the time at which date was received or transmitted: (config)>serial port1 logging hex true (config)> f. Log data as hexadecimal values: (config)>serial port1 logging timestamp true (config)> Digi Connect IT® 4 User Guide...
  • Page 229: Configure Power Management Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 230 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 231: Configure Ppp Dial-In Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 232 Configure PPP dial-in mode 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 233 # networking connection with built-in standard 33600 bps modem driver and phone # number 123. # The shell's 'read' builtin breaks on newline, so translate incoming carriage- # return to newline, and outgoing newline to carriage-return-newline. stty icrnl onlcr opost Digi Connect IT® 4 User Guide...
  • Page 234 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 235 12. Set the priority of routes associated with this interface. If there are multiple active routes that match a destination, then the route with the lowest metric will be used. (config)> serial port1 ppp_dialin metric int (config)> Digi Connect IT® 4 User Guide...
  • Page 236 (config)> serial port1 ppp_dialin custom config_file data (config)> where data are one or more pppd command line options. Because the options are passed directly to the pppd command line, they should all be entered on a single line. For example: Digi Connect IT® 4 User Guide...
  • Page 237 0 # start up the local PPP session AT*) echo "OK" # passively accept any other AT command esac done 16. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 238: Configure Udp Serial Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 239 For End Pattern, enter the end pattern. The packet is sent when this pattern is received from the serial port. v. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. Digi Connect IT® 4 User Guide...
  • Page 240 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the Connect IT 4 sends new data from the last IP address and port from which data was received. To add a destination: i.
  • Page 241 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: Digi Connect IT® 4 User Guide...
  • Page 242 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: i. Click Interfaces.
  • Page 243 9. Set the stop bits used by the device to which you want to connect: (config)>serial port1 label stopbits bits (config)> 10. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Digi Connect IT® 4 User Guide...
  • Page 244 14. Configure the remote sites to which you want to send data. If you do not specify any destinations, the Connect IT 4 send new data to the last hostname and port from which data was received. To add a destination:...
  • Page 245 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: Digi Connect IT® 4 User Guide...
  • Page 246 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------ ------------------------- dynamic_routes edge external internal ipsec loopback Digi Connect IT® 4 User Guide...
  • Page 247 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 248 Set the maximum allowed log size for the serial port log when starting the log: (config)>serial port1 logging size value (config)> where value is the size of the log file in bytes. The default is 65536. Digi Connect IT® 4 User Guide...
  • Page 249: Configure Modbus Mode

       Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Digi Connect IT® 4 User Guide...
  • Page 250 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 251 4. Set the stop bits used by the device to which you want to connect: (config)>serial port1 stopbits bits (config)> 5. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 flow value (config)> Digi Connect IT® 4 User Guide...
  • Page 252: Show Serial Status And Statistics

    To show the status and statistics for the serial port:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Connections, click Serial. See Serial Status page for information about the features in this page.
  • Page 253 No button: The serial port mode selected for the port does not support serial port logging. User When the port is connected to a terminal, SSH, TCP, or Telnet connection the name of the user logged into the device displays. Digi Connect IT® 4 User Guide...
  • Page 254: Review The Serial Port Message Log

    Log column in the Serial Status page.    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Connections, click Serial. The Serial Status page displays.
  • Page 255 > system serial clear port-number > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 256: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi Connect IT® 4 User Guide...
  • Page 257: Ip Routing

    IP routing IP routing The Connect IT 4 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
  • Page 258: Configure A Static Route

    The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 259 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the Connect IT 4 device that will be used with this static route.
  • Page 260 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the Connect IT 4 device that will be used with this static route: a. Use the ? to determine available interfaces: (config network route static 0)>...
  • Page 261: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 262 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 263: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the Connect IT 4 device so that high- priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 264 Routing IP routing    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 265    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 266 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the Connect IT 4 device that will be used with this route policy: a. Use the ? to determine available interfaces: (config network route policy 0)>...
  • Page 267 The ICMP protocol is matched. Identify the ICMP type: (config network route policy 0)> icmp_type value (config network route policy 0)> where value is the ICMP type and optional code, or set to any to match for any ICMP type. Digi Connect IT® 4 User Guide...
  • Page 268 Use the ? to determine available interfaces: (config network route policy 0)> src interface ? Interface: The network interface. Format: /network/interface/defaultip /network/interface/defaultlinklocal /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config network route policy 0)> src interface Digi Connect IT® 4 User Guide...
  • Page 269 Use the ? to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Digi Connect IT® 4 User Guide...
  • Page 270 (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the destination MAC address to the specified MAC address. Set the MAC address to be matched: Digi Connect IT® 4 User Guide...
  • Page 271 (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 272: Routing Services

    Enable and configure the types of routing services that will be used.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 273 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 274 Allow ECMP enable true Enable Additional Configuration ----------------------------------------------------------------------- -------- interface Interfaces neighbour Neighbours redis Route redistribution timer Timers (config)> 5. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 275: Show The Routing Table

    Show the routing table To display the routing table:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 276: Dynamic Dns

    DNS provider, the router can automatically update the remote nameserver whenever your WAN or public IP address changes. Your Connect IT 4 device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 277 Routing Dynamic DNS    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 278 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 279 6. If custom is configured for service, set the custom URL that should be used to update the IP address with the Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)> Digi Connect IT® 4 User Guide...
  • Page 280 (config network ddns new_ddns_instance)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set retry_interval to ten minutes, enter either 10m or 600s: Digi Connect IT® 4 User Guide...
  • Page 281: Virtual Router Redundancy Protocol (Vrrp)

    Multiple Connect IT 4 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 282 VRRP priorty of devices based on the status of their network connectivity.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 283 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 284 (config network vrrp VRRP_test)> 8. (Optional) Set a password that will be used to authenticate this VRRP router with VRRP peers. If the password length exceeds 8 characters, it will be truncated to 8 characters. Digi Connect IT® 4 User Guide...
  • Page 285: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a Connect IT 4 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 286 SureLink tests.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 287 Click to expand Network > Interfaces. b. Click to expand the appropriate VRRP interface (for example, LAN1). c. For backup devices, for Default Gateway, type the IP address of the VRRP interface on the master device. Digi Connect IT® 4 User Guide...
  • Page 288 Click to expand Test targets > Test target. v. Configure the test target. For example, to configure SureLink to verify internet connectivity on the LAN by pinging https://remotemanager.digi.com: i. For Test Type, select Ping test. ii. For Ping host, type https://remotemanager.digi.com.
  • Page 289 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 290 (config)> show network vrrp VRRP_test virtual_address 0 192.168.3.3 1 10.10.10.1 (config)> iii. Set the custom gateway to one of the VRRP virtual IP addresses. For example: (config)> network interface lan ipv4 dhcp_server advanced gateway_ custom 192.168.3.3 (config)> Digi Connect IT® 4 User Guide...
  • Page 291 Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. Specify the hostname or IP address: (config network interface lan ipv4 surelink target 0)> ping_host host (config network interface lan ipv4 surelink target 0)> Digi Connect IT® 4 User Guide...
  • Page 292 (config network interface lan ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: Digi Connect IT® 4 User Guide...
  • Page 293: Example: Vrrp/Vrrp+ Configuration

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two Connect IT 4 devices: Configure device one (master device) ...
  • Page 294 Routing Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 295 2. For Lease range start, leave at the default of 100. 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. Digi Connect IT® 4 User Guide...
  • Page 296 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 297: Configure Device Two (Backup Device)

    5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure device two (backup device)    Web Digi Connect IT® 4 User Guide...
  • Page 298 Routing Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 299 1. Click Network > Interfaces > LAN > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. Digi Connect IT® 4 User Guide...
  • Page 300 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 301 (config network vrrp VRRP_test )> Task 3: Configure the IP address for the VRRP interface, LAN, on device two 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> Digi Connect IT® 4 User Guide...
  • Page 302 (config network interface lan ipv4 surelink target 0)> test ping (config network interface lan ipv4 surelink target 0)> 4. Set https://remotemanager.digi.com as the hostname to ping: (config network interface lan ipv4 surelink target 0)> ping_host https://remotemanager.digi.com(config network interface lan ipv4 surelink target 0)>...
  • Page 303: Show Vrrp Status And Statistics

    This section describes how to display VRRP status and statistics for a Connect IT device. VRRP status is available from the Web UI only.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 304 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 305 Routing Virtual Router Redundancy Protocol (VRRP) > Digi Connect IT® 4 User Guide...
  • Page 306: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet NEMO Digi Connect IT® 4 User Guide...
  • Page 307: Ipsec

    Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The Connect IT 4 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.
  • Page 308: Authentication

    Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The Connect IT 4 device can be configured to authenticate with the remote peer as an XAUTH client.
  • Page 309 NAT is being used. If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel. The Network Address Translation (NAT) keep alive time. The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH). Digi Connect IT® 4 User Guide...
  • Page 310    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 311 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. Digi Connect IT® 4 User Guide...
  • Page 312 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. Digi Connect IT® 4 User Guide...
  • Page 313 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the Connect IT 4 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 314 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. Digi Connect IT® 4 User Guide...
  • Page 315 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. Digi Connect IT® 4 User Guide...
  • Page 316 Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. Digi Connect IT® 4 User Guide...
  • Page 317 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. Digi Connect IT® 4 User Guide...
  • Page 318 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 319 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 320 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. Digi Connect IT® 4 User Guide...
  • Page 321 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key key (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® 4 User Guide...
  • Page 322 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® 4 User Guide...
  • Page 323 (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi Connect IT® 4 User Guide...
  • Page 324 Randomly selects an IPsec peer to connect to from the hostname list. priority: Selects the first hostname in the list that is resolvable. c. Set the ID type: (config vpn ipsec tunnel ipsec_example)> remote id type value (config vpn ipsec tunnel ipsec_example)> Digi Connect IT® 4 User Guide...
  • Page 325 The device's MAC address will be used for the Key ID and sent as an ID_KEY_ID IKE identity. serial_number: The ID device's serial number will be used for the Key ID and sent as an ID_KEY_ID IKE identity. Digi Connect IT® 4 User Guide...
  • Page 326 (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set phase1_lifetime to ten minutes, enter either 10m or 600s: Digi Connect IT® 4 User Guide...
  • Page 327 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 Digi Connect IT® 4 User Guide...
  • Page 328 Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> The default is modp2048. v. (Optional) Add additional phase 1 proposals: Digi Connect IT® 4 User Guide...
  • Page 329 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 aes192 aes192gcm128 aes192gcm64 aes192gcm96 aes256 aes256gcm128 aes256gcm64 aes256gcm96 null Digi Connect IT® 4 User Guide...
  • Page 330 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal. iii. Repeat to add more phase 2 proposals. Digi Connect IT® 4 User Guide...
  • Page 331 (config vpn ipsec tunnel ipsec_example nat 0)> ... (config)> b. Add a policy: (config)> add vpn ipsec tunnel ipsec_example policy end (config vpn ipsec tunnel ipsec_example policy 0)> c. Set the type of local traffic selector: Digi Connect IT® 4 User Guide...
  • Page 332 Use the ? to determine available interfaces: (config vpn ipsec tunnel ipsec_example policy 0)> local network ? Interface: The network interface. Format: defaultip defaultlinklocal eth1 eth2 loopback Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local network Digi Connect IT® 4 User Guide...
  • Page 333 Allowed values are an integer between 1 and 255. f. Set the IP address and optional netmask of the remote traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> remote network value (config vpn ipsec tunnel ipsec_example policy 0)> Digi Connect IT® 4 User Guide...
  • Page 334 Debug level ike_fragment_size 1280 Maximum IKE fragment size ike_retransmit_tries IKE retransmit tries keep_alive NAT keep alive time Additional Configuration ----------------------------------------------------------------------- -------- connection_retry_timeout Connection retry timeout connection_try_interval Connection try interval ike_timeout IKE timeout Digi Connect IT® 4 User Guide...
  • Page 335 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 336: Configure Ipsec Failover

    IPsec Configure IPsec failover There are two methods to configure the Connect IT 4 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 337 Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line Digi Connect IT® 4 User Guide...
  • Page 338 (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. Digi Connect IT® 4 User Guide...
  • Page 339: Configure Surelink Active Recovery For Ipsec

    To configure the Connect IT 4 device to regularly probe the IPsec connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: Digi Connect IT®...
  • Page 340 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 341 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect IT® 4 User Guide...
  • Page 342 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect IT® 4 User Guide...
  • Page 343 Reset modem: This recovery action is available for WWAN interfaces only. If Reset modem is selected, complete the following: Attempts: The number of attempts for this recovery action to perform, before moving to the next recovery action. Digi Connect IT® 4 User Guide...
  • Page 344 SureLink testing begins. This setting is bypassed when the interface is determined to be Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Delayed start to ten minutes, enter 10m or 600s. Digi Connect IT® 4 User Guide...
  • Page 345 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 346 1)> ping_size int (config vpn ipsec tunnel ipsec_example surelink tests 1)> dns: Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: Digi Connect IT® 4 User Guide...
  • Page 347 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. Digi Connect IT® 4 User Guide...
  • Page 348 Current value: (config vpn ipsec tunnel ipsec_example surelink tests 1)> other_interface ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example surelink tests 1)> other_interface /network/interface/wan (config vpn ipsec tunnel ipsec_example surelink tests 1)> Digi Connect IT® 4 User Guide...
  • Page 349 (config vpn ipsec tunnel ipsec_example surelink actions 0)> e. Set the type of recovery action to reboot_device: (config vpn ipsec tunnel ipsec_example surelink actions 0)> action reboot_device (config vpn ipsec tunnel ipsec_example surelink actions 0)> Digi Connect IT® 4 User Guide...
  • Page 350 (config vpn ipsec tunnel ipsec_example surelink actions 0)> metric_adjustment_modem int (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 100. Digi Connect IT® 4 User Guide...
  • Page 351 Switches to an alternate SIM. This recovery action is available for WWAN interfaces only. If switch_sim is selected, complete the following: Set the number of attempts for this recovery action to perform, before moving to the next recovery action: Digi Connect IT® 4 User Guide...
  • Page 352 (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> custom_action: Execute custom recovery commands. If custom_action is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 353 Only one test needs to pass for Surelink to consider an interface to be up. all: All tests need to pass for SureLink to consider the interface to be up. Digi Connect IT® 4 User Guide...
  • Page 354 (config)> vpn ipsec tunnel ipsec_example surelink advanced backoff_ interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set backoff_interval to ten minutes, enter either 10m or 600s: Digi Connect IT® 4 User Guide...
  • Page 355: Show Ipsec Status And Statistics

    Show IPsec status and statistics    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status > IPsec. The IPsec page appears. 3. To view configuration details about an IPsec tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 356: Debug An Ipsec Configuration

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 357 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 358: Configure A Simple Certificate Enrollment Protocol Client

    The number of days that the certificate enrollment can be renewed, prior to the request expiring.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 359 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the Connect IT 4 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 360 Click Use New Private Key to enable the creation of a new private key for renewal requests. c. Use Client Certificate is enabled by default. Click to disable the use of a client certificate for renewal requrests. 22. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 361 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 362 (config network scep_client scep_client_name)> crl type value (config network scep_client scep_client_name)> where value is one of: url: The URL to the file name used to access the certificate revocation list from the crldp: The CRL distribution point. Digi Connect IT® 4 User Guide...
  • Page 363 For example, to set polling_interval to ten minutes, enter either 10m or 600s: (config network scep_client scep_client_name)> polling_interval 600s (config network scep_client scep_client_name)> The default is 5s. Digi Connect IT® 4 User Guide...
  • Page 364: Example: Scep Client Configuration With Fortinet Scep Server

    15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the Connect IT 4 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 365 Connect IT 4 configuration On the Connect IT 4 device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 366 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi Connect IT® 4 User Guide...
  • Page 367 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 368 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 369: Show Scep Client Status And Information

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. Digi Connect IT® 4 User Guide...
  • Page 370 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 371 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 372: Openvpn

    OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect IT 4 device supports two mechanisms for configuring an OpenVPN server in TAP mode: Digi Connect IT® 4 User Guide...
  • Page 373: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The Connect IT 4 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 374 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 375 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Digi Connect IT® 4 User Guide...
  • Page 376 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 377 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 378 1 and 255. The number entered here will represent the last client IP address. For example, if address is set to 192.168.1.1/24 and server_last_ip is set to 99, the last client IP address will be 192.168.1.80. The default is from 80. Digi Connect IT® 4 User Guide...
  • Page 379 Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> iv. Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: Digi Connect IT® 4 User Guide...
  • Page 380 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...
  • Page 381 (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> b. Configure whether the additional OpenVPN parameters should override default options: (config vpn openvpn server name)> advanced_options override true (config vpn openvpn server name)> Digi Connect IT® 4 User Guide...
  • Page 382: Configure An Openvpn Authentication Group And User

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 383 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. Digi Connect IT® 4 User Guide...
  • Page 384 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 385 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 386: Configure An Openvpn Client By Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 387 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 388 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 389: Configure An Openvpn Client Without Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 390 Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. Digi Connect IT® 4 User Guide...
  • Page 391 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 392 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name)> public_cert value (config vpn openvpn client name)> 13. Paste the contents of the private key (for example, client.key) into the value of the private_ key parameter: Digi Connect IT® 4 User Guide...
  • Page 393: Configure Surelink Active Recovery For Openvpn

    Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the Connect IT 4 device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 394 To configure the Connect IT 4 device to regularly probe the OpenVPN connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 395 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi Connect IT® 4 User Guide...
  • Page 396 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 397 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 398 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect IT® 4 User Guide...
  • Page 399 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 400 The hostname or IP address of an external server. Set ping_host to the hostname or IP address of the server: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_host hostname/IP_address (config vpn openvpn client openvpn_client1 surelink tests 1)> Digi Connect IT® 4 User Guide...
  • Page 401 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time 600s (config)> Digi Connect IT® 4 User Guide...
  • Page 402 If other is selected, complete the following: Set the interface to test. i. Use the ? to determine available interfaces: (config vpn openvpn client openvpn_client1 surelink tests 1)> other_interface ? Test interface: Test the status of this other interface. Format: Digi Connect IT® 4 User Guide...
  • Page 403 SureLink tests (if applicable). f. Repeat for each additional test. 6. Add recovery actions: a. Type ... to return to the root of the configuration: (config vpn openvpn client openvpn_client1 surelink tests 1)> ... (config)> Digi Connect IT® 4 User Guide...
  • Page 404 (config vpn openvpn client openvpn_client1 surelink actions 0)> action value (config vpn openvpn client openvpn_client1 surelink actions 0)> WWAN interfaces: (config vpn openvpn client openvpn_client1 surelink actions 0)> modem_action value (config vpn openvpn client openvpn_client1 surelink actions 0)> Digi Connect IT® 4 User Guide...
  • Page 405 (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> reset_modem: This recovery action is available for WWAN interfaces only. If reset_modem is selected, complete the following: Digi Connect IT® 4 User Guide...
  • Page 406 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> Digi Connect IT® 4 User Guide...
  • Page 407 (config vpn openvpn client openvpn_client1 surelink actions 0)> g. Repeat for each additional recovery action. 7. Optional SureLink configuration parameters: a. Type ... to return to the root of the configuration: (config vpn openvpn client openvpn_client1 surelink actions 0)> ... (config)> Digi Connect IT® 4 User Guide...
  • Page 408 Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. (config)> vpn openvpn client openvpn_client1 surelink advanced delayed_ start value (config)> Digi Connect IT® 4 User Guide...
  • Page 409: Show Openvpn Server Status And Statistics

    Surelink status for OpenVPN clients. Show OpenVPN server status and statistics You can view status and statistics for OpenVPN servers from either the web interface or the command line:    Web Digi Connect IT® 4 User Guide...
  • Page 410: Show Openvpn Client Status And Statistics

    Virtual Private Networks (VPN) OpenVPN 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears. 3. To view configuration details about an OpenVPN server, click the  (configuration) icon in the upper right of the OpenVPN server's status pane.
  • Page 411 Virtual Private Networks (VPN) OpenVPN 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status > OpenVPN > Clients. The OpenVPN Clients page appears. 3. To view configuration details about an OpenVPN client, click the  (configuration) icon in the upper right of the OpenVPN client's status pane.
  • Page 412: Generic Routing Encapsulation (Gre)

    Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 413 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 414 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 415 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 416 (config vpn iptunnel gre_example)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 417: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 418: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The Connect IT 4 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 419 Configure the Connect IT 4-1 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 420 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 421 (config vpn ipsec tunnel ipsec_gre1)> auth secret testkey (config vpn ipsec tunnel ipsec_gre1)> 5. Set the remote endpoint to public IP address of the Connect IT 4-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)>...
  • Page 422 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 423 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). Digi Connect IT® 4 User Guide...
  • Page 424 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 4-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 425 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 426 Configure the Connect IT 4-2 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 427 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the Connect IT 4-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 428 3. Add an IPsec tunnel named ipsec_gre2: (config)> add vpn ipsec tunnel ipsec_gre2 (config vpn ipsec tunnel ipsec_gre2)> 4. Set the pre-shared key to the same pre-shared key that was configured for the Connect IT 4-1 (testkey): (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 429 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 4 User Guide...
  • Page 430 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect IT 4-1, 172.30.0.1. Digi Connect IT® 4 User Guide...
  • Page 431 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect IT 4-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 432 (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> 5. Set 172.31.0.2/30 as the virtual IP address on the GRE tunnel: (config network interface gre_interface2)> ipv4 address 172.31.0.2/30 (config network interface gre_interface2)> Digi Connect IT® 4 User Guide...
  • Page 433: Dynamic Multipoint Vpn (Dmvpn)

    GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke Digi Connect IT® 4 User Guide...
  • Page 434: Configure A Dmvpn Spoke

    Configure a DMVPN spoke To configure a DMVPN spoke:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 435 For Address, type the IP address and netmask of the tunnel. The netmask must be set to /32. 5. Configure NHRP: a. Click Network > Routing Services. b. Enable routing services. c. Click to expand NHRP. d. Enable NHRP. e. Click to expand Network. Digi Connect IT® 4 User Guide...
  • Page 436 For AS number, type the autonomous system number for this device. d. For Best path criteria, select Multipath. e. Click to expand Neighbours. f. Click  to add a neighbour. g. For IP address, type the IP address of the hub. Digi Connect IT® 4 User Guide...
  • Page 437 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 438 Set the IP address and netmask of the tunnel. The netmask must be set to /32. For example, to set the IP address to 10.20.1.4/32: (config network interface dmvpn_tunnel_interface)> ipv4 address 10.20.1.4/32 (config network interface dmvpn_tunnel_interface)> Digi Connect IT® 4 User Guide...
  • Page 439 (config network route service nhrp network 0 nhs 0)> 7. Configure the overlay connection using BGP: a. Type ... to return to the top level of the configuration schema: (config network interface dmvpn_tunnel_interface)> ... (config)> Digi Connect IT® 4 User Guide...
  • Page 440: L2Tp

    Your Connect IT 4 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your Connect IT 4 device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
  • Page 441 Optional configuration data in the format of a pppd options file.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 442 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 443 CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. If Automatic, CHAP, or PAP is selected, enter the Username and Password required to authenticate. The default is None. Digi Connect IT® 4 User Guide...
  • Page 444 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 445 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add vpn l2tp acl interface end value (config)>...
  • Page 446 (Optional) Set the UDP port to use to connect to the L2TP network server: (config vpn l2tp lac lac_tunnel)> port int (config vpn l2tp lac lac_tunnel)> where int is an integer between 1 and 65535. The default is 1701. Digi Connect IT® 4 User Guide...
  • Page 447 (config vpn l2tp lac lac_tunnel)> zone zone (config vpn l2tp lac lac_tunnel)> h. (Optional): Custom PPP configuration: i. Enable custom PPP configuration: (config vpn l2tp lac lac_tunnel)> custom enable true (config vpn l2tp lac lac_tunnel)> Digi Connect IT® 4 User Guide...
  • Page 448 Set the IP address to assign to the remote peer: (config vpn l2tp lns lns_server)> remote_address IP_address (config vpn l2tp lns lns_server)> e. (Optional) Set the authentication method: (config vpn l2tp lns lns_server)> auth method (config)> Digi Connect IT® 4 User Guide...
  • Page 449 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn l2tp lns lns_server)> Digi Connect IT® 4 User Guide...
  • Page 450: L2Tp With Ipsec

    This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic (typically UDP port 1701). While multiple L2TP clients are supported on the Connect IT 4 by configuring a separate LNS for each client, multiple clients behind a Network Address Translation (NAT) device are not supported, because they will all appear to have the same IP address.
  • Page 451 L2TP Show the status of L2TP access connectors from the WebUI 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status. Under VPN, select L2TP > Access Connectors. The L2TP Access Connectors page appears.
  • Page 452: L2Tpv3 Ethernet

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. L2TPv3 Ethernet Your Connect IT 4 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels. Configure an L2TPv3 tunnel Your Connect IT 4 device supports Layer 2 Tunneling Protocol Version 3 (L2TPv3) static unmanaged Ethernet tunnels.
  • Page 453 The Layer2SpecificHeader type. The Sequence numbering control.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 454 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 455 1 and 4294967295. 8. (Optional) Set the encapsulation type: (config vpn l2tpeth L2TPv3_example)> encapsulation value (config vpn l2tpeth L2TPv3_example)> where value is either udp or ip. The default is upd. If udp is set: Digi Connect IT® 4 User Guide...
  • Page 456 14. Set the Layer2Specific header type. This must match what is configured on the remote peer. (config vpn l2tpeth L2TPv3_example session_example)> l2spec_type value (config vpn l2tpeth L2TPv3_example session_example)> where value is either none or default. The default is default. Digi Connect IT® 4 User Guide...
  • Page 457: Show L2Tpv3 Tunnel Status

    Show L2TPV3 tunnel status    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears. 3. To view configuration details about an L2TPV3 tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 458: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the Connect IT 4 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 459 If the local network is set to Interface, identify the local interface to be used.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 460 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the Connect IT 4 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 461 (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the Connect IT 4 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 462 (config vpn nemo nemo_example)> zone internal (config vpn nemo nemo_example)> The Internal firewall zone configures the Connect IT 4 device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network.
  • Page 463 Add a local network to use as a virtual NEMO network interface: (config vpn nemo nemo_example)> add network end lan (config vpn nemo nemo_example)> b. (Optional) Repeat for additional interfaces. 14. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 464: Show Nemo Status

    Show NEMO status    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status > NEMO. The NEMO page appears. 3. To view configuration details about an NEMO tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 465 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 466 Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi Connect IT® 4 User Guide...
  • Page 467: Allow Remote Access For Web Administration And Ssh

    Add the External firewall zone to the web administration service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 468 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 469 Services Allow remote access for web administration and SSH    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 470: Configure The Web Administration Service

    Type quit to disconnect from the device. Configure the web administration service The web administration service allows you to monitor and configure the Connect IT 4 device by using the WebUI, a browser-based interface. By default, the web administration service is enabled and uses the standard HTTPS port, 443. The default access control for the service uses the Internal firewall zone, which means that only devices connected to the Connect IT 4's LAN can access the WebUI.
  • Page 471 Services Configure the web administration service Digi Connect IT® 4 User Guide...
  • Page 472 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 473 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 474 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a.
  • Page 475 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 476 No limit to IPv6 addresses that can access the web administratrion service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service web_admin acl interface end value (config)>...
  • Page 477 # openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 - out certificate.pem b. Paste the contents of certificate.pem and key.pem into the service web_admin cert command. Enclose the contents of certificate.pem and key.pem in quotes. For example: Digi Connect IT® 4 User Guide...
  • Page 478 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs+ml1PlepXgveKpKrWwORsdDBd+OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y/5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgYBgBnpfFU1JoC+L7m+lIPPZykWbPT/qBeYBBki5+0lhzebR9Stn VicrmROjojQk/sRGxR7fDixaGZolUwcRg7N7SH/y3zA7SDp4WvhjFeKFR8b6O1d4 PFnWO2envUUiE/50ZoPFWsv1o8eK2XT67Qbn56t9NB5a7QPvzSSR7jG77QKBgD/w BrqTT9wl4DBrsxEiLK+1g0/iMKCm8dkaJbHBMgsuw1m7/K+fAzwBwtpWk21alGX+ Ly3eX2j9zNGwMYfXjgO1hViRxQEgNdqJyk9fA2gsMtYltTbymVYHyzMweMD88fRC Ey2FlHfxIfPeE7MaHNCeXnN5N56/MCtSUJcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi+4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ Digi Connect IT® 4 User Guide...
  • Page 479 To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 480 Configure the web administration service 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 481: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 482 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 483 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 484 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 485 No limit to IPv6 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service ssh acl interface end value (config)>...
  • Page 486 6. (Optional) Set the port number for this service. The default setting of 22 normally should not be changed. (config)> service ssh port 24 (config)> 7. To create custom SSH configuration settings: a. Enable custom configurations: (config)> service ssh custom enable true (config)> Digi Connect IT® 4 User Guide...
  • Page 487 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 488: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 489 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 490 Use SSH with key authentication 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 491: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 492 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 493 No limit to IPv6 addresses that can access the telnet service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 494 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service telnet acl interface end value (config)>...
  • Page 495 Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. 4. (Optional) Configure Multicast DNS (mDNS) Digi Connect IT® 4 User Guide...
  • Page 496: Configure Dns

    The device is configured by default with the hostname digi.device, which corresponds to the 192.168.210.1 IP address. To configure the DNS server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 497 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 498 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 499 No limit to IPv6 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service dns acl interface end value (config)>...
  • Page 500 To disable: (config)> service dns query_all_servers false (config> 6. (Optional) Rebind protection By default, rebind protection is disabled. If enabled, this prevents upstream DNS servers from returning private IP addresses. To enable: Digi Connect IT® 4 User Guide...
  • Page 501 (config service dns host 0)> c. Set the host name: (config service dns host 0)> name host-name (config service dns host 0)> 10. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 502: Show Dns Server

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 503: Simple Network Management Protocol (Snmp)

    By default, the Connect IT 4 device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a Connect IT 4 device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets. See...
  • Page 504 No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 505 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 506 Services Simple Network Management Protocol (SNMP) Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service snmp acl interface end value (config)>...
  • Page 507 11. (Optional) Set the privacy protocol, either DES or AES. The default is DES. (config)> service snmp privacy_protocol AES (config)> 12. (Optional) Enable read-only access to to SNMP version 2c. (config)> service snmp enable 2c true (config)> Digi Connect IT® 4 User Guide...
  • Page 508: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the Connect IT 4 device.
  • Page 509: Location Information

    You can also configure your Connect IT 4 device to forward location messages, either from the Connect IT 4 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
  • Page 510: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 511 (config)> To disable the module: (config)> service location gnss false (config)> 4. Set the amount of time that the Connect IT 4 device will wait before polling location sources for updated location data: (config)> service location interval value (config)> where value is any number of hours, minutes, or seconds, and takes the format number{h|m|s}.
  • Page 512: Configure The Device To Use A User-Defined Static Location

    You can configured your Connect IT 4 device to use a user-defined static location.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 513 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 514: Configure The Device To Accept Location Messages From External Sources

    For example, location-enabled devices connected to the Connect IT 4 device can forward their location information to the device, and then the Connect IT 4 device can serve as a central repository for this location information and forward it to a remote host. See...
  • Page 515 No limit to IPv6 addresses that can access the location server UDP port. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a.
  • Page 516 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device:...
  • Page 517 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback Digi Connect IT® 4 User Guide...
  • Page 518: Forward Location Information To A Remote Host

    A vehicle ID that is used in the TAIP ID message and can also be prepended to the forwarded message. Configure the Connect IT device to forward location information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 519 Services Location information 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 520    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Digi Connect IT® 4 User Guide...
  • Page 521 Use the ? to determine available talker IDs: (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Digi Connect IT® 4 User Guide...
  • Page 522 Allowed value is a four digit alphanumerical string (for example, 01A3 or 1234). If no vehicle ID is configured, this setting defaults to 0000. (config service location forward 0)> vehicle-id 1234 (config service location forward 0)> 11. (Optional) Provide a description of the remote host: Digi Connect IT® 4 User Guide...
  • Page 523 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. Digi Connect IT® 4 User Guide...
  • Page 524 (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 525: Configure Geofencing

    Location information Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your Connect IT 4 device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 526 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 527 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 528 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: Digi Connect IT® 4 User Guide...
  • Page 529 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 4 User Guide...
  • Page 530 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 531 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int (config service location geofence test_geofence coordinates 1)> Digi Connect IT® 4 User Guide...
  • Page 532 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 533 Add the action: (config)> add service location geofence test_geofence on_entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value Digi Connect IT® 4 User Guide...
  • Page 534 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> Digi Connect IT® 4 User Guide...
  • Page 535 (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> Digi Connect IT® 4 User Guide...
  • Page 536 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: Digi Connect IT® 4 User Guide...
  • Page 537: Show Location Information

       Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status. 3. Under Services, click Location. The device's current location is displayed, along with the status of any configured geofences.
  • Page 538: Modbus Gateway

    Type quit to disconnect from the device. Modbus gateway The Connect IT 4 supports the ability to function as a Modbus gateway, to provide serial-to-Ethernet connectivity to Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and other industrial devices. MODBUS provides client/server communication between devices connected on different types of buses and networks, and the Modbus gateway allows for communication between buses and networks that use the Modbus protocol.
  • Page 539: Configure The Modbus Gateway

    Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi Connect IT® 4 User Guide...
  • Page 540 Whether packets should have their Modbus address adjusted downward before to delivery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 541 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT 4 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 542 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a.
  • Page 543 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the Connect IT 4 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 544 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a.
  • Page 545 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 546 The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> Digi Connect IT® 4 User Guide...
  • Page 547 (config service modbus_gateway server test_modbus_server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. Digi Connect IT® 4 User Guide...
  • Page 548 The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> where value is either tcp or udp. Digi Connect IT® 4 User Guide...
  • Page 549 (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> Digi Connect IT® 4 User Guide...
  • Page 550 (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: (config service modbus_gateway client test_modbus_client)> broadcast true (config service modbus_gateway client test_modbus_client)> Digi Connect IT® 4 User Guide...
  • Page 551 (config service modbus_gateway client test_modbus_client)> Leave at the default setting of 0 to allow messages that match the Modbus address filter to be forwarded to devices based on the Modbuss address in the message. Digi Connect IT® 4 User Guide...
  • Page 552: Show Modbus Gateway Status And Statistics

       Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, select Status > Modbus Gateway. The Modbus Gateway page appears. Statistics related to the Modbus gateway server are displayed. If the message Server connections not available is displayed, this indicates that there are no connected clients.
  • Page 553 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 554 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests > Digi Connect IT® 4 User Guide...
  • Page 555 Services Modbus gateway 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 556: System Time

    Configure the system time for details about changing the default configuration. The Connect IT 4 device can also be configured to serve as an NTP server, providing NTP services to downstream devices. See Network Time Protocol for more information about NTP server support.
  • Page 557 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your Connect IT 4 device. The default is UTC. Digi Connect IT® 4 User Guide...
  • Page 558 See Configure the device as an NTP server for more information about NTP server configuration. 5. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 559 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 560: Manually Set The System Date And Time

    Network Time Protocol (NTP) enables devices connected on local and worldwide networks to synchronize their internal software and hardware clocks to the same time source. The Connect IT 4 device can be configured as an NTP server, allowing downstream hosts that are attached to the device's Local Area Networks to synchronize with the device.
  • Page 561: Configure The Device As An Ntp Server

    The time zone setting, if the default setting of UTC is not appropriate. To configure the Connect IT 4 device's NTP service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 562 No limit to IPv6 addresses that can access the NTP service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 563 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 564 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the Connect IT 4 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 565 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the Connect IT 4 device can use the NTP service. 7. (Optional) Set the timezone for the location of your Connect IT 4 device. The default is UTC. (config)> system time timezone value (config)>...
  • Page 566: Show Status And Statistics Of The Ntp Server

    You can display status and statistics for active NTP servers    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status. 3. Under Services, click NTP. The NTP server status page is displayed.
  • Page 567: Configure A Multicast Route

    To configure a multicast route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 568 6. Type the Source address for the route. This must be a multicast IP address between 224.0.0.1 and 239.255.255.255. 7. Select a Source interface where multicast packets will arrive. 8. To add one or more destination interface that the Connect IT 4 device will send mutlicast packets to: a. Click to expand Destination interfaces.
  • Page 569 (config service multicast test)> src_interface /network/interface/wan (config service multicast test)> 7. Set a destination interface that the Connect IT 4 device will send mutlicast packets to: a. Use the ? to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
  • Page 570: Ethernet Network Bonding

    Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 571 Repeat for each appropriate Ethernet device. 8. Create a new network interface that is linked to the Ethernet bond: a. Click Network > Interface. b. For Add Interface, type a name for the interface and click . Digi Connect IT® 4 User Guide...
  • Page 572 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 573 Repeat to add additional devices. 7. Create a new network interface that is linked to the Ethernet bond: a. Type ... to return to the root of the configuration: (config network bond eth_bond)> ... (config)> Digi Connect IT® 4 User Guide...
  • Page 574: Enable Service Discovery (Mdns)

    Enable service discovery (mDNS) Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server. You can enable the Connect IT 4 device to use mDNS. Note This feature is enabled by default.
  • Page 575 Services Enable service discovery (mDNS) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 576 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 577 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service mdns acl interface end value (config)>...
  • Page 578: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your Connect IT 4 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 579 Services Use the iPerf service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 580 No limit to IPv6 addresses that can access the iperf service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 581 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service iperf acl interface end value (config)>...
  • Page 582: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the Connect IT 4 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 583: Configure The Ping Responder Service

    IP address, interfaces, and/or zones. To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 584 No limit to IPv6 addresses that can access the ping responder. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: a. Click Interfaces.
  • Page 585 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect IT 4 device: (config)> add service iperf acl interface end value (config)>...
  • Page 586: Example Performance Test Using Iperf3

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip Digi Connect IT® 4 User Guide...
  • Page 587 Services Configure the ping responder service where device_ip is the IP address of the Connect IT 4 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201 [ ID] Interval...
  • Page 588 Applications The Connect IT 4 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.
  • Page 589: Develop Python Applications

    Digi offers the Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. See Create and test a Python application. In addition to the standard Python library, the Connect IT 4 includes a set of extensions to access its configuration and interfaces. See Python modules.
  • Page 590: Set Up The Connect It 4 For Python Development

    Set up the Connect IT 4 for Python development 1. Access the Connect IT 4 local web interface a. Use an Ethernet cable to connect the Connect IT 4 to your local laptop or PC.  The factory default IP address is 192.168.2.1 b.
  • Page 591 Develop Python applications Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.
  • Page 592 """ def handle(self): # self.request is the TCP socket connected to the client self.data = self.request.recv(1024).strip() print("{} wrote:".format(self.client_address[0])) print(self.data) # just send back the same data, but upper-cased self.request.sendall(self.data.upper()) Digi Connect IT® 4 User Guide...
  • Page 593 Create a custom firewall rule    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 594: Python Modules

    Type quit to disconnect from the device. Python modules The Connect IT 4 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. It also offers extensions to manage your Connect IT 4: The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces.
  • Page 595 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi Connect IT® 4 User Guide...
  • Page 596 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 597 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 598 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 599 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 600 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 601 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 602 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 603 Use Remote Manager's SCI interface to create SCI requests that are sent to your Connect IT 4 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 604 >>> In Remote Manager, you will receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="myTarget" status="0">OK</device_ request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request Digi Connect IT® 4 User Guide...
  • Page 605 This can be done from either the WebUI or the command line:    Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. ii. Access the device configuration: Remote Manager: i.
  • Page 606 Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 607 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access. Digi Connect IT® 4 User Guide...
  • Page 608 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model Digi Connect IT® 4 User Guide...
  • Page 609 Applications Develop Python applications : Digi Connect IT 4 Serial Number : Connect IT 4-000068 Hostname : Connect IT 4 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 23.3.31.129 Bootloader Version Firmware Build Date : Wed, May 3, 2023 21:24:00...
  • Page 610 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 611 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 612 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 613 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the following issues apply: Digi Connect IT®...
  • Page 614 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 615 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 616 7. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot: Digi Connect IT® 4 User Guide...
  • Page 617 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 618 "vertical_velocity": "0.0" >>> 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for the digidevice location module Get help for the digidevice location module: Digi Connect IT® 4 User Guide...
  • Page 619 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 620 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 621 SMS scripting. Enable the ability to schedule SMS scripting    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 622 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 623 # a CLI command. Send a reponse SMS to the sender before running the command import os import threading import sys from digidevice import cli from digidevice.sms import Callback, send COND = threading.Condition() allowed_incoming_phone_number = '2223334444' def sms_test_callback(sms, info): if info['content.number'] == allowed_incoming_phone_number: print(f"SMS message from {info['content.number']} received") Digi Connect IT® 4 User Guide...
  • Page 624 Use Python to access serial ports You can use the Python serial module to access serial ports on your Connect IT 4 device that are configured to be in Application mode. . To use Python to access serial ports: 1.
  • Page 625 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your Connect IT 4 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 626 HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): path = cmd_path[len(PREFIX_CMD):] else: print("Invalid command path ({}), cannot send reply".format(cmd_path)) Digi Connect IT® 4 User Guide...
  • Page 627 # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) def publish_dhcp_leases(): leases = [] try: Digi Connect IT® 4 User Guide...
  • Page 628 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Digi Connect IT® 4 User Guide...
  • Page 629: Set Up The Connect It 4 To Automatically Run Your Applications

    Applications Set up the Connect IT 4 to automatically run your applications Set up the Connect IT 4 to automatically run your applications This section contains the following topics: Configure scripts to run automatically Show script information Stop a script that is currently running...
  • Page 630 Connect IT 4 device. local-path is the location on the Connect IT 4 device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the...
  • Page 631 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 632 Applications Set up the Connect IT 4 to automatically run your applications 4. For Add Script, click . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off. 5. (Optional) For Label, provide a label for the script.
  • Page 633 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 634 Applications Set up the Connect IT 4 to automatically run your applications 4. (Optional) Provide a label for the script. (config system schedule script 0)> label value (config system schedule script 0)> where value is any string. if spaces are used, enclose value within double quotes.
  • Page 635 Applications Set up the Connect IT 4 to automatically run your applications 6. Set the commands that will execute the script: (config system schedule script 0)> commands filename (config system schedule script 0)> where filename is the path and filename of the script, and any related command line information.
  • Page 636: Show Script Information

    You can view status and statistics about location information from either the WebUI or the command line.    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays: ...
  • Page 637: Stop A Script That Is Currently Running

    You can stop a script that is currently running.    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays: 3. For scripts that are currently running, click Stop Script to stop the script.
  • Page 638: Start An Interactive Python Session

    1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect IT 4 local command line as a user with shell access.
  • Page 639: Run A Python Application At The Shell Prompt

    1. Upload the Python application to the Connect IT 4 device:    Web a. Log into the Connect IT 4 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 640: Configure Scripts To Run Manually

    Connect IT 4 device. local-path is the location on the Connect IT 4 device where the copied file will be placed.
  • Page 641: Task One: Upload The Application

    Task one: Upload the application    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 3. Highlight the scripts directory and click  to open the directory.
  • Page 642: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 643 10. Sandbox is enabled by default, which restricts access to the file system and available commands that can be used by the script. This option protects the script from accidentally destroying the system it is running on. Digi Connect IT® 4 User Guide...
  • Page 644 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 645 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. (config system schedule script 0)> sandbox true (config system schedule script 0)> 11. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect IT® 4 User Guide...
  • Page 646: Start A Manual Script

    You can start a script that is enabled and configured to have a run mode of Manual. See    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays: 3.
  • Page 647 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 648 Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for Connect IT 4 users Example user configuration Digi Connect IT® 4 User Guide...
  • Page 649: User Authentication

    User authentication Connect IT 4 user authentication Connect IT 4 user authentication User authentication on the Connect IT 4 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 650 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect IT® 4 User Guide...
  • Page 651: Add A New Authentication Method

    The types of authentication method to be used: To add an authentication method:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 652 Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 653: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 654: Rearrange The Position Of Authentication Methods

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 655 For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 656: Authentication Groups

    Type quit to disconnect from the device. Authentication groups Authentication groups are used to assign access rights to Connect IT 4 users. Three types of access rights can be assigned: Admin access: Users with Admin access can be configured to have either: The ability to manage the Connect IT 4 device by using the WebUI or the Admin CLI.
  • Page 657 User authentication Authentication groups Serial access: Users with Serial access have the ability to log into the Connect IT 4 device by using the serial console. Preconfigured authentication groups The Connect IT 4 device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.
  • Page 658: Change The Access Rights For A Predefined Group

    By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 659 (config)> where value is either: full: provides users of this group with the ability to manage the Connect IT 4 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 660: Add An Authentication Group

    Access rights to query the device for Nagios monitoring. To add an authentication group:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 661 IT 4 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI. The default is Full access full. Digi Connect IT® 4 User Guide...
  • Page 662 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 663 (config)> where value is either: full: provides users of this group with the ability to manage the Connect IT 4 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 664: Delete An Authentication Group

    These groups cannot be deleted. To delete an authentication group that you have created:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 665 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 666: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each Connect IT 4 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
  • Page 667: Change A Local User's Password

    Change a local user's password To change a user's password:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 668 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 669: Configure A Local User

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 670 One-time use eight-digit emergency scratch codes. To configure a local user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 671 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. a. Click to expand Groups. b. For Add Group, click . Digi Connect IT® 4 User Guide...
  • Page 672 For Login limit, type the number of times that the user is allowed to attempt to log in during the Login limit period. Set Login limit to 0 to allow an unlimited number of login attempts during the Login limit period. Digi Connect IT® 4 User Guide...
  • Page 673 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 674 (config auth user new_user)> del group n (config auth user new_user)> Where n is index number of the authentication method to be deleted. For example, to delete the serial group as displayed by the example show command, above: Digi Connect IT® 4 User Guide...
  • Page 675 (config auth user new_user 2fa)> disallow_reuse true (config auth user new_user 2fa)> f. For time-based verification only, configure the code refresh interval. This is the amount of time that a code will remain valid. Digi Connect IT® 4 User Guide...
  • Page 676 Change to the user's scratch code node: (config auth user new_user 2fa)> scratch_code (config auth user new_user 2fa scratch_code)> ii. Add a scratch code: (config auth user new_user 2fa scratch_code)> add end code (config auth user new_user 2fa scratch_code)> Digi Connect IT® 4 User Guide...
  • Page 677: Delete A Local User

    Delete a local user To delete a user from your Connect IT 4:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 678 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 679: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the Connect IT 4 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.
  • Page 680: Tacacs+ User Configuration

    Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration When configured to use TACACS+ support, the Connect IT 4 device uses a remote TACACS+ server for user authentication (password verification) and authorization (assigning the access level of the user).
  • Page 681: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your Connect IT 4 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 682 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 683 TACACS+ user configuration, the value of the service attribute in the sample tac_plus.conf file is system, which is also the default setting in the Connect IT 4 configuration. 8. (Optional) Enable Command authorization, which instructs the device to communicate with the TACACS+ server to determine if the user is authorized to execute a specific command.
  • Page 684 (config)> 4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the Connect IT 4 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for the group_...
  • Page 685 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 686: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the Connect IT 4 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.
  • Page 687: Radius User Configuration

    $ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your Connect IT 4 device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.
  • Page 688: Configure Your Connect It 4 Device To Use A Radius Server

    60 seconds. Enable additional debug messages from the RADIUS client.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 689 NAS or any arbitrary string. If not set, the default value is used: If you are accessing the Connect IT 4 device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 690 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the Connect IT 4 device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 691: Ldap

    Your Connect IT 4 device supports LDAP (Lightweight Directory Access Protocol), a protocol used for directory information services over an IP network. LDAP can be used with your Connect IT 4 device for centralized authentication and authorization management for users who connect to the device. With LDAP support, the Connect IT 4 device acts as an LDAP client, which sends user credentials and connection parameters to an LDAP server.
  • Page 692 When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the Connect IT 4 device prior to configuration. The process of setting up a LDAP server varies by the server environment.
  • Page 693: Ldap User Configuration

    LDAP LDAP user configuration When configured to use LDAP support, the Connect IT 4 device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.
  • Page 694: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your Connect IT 4 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 695 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 696 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of Connect IT 4 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 697 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 698 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of Connect IT 4 authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 699: Configure Serial Authentication

    This section describes how to configure authentication for serial access.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 700 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 701: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 702 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 703: Set The Idle Timeout For Connect It 4 Users

    By default, the Idle timeout is set to 10 minutes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 704 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 705: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 706 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 707: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the Connect IT 4 device, user authentication will occur in the following order:...
  • Page 708 2. The user is authenticated by the TACACS+ server. If both the RADIUS and TACACS+ servers are unavailable, 3. The user is authenticated by the Connect IT 4 device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu.
  • Page 709 The authentication group on the Connect IT 4 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration: Remote Manager: Digi Connect IT®...
  • Page 710 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 711 In this example: The user's username is admin1. The user's password is password1. The authentication group on the Connect IT 4 device, admin, is identified in the Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
  • Page 712 In this example: The user's username is admin1. The user's password is password1. The authentication group on the Connect IT 4 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights.
  • Page 713 Type quit to disconnect from the device. Example 3: Multiple users with specific serial port access Goal: To create two RADIUS users that do not have configuration access to the Connect IT 4 but have access rights to specific serial ports.
  • Page 714    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 715 $ sudo gedit /etc/freeradius/3.0/users b. Add the users to the users file: serialuser1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "serialgroup1" serialuser2 Cleartext-Password := "password2" Unix-FTP-Group-Names := "serialgroup2" c. Save and close the users file.    Command line Digi Connect IT® 4 User Guide...
  • Page 716 For example, if you want administrators of the Connect IT 4 to log into the device using local authentication, make sure that local authentication is included in the auth method list. Otherwise they will not be able to log into the device.
  • Page 717 /etc/freeradius/3.0/users file: $ sudo gedit /etc/freeradius/3.0/users b. Add the users to the users file: serialuser1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "serialgroup1" serialuser2 Cleartext-Password := "password2" Unix-FTP-Group-Names := "serialgroup2" c. Save and close the users file. Digi Connect IT® 4 User Guide...
  • Page 718 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering Digi Connect IT® 4 User Guide...
  • Page 719: Firewall Configuration

    To create a zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 720 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 721: Configure The Firewall Zone For A Network Interface

    This example procedure uses an existing network interface named LAN and changes the firewall zone from the default zone, Internal, to External.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 722: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: Digi Connect IT®...
  • Page 723 Firewall Firewall configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 724: Port Forwarding Rules

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 725 To configure a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 726 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 727 (config firewall dnat 0)> protocol value (config firewall dnat 0)> Network connections will only be forwarded if they match the selected protocol. Allowed values are custom, tcp, tcpudp, or upd. The default is tcp. Digi Connect IT® 4 User Guide...
  • Page 728 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Digi Connect IT® 4 User Guide...
  • Page 729: Delete A Port Forwarding Rule

    Delete a port forwarding rule To delete a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 730 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 731 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 732: Packet Filtering

    ICMP6 To configure a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 733 Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 4 User Guide...
  • Page 734 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 735 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. Digi Connect IT® 4 User Guide...
  • Page 736: Enable Or Disable A Packet Filtering Rule

    Enable or disable a packet filtering rule To enable or disable a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 737: Delete A Packet Filtering Rule

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 738 Firewall Packet filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 739: Configure Custom Firewall Rules

    To configure custom firewall rules:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 740 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 741: Configure Quality Of Service Options

    (packet ingress). A QoS binding contains the policies and rules that apply to packets exiting the Connect IT 4 device on the binding's interface. By default, the Connect IT 4 device has two preconfigured QoS bindings, Outbound and Inbound.
  • Page 742 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 743 Type quit to disconnect from the device. Create a new binding    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 744 10, each policy will be allocated one third of the total interface bandwidth. e. For Latency, type the maximum delay before the transmission of packets. A lower latency means that the packets will be scheduled more quickly for transmission. Digi Connect IT® 4 User Guide...
  • Page 745 MAC address: Only traffic from the MAC address typed in MAC address will be matched. ix. Click to expand Destination address and select the Type: Any: Traffic destined for anywhere will be matched. Interface: Only traffic destined for the selected Interface will be matched. Digi Connect IT® 4 User Guide...
  • Page 746 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect IT® 4 User Guide...
  • Page 747 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 748 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> Digi Connect IT® 4 User Guide...
  • Page 749 (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> where value is the IP port number, a range of port numbers using the format IP_port- IP_port, or any. Digi Connect IT® 4 User Guide...
  • Page 750 (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Only traffic from the MAC address typed in MAC address will be matched. Set the MAC address to be matched: Digi Connect IT® 4 User Guide...
  • Page 751 Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> Digi Connect IT® 4 User Guide...
  • Page 752: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the Connect IT 4 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 753 Firewall Web filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 754 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your Connect IT 4 is invalid, you can clear the device ID.    Command line 1.
  • Page 755: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 756 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 757: Verify Your Web Filtering Configuration

    If your web filtering implementation has the service set to Cisco Umbrella, or if it is configured to use manual DNS servers and uses the Cisco open DNS servers, you can verify the web filtering implementation by using the Cisco test site www.internetbadguys.com. Digi Connect IT® 4 User Guide...
  • Page 758 Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 759 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 760: Show Web Filter Service Information

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 761: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your Connect IT 4 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks...
  • Page 762: Review Device Status

       Web To display system information: 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click Status. A secondary menu appears, along with a status panel. 3. On the secondary menu, click to display the details panel for the status you want to view.
  • Page 763: Configure System Information

    Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your Connect IT 4 device, such as providing a name and location for the device. Digi Connect IT® 4 User Guide...
  • Page 764 A banner that will be displayed when users access terminal services on the device. To enter system information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 765: Update System Firmware

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Update system firmware The Connect IT 4 operating system firmware images consist of a single file with the following naming convention: platform-version.bin For example, Connect IT 4-23.3.31.129.bin.
  • Page 766: Certificate Management For Firmware Images

    The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The Connect IT 4 device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 767 Newest firmware version available to download is '23.3.31.129' Device firmware update from '22.11.48.10' to '23.3.31.129' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 22.11.48.10...
  • Page 768 Update firmware from a local file    Web 1. Download the Connect IT 4 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect IT 4 WebUI as a user with Admin access.
  • Page 769 > reboot Rebooting system > 7. Once the device has rebooted, log into the Connect IT 4's command line as a user with Admin access and verify the running firmware version by entering the show system command. Digi Connect IT® 4 User Guide...
  • Page 770: Dual Boot Behavior

    > Dual boot behavior By default, the Connect IT 4 device stores two copies of firmware in two flash memory banks: The current firmware version that is used to boot the device. A copy of the firmware that was in use prior to your most recent firmware update.
  • Page 771: Update Cellular Module Firmware

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 772: Update Modem Firmware Over The Air (Ota)

      Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights.
  • Page 773: Update Modem Firmware By Using A Local Firmware File

    Type quit to disconnect from the device. Update modem firmware by using a local firmware file You can update your modem firmware by uploading a modem firmware file to your Connect IT 4 device. Firmware should be uploaded to /opt/MODEM_MODEL/Custom_Firmware, for example, /opt/LM940/Custom_Firmware.
  • Page 774: Reboot Your Connect It 4 Device

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Reboot your Connect IT 4 device You can reboot the Connect IT 4 device immediately or schedule a reboot for a specific time every day. Digi Connect IT® 4 User Guide...
  • Page 775: Reboot Your Device Immediately

    > reboot Schedule reboots of your device    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 776 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 777: Erase Device Configuration And Reset To Factory Defaults

    With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 778 4. Click CONFIRM. 5. After resetting the device: a. Connect to the Connect IT 4 by using the serial port or by using an Ethernet cable to connect the Connect IT 4 LAN port to your PC. b. Log into the Connect IT 4: User name: Use the default user name: admin.
  • Page 779 > system factory-erase 3. After resetting the device: a. Connect to the Connect IT 4 by using the serial port or by using an Ethernet cable to connect the Connect IT 4 LAN port to your PC. b. Log into the Connect IT 4: User name: Use the default user name: admin.
  • Page 780: Custom Factory Default Settings

    Type quit to disconnect from the device. Custom factory default settings You can configure your Connect IT 4 device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 781 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. Configure your Connect IT 4 device to match the desired custom factory default configuration. For example, you may want to configure the device to use a custom APN or a particular network configuration, so that when you reset the device to factory defaults, it will automatically have your required network configuration.
  • Page 782 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 783: Locate The Device By Using The Find Me Feature

       Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click Find Me. A notification message appears, noting that the LED is flashing on the device. Click the x in the message to close it.
  • Page 784 3. To deactivate the Find Me feature, type the following at the command prompt: > system find-me off > 4. To determine the status of the Find Me feature, type the following at the command prompt: > system find-me status > Digi Connect IT® 4 User Guide...
  • Page 785: Configuration Files

    You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 786: Save Configuration To A File

    Type quit to disconnect from the device. Save configuration to a file You can save your Connect IT 4 device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
  • Page 787: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your Connect IT 4 device by using a backup from the device, or a backup from a similar device. ...
  • Page 788 System administration Configuration files 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 3. In the Configuration Restore section: a.
  • Page 789 System administration Configuration files the Connect IT 4 device. local-path is the location on the Connect IT 4 device where the copied file will be placed. For example: > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-23.3.31.129-19.23.42.bin local /opt to local 3.
  • Page 790: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 791 If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. Digi Connect IT® 4 User Guide...
  • Page 792 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 793 If the duration length is set to 24 hours, the start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time. Setting the duration length to 24 hours can potentially overstress the device and should be used with caution. Digi Connect IT® 4 User Guide...
  • Page 794 6. (Optional) Configure automated checking for device firmware updates: a. Device firmware update check is enabled by default. This enables to automated checking for device firmware updates. To disable: (config)> system schedule maintenance firmware_update_check device false (config)> Digi Connect IT® 4 User Guide...
  • Page 795: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your Connect IT 4 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
  • Page 796: Re-Enable Cryptography After It Has Been Disabled

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 797 Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect IT® 4 User Guide...
  • Page 798: Configure The Speed Of Your Ethernet Ports

    Configure the speed of your Ethernet ports 2. Connect the PC's Ethernet port to the WAN Ethernet port on your Connect IT 4 device. 3. Open a telnet session and connect to the Connect IT 4 device at the IP address of 192.168.210.1.
  • Page 799 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 800: Configure The System Watchdog

    You can configure your Connect IT 4 device's advanced watchdog to test the system for problems, and to reboot the device when problems are encountered.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 801 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 802 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 803 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect IT® 4 User Guide...
  • Page 804: Intelliflow

    Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.
  • Page 805: Enable Intelliflow

    The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 806 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 807: Configure Service Types

    For example, to define a service type called "MyService" using ports 9000 and 9001:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 808 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 809: Configure Domain Name Groups

    Digi.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 810 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 811 7. Set the port number: (config monitoring intelliflow groups 2)> domain devicecloud.com (config monitoring intelliflow groups 2)> 8. Set the service type: (config monitoring intelliflow groups 2)> group Digi (config monitoring intelliflow groups 2)> 9. Save the configuration and apply the change: (config)> save Configuration saved.
  • Page 812: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 813: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 814 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect IT® 4 User Guide...
  • Page 815: Use Intelliflow To Display Data Usage By Host Over Time

    To generate a chart displaying a host's data usage over time:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 816: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the Connect IT 4 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 817 Monitoring Configure NetFlow Probe    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 818 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 819 Add a collector: (config)> add monitoring netflow collector end (config monitoring netflow collector 0)> b. Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> Digi Connect IT® 4 User Guide...
  • Page 820 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 821: Central Management

    Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple Connect IT 4 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 822: Digi Remote Manager Support

    TCP port 3199 is used for communication with Remote Manager. Configure your device for Digi Remote Manager support By default, your Connect IT 4 device is configured to use Digi Remote Manager for central management. Additional configuration options These additional configuration settings are not typically configured, but you can set them as needed: Digi Connect IT®...
  • Page 823 HTTP proxy server support. To configure your device's Digi Remote Manager support:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 824 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the Connect IT 4 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 825 CLI. If disabled, no login prompt will be presented and the user will be logged in as admin. The default is disabled. 16. (Optional) Configure the Connect IT 4 device to communicate with remote cloud services by using SMS: a.
  • Page 826 (config)> cloud drm retry_interval 600s (config)> 6. (Optional) Set the amount of time that the Connect IT 4 device should wait between sending keep-alive messages to the Digi Remote Manager when using a non-cellular interface. Allowed values are from 30 seconds to two hours. The default is 60 seconds.
  • Page 827 (config)> cloud drm keep_alive 600s (config)> 7. (Optional) Set the amount of time that the Connect IT 4 device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 828 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 14. (Optional) Configure the Connect IT 4 device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...
  • Page 829: Collect Device Health Data And Set The Sample Interval

    To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 830 3. Click Monitoring > Device Health. 4. (Optional) Click to expand Data point tuning. Data point tuning options allow to you configure what data are uploaded to the Digi Remote Manager. All options are enabled by default. 5. Only report changed values to Digi Remote Manager is enabled by default.
  • Page 831 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
  • Page 832: Enable Event Log Upload To Digi Remote Manager

    To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 833 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 834: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.
  • Page 835: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
  • Page 836: Configure Multiple Connect It 4 Devices By Using Digi Remote Manager Configurations

    Typically, if you want to provision multiple Connect IT 4 routers: 1. Using the Connect IT 4 local WebUI, configure one Connect IT 4 router to use as the model configuration for all subsequent Connect IT 4s you need to manage.
  • Page 837: View Digi Remote Manager Connection Status

    To view the current Digi Remote Manager connection status from the local device:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. The dashboard includes a Digi Remote Manager status pane: ...
  • Page 838: File System

    File system This chapter contains the following topics: The Connect IT 4 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect IT®...
  • Page 839: The Connect It 4 Local File System

    The Connect IT 4 local file system The Connect IT 4 local file system The Connect IT 4 local file system has approximately 30 MB of space available for storing files, such as alternative configuration files and firmware versions, and release files, such as cellular module images.
  • Page 840: Create A Directory

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 841: Display File Contents

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 842: Move Or Rename A File Or Directory

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 843: Delete A File Or Directory

    To delete a file or directory by using the WebUI or the Admin CLI:    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 844: Upload And Download Files

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 845: Upload And Download Files By Using The Secure Copy Command

    Connect IT 4 device. local-path is the location on the Connect IT 4 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on...
  • Page 846: Upload And Download Files Using Sftp

    Connect IT 4 device. For example: To copy a support report from the Connect IT 4 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 847 File system Upload and download files Transfer a file from the Connect IT 4 device to a remote host This example downloads a file named test.py from the Connect IT device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
  • Page 848 View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect IT® 4 User Guide...
  • Page 849: Perform A Speedtest

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 850: Support Report Overview

    Diagnostics Generate a support report 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click System. Under Administration, click Support Report. 3. Click  to generate and download the support report.
  • Page 851 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system Digi Connect IT® 4 User Guide...
  • Page 852 Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report Digi Connect IT® 4 User Guide...
  • Page 853 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) Digi Connect IT® 4 User Guide...
  • Page 854: View System And Event Logs

    View System Logs    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 855 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 856: View Event Logs

       Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 857 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 858 View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 859: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 860 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 861: Configure Options For The Event And System Logs

    30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    Web Digi Connect IT® 4 User Guide...
  • Page 862 Diagnostics Configure options for the event and system logs 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 863 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the Connect IT 4 device erases system logs each time the device is powered off or rebooted.
  • Page 864 DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ info true Enable informational events Digi Connect IT® 4 User Guide...
  • Page 865 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 866: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The Connect IT 4 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
  • Page 867: Configure Packet Capture For The Network Analyzer

    The frequency with which captured events will be saved. To configure a packet capture configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 868 Click Ignore this IP address or network if the filter should ignore packets from this IP address/network. By default, is option is disabled, which means that the filter will capture packets from this IP address/network. vi. Click  to add additional IP address/network filters. Digi Connect IT® 4 User Guide...
  • Page 869 Click Ignore this VLAN if the filter should ignore packets that use this port. By default, is option is disabled, which means that the filter will capture packets that use this port. v. Click  to add additional VLAN filters. Digi Connect IT® 4 User Guide...
  • Page 870 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change.    Command line Digi Connect IT® 4 User Guide...
  • Page 871 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 872 Set the protocol: (config network analyzer name filter protocol 0)> protocol value (config network analyzer name filter protocol 0)> iv. If other is set for the protocol, set the number of the protocol: Digi Connect IT® 4 User Guide...
  • Page 873 By default, is option is set to false, which means that the filter will capture packets from this port. v. Repeat these steps to add additional port filters. d. To create a filter that either captures or ignores packets from one or more specified MAC addresses: Digi Connect IT® 4 User Guide...
  • Page 874 VLAN. iii. (Optional) Set the filter should ignore packets from this VLAN: (config network analyzer name filter vlan 0)> ignore true (config network analyzer name filter vlan 0)> Digi Connect IT® 4 User Guide...
  • Page 875 The script will run during the system maintenance time window. c. Set the amount of time that the scheduled analyzer session will run: (config network analyzer name)> duration value (config network analyzer name)> Digi Connect IT® 4 User Guide...
  • Page 876: Example Filters For Capturing Data Traffic

    Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 Capture traffic from IP host 192.168.1.1: ip src host 192.168.1.1 Capture traffic to IP host 192.168.1.1: ip dst host 192.168.1.1 Capture traffic for a particular IP protocol: ip proto protocol Digi Connect IT® 4 User Guide...
  • Page 877: Capture Packets From The Command Line

    Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer packet capture configuration information. To start packet capture from the command line:    Command line Digi Connect IT® 4 User Guide...
  • Page 878: Stop Capturing Packets

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 879: Show Captured Traffic Data

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 880: Save Captured Data Traffic To A File

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 881: Download Captured Data To Your Pc

    (secure copy file) command.    Web 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 3. Highlight the analyzer directory and click  to open the directory.
  • Page 882: Clear Captured Data

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 883 Diagnostics Analyze network traffic capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. Digi Connect IT® 4 User Guide...
  • Page 884: Use The Ping Command To Troubleshoot Network Connections

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 885 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect IT 4 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 886: Connect It 4 Hardware And Leds

    Hardware Connect IT 4 hardware and LEDs This section includes details about the front and back panels. Front panel and LEDs Item Name Description Indicates whether unit is powered up. This LED is hardwired to the power input. Indicates status of the primary internet network connection, which by ONLINE default is the WAN Ethernet port.
  • Page 887: Back Panel

    Note The information in the table above is based off of the default settings of the Connect IT 4. In particular, the description of the ONLINE LED reflects the status of the WAN Ethernet port, and the BACKUP LED reflects the status of the CORE cellular modem. If you wanted to mark the CORE modem as the primary and the WAN Ethernet as the backup, you would need to change the metrics of the interfaces.
  • Page 888: Lte Status Indicators

    The signal bars show the strength of the cellular network connection. Note If the Connect IT 4 doesn't recognize the available 4G/LTE network, the Connect IT 4 automatically falls back to the highest available 3G network. Digi Connect IT® 4 User Guide...
  • Page 889: Exchange Power Tips

    Exchange power tips Exchange power tips The Connect IT 4 may include four interchangeable plug tips that allow the Power Supply Unit (PSU) to operate in most countries. The PSU comes with the United States style plug installed. To change the plug tip: 1.
  • Page 890: Qr Code Definition

    A QR code is printed on the label attached to the device and on the loose label included in the box with the device components. The QR code contains information about the device. QR code items Semicolon separated list of: ProductName;DeviceID;Password;SerialNumber;SKUPartNumber SKUPartRevision Note There is a space between PartNumber and PartRevision. Example Connect IT 48;00000000-00000000-112233FF-FF445566;PW1234567890;IT48-123456;IT48-1002 C Digi Connect IT® 4 User Guide...
  • Page 891: Troubleshooting

    If the signal strength LEDs or the signal quality for your device indicate Poor or No servcie, try the following things to improve signal strength: If available, connect a different set of antennas. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1 Download a support report You can download a support report from the device to provide to technical support.
  • Page 892: Regulatory And Safety Information

    (2) este equipo o dispositivo debe aceptar cualquier interferencia, incluyendo la que pueda causar su operación no deseada. Caution statements Review the following safety warnings for Connect IT. Digi Connect IT® 4 User Guide...
  • Page 893 Caution statements CAUTION! Do not use an antenna that wasn't supplied by the manufacturer. If a different antenna is required, first consult Digi International Inc. for recommendations that suit your circumstances. CAUTION! By pressing the ERASE button when powered up, the configuration of the Connect IT is erased and the unit reverts to factory default settings.
  • Page 894 Safety warnings English Bulgarian--български Croatian--Hrvatski French--Français Greek--Ελληνικά ‫-- ע ִב ר ִ ית‬Hebrew Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español Digi Connect IT® 4 User Guide...
  • Page 895: English

    Do not power on the unit in any aircraft. CA Prop 65 warning: This product contains chemicals known to the state of California to cause cancer, birth defects or other reproductive harm. Digi Connect IT® 4 User Guide...
  • Page 896: Bulgarian--Български

    експлозивна атмосфера или в близост до медицинско оборудване или оборудване за поддържане на живота. Не включвайте устройството в самолет. Предупреждение за CA Prop 65: Този продукт съдържа химикали, известни на щата Калифорния, че причиняват рак, вродени дефекти или други репродуктивни увреждания. Digi Connect IT® 4 User Guide...
  • Page 897: Croatian--Hrvatski

    života. Nemojte uključivati ​ ​ j edinicu ni u jednom zrakoplovu. Upozorenje CA Prop 65: Ovaj proizvod sadrži kemikalije za koje je država Kalifornija poznato da uzrokuju rak, urođene nedostatke ili drugu reproduktivnu štetu. Digi Connect IT® 4 User Guide...
  • Page 898: French--Français

    à proximité d'équipements médicaux ou de survie. N'allumez pas l'appareil dans un avion. Avertissement CA Prop 65 : Ce produit contient des produits chimiques reconnus par l'État de Californie pour causer le cancer, des malformations congénitales ou d'autres problèmes de reproduction. Digi Connect IT® 4 User Guide...
  • Page 899: Greek--Ελληνικά

    της ζωής. Μην ενεργοποιείτε τη μονάδα σε κανένα αεροσκάφος. Προειδοποίηση CA Prop 65: Αυτό το προϊόν περιέχει χημικές ουσίες που είναι γνωστές στην πολιτεία της Καλιφόρνια ότι προκαλούν καρκίνο, γενετικές ανωμαλίες ή άλλες βλάβες στην αναπαραγωγή. Digi Connect IT® 4 User Guide...
  • Page 900: ע ִב ר ִ ית‬Hebrew

    ‫-- ע ִב ר ִ ית‬Hebrew Digi Connect IT® 4 User Guide...
  • Page 901: Hungarian--Magyar

    Kalifornia állam tudja, hogy rákot, születési rendellenességeket vagy egyéb reproduktív károsodásokat okoznak. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. Digi Connect IT® 4 User Guide...
  • Page 902: Italian--Italiano

    Non accendere l'unità in nessun aereo. Avvertenza CA Prop 65: questo prodotto contiene sostanze chimiche note allo stato della California come causa di cancro, difetti alla nascita o altri danni riproduttivi. Digi Connect IT® 4 User Guide...
  • Page 903: Latvian--Latvietis

    Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. CA Prop 65 brīdinājums: Šis produkts satur ķīmiskas vielas, par kurām Kalifornijas štats zina vēzi, iedzimtus defektus vai citus reproduktīvus traucējumus. Digi Connect IT® 4 User Guide...
  • Page 904: Lithuanian--Lietuvis

    Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. CA „Prop 65“ įspėjimas: Šiame produkte yra chemikalų, kurie, Kalifornijos valstijai žinomi, gali sukelti vėžį, apsigimimus ar kitokią žalą reprodukcijai. Digi Connect IT® 4 User Guide...
  • Page 905: Polish--Polskie

    życie. Nie włączaj urządzenia w żadnym samolocie. Ostrzeżenie CA Prop 65: ten produkt zawiera substancje chemiczne, o których stan Kalifornia wiadomo, że powodują raka, wady wrodzone lub inne uszkodzenia układu rozrodczego. Digi Connect IT® 4 User Guide...
  • Page 906: Portuguese--Português

    à vida. Não ligue a unidade em nenhuma aeronave. Aviso CA Prop 65: Este produto contém produtos químicos conhecidos no estado da Califórnia por causar câncer, defeitos de nascença ou outros danos reprodutivos. Digi Connect IT® 4 User Guide...
  • Page 907: Slovak--Slovák

    života. Jednotku nezapínajte v žiadnom lietadle. Varovanie CA Prop 65: Tento výrobok obsahuje chemikálie, o ktorých je v štáte Kalifornia známe, že spôsobujú rakovinu, vrodené chyby alebo iné poškodenia reprodukcie. Digi Connect IT® 4 User Guide...
  • Page 908: Slovenian--Esloveno

    življenja. Enote ne vklopite v nobenem letalu. Opozorilo CA Prop 65: Ta izdelek vsebuje kemikalije, za katere je država Kalifornija znano, da povzročajo raka, prirojene okvare ali drugo reproduktivno škodo. Digi Connect IT® 4 User Guide...
  • Page 909: Spanish--Español

    No encienda la unidad en ningún avión. Advertencia de CA Prop 65: Este producto contiene sustancias químicas que el estado de California reconoce como causantes de cáncer, defectos de nacimiento u otros daños reproductivos. Digi Connect IT® 4 User Guide...
  • Page 910: Command Line Interface

    Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi Connect IT® 4 User Guide...
  • Page 911: Access The Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the Connect IT 4 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface for more information.
  • Page 912: Exit The Command Line Interface

    Type q or quit to exit. Execute a command from the web interface 1. Log into the Connect IT 4 WebUI as a user with Admin access. 2. At the main menu, click Terminal. The device console appears. Connect IT 4 login: 3.
  • Page 913 Command line interface Execute a command from the web interface The Admin CLI prompt appears. > Digi Connect IT® 4 User Guide...
  • Page 914: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the Connect IT 4 command line, and other keyboard shortcuts: > help Commands...
  • Page 915: Display Help For Individual Commands

    Show SCEP client statistics. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. > show Digi Connect IT® 4 User Guide...
  • Page 916: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect IT® 4 User Guide...
  • Page 917: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the Connect IT 4 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the Connect IT 4 Digi Connect IT® 4 User Guide...
  • Page 918: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the Connect IT 4 device from a remote host, or to the remote host from the Connect IT 4 device.
  • Page 919 Connect IT 4 device. For example: To copy a support report from the Connect IT 4 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 920: Display Status And Statistics Using The Show Command

    Display status and statistics using the show command support-report-0040D0133536-23-05-03-21:24:00.bin > Display status and statistics using the show command The Connect IT 4 show command display status and statistics for various features. For example: show config show config command displays all the configuration settings for the device that have been changed from the default settings.
  • Page 921: Show Network

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The Connect IT 4 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 922: Display Help For The Config Command From The Root Admin Cli Prompt

    2. You can then display help for the additional configuration commands. For example, to display help for the config service command: > config service ? Services Additional Configuration -------------------------------------------------------------------------- mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP telnet Telnet web_admin Web administration > config service Digi Connect IT® 4 User Guide...
  • Page 923: Configuration Mode

    When the command line is in configuration mode, the prompt will change to include (config), to indicate that you are currently in configuration mode. Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode: Digi Connect IT® 4 User Guide...
  • Page 924: Save Changes And Exit Configuration Mode

    You can discard any unsaved configuration changes and exit configuration mode by using the cancel command: (config)> cancel > After using cancel to discard unsaved changes to the configuration, you will automatically exit configuration mode. Digi Connect IT® 4 User Guide...
  • Page 925: Configuration Actions

    (?) character at the config prompt. For example: 1. Enter ? at the config prompt: (config)> ? This will display the following help information: (config)> ? Additional Configuration -------------------------------------------------------------------------- application Custom scripts auth Authentication Digi Connect IT® 4 User Guide...
  • Page 926 Telnet web_admin Web administration (config)> service 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)> service ssh ? Digi Connect IT® 4 User Guide...
  • Page 927 (config)> service ssh enable ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> Digi Connect IT® 4 User Guide...
  • Page 928: Move Within The Configuration Schema

    You can also enter multiple nodes at once to move multiple steps in the configuration: (config)> service ssh acl zone (config service ssh acl zone)> Move backward one node in the configuration by entering two periods (..): (config service ssh acl zone)> .. (config service ssh acl)> Digi Connect IT® 4 User Guide...
  • Page 929: Manage Elements In Lists

    As demonstrated above, the end keyword is used to add an element to the end of a list. Additionally, the end keyword is used to add an element to a list that does not have any elements. For example, to add an authentication group to a user that has just been created: Digi Connect IT® 4 User Guide...
  • Page 930 Use the show command to verify that the local authentication method was removed: (config)> show auth method 0 tacacs+ 1 radius (config)> Move elements within a list Use the move command to reorder elements in a list. For example, to reorder the authentication methods: Digi Connect IT® 4 User Guide...
  • Page 931: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the Connect IT 4 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 932 (config auth method)> save Configuration saved. > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 933: Enter Strings In Configuration Commands

    Example: Create a new user by using the command line In this example, you will use the Connect IT 4 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 934 Digi Connect IT® 4 User Guide...
  • Page 935 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect IT® 4 User Guide...
  • Page 936: Command Line Reference

    Digi Connect IT® 4 User Guide...
  • Page 937: Analyzer Clear

    Clears the traffic captured by the analyzer. Digi Connect IT® 4 User Guide...
  • Page 938: Analyzer Save

    Stops the traffic capture session. Syntax analyzer stop <name> Parameters name: Name of the capture filter to use. clear dhcp-lease ip-address Clear the DHCP lease for the specified IP address. Syntax clear dhcp-lease ip-address ADDRESS Digi Connect IT® 4 User Guide...
  • Page 939: Clear Dhcp-Lease Mac

    Grep the contents of a file. Syntax grep <match> <path> Parameters match: Output all lines in file matching string. path: The file to grep. help Show CLI editing and navigation commands. Syntax help Parameters None Digi Connect IT® 4 User Guide...
  • Page 940 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. Digi Connect IT® 4 User Guide...
  • Page 941: Mkdir

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware list List modem firmware files found in the /opt/[MODEM_MODEL]/ directory. Digi Connect IT® 4 User Guide...
  • Page 942: Modem Firmware Ota Check

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware ota check Query the Digi firmware server for the latest remote modem firmware version. Syntax modem firmware ota check [name STRING] [imei STRING] Parameters name: The configured name of the modem to execute this CLI command on.
  • Page 943: Modem Firmware Update

    Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Syntax modem pin disable <pin> [name STRING] [imei STRING] Parameters pin: The SIM's PIN code. Digi Connect IT® 4 User Guide...
  • Page 944: Modem Pin Enable

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem puk status Print the PUK status and the number of PUK unlock attempts remaining. Digi Connect IT® 4 User Guide...
  • Page 945: Modem Puk Unlock

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. timeout: The amount of time in seconds to wait for modem scan to complete. (Default: 300) modem sim-slot Digi Connect IT® 4 User Guide...
  • Page 946: Monitoring

    Immediately upload current device health metrics. Functions as if a scheduled upload was triggered. Syntax monitoring metrics upload Parameters None more View a file. Syntax more <path> Parameters path: The file to view. Move a file or directory. Digi Connect IT® 4 User Guide...
  • Page 947: Ping

    The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. poweroff Power off the system. Syntax poweroff Parameters None reboot Reboot the system. Parameters None Digi Connect IT® 4 User Guide...
  • Page 948 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. Digi Connect IT® 4 User Guide...
  • Page 949: Scp

    Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None Digi Connect IT® 4 User Guide...
  • Page 950: Show Config

    Parameters None show eth Show ethernet status & statistics. Syntax show eth [name STRING] Parameters name: Display more details and configuration data for a specific ethernet instance. show event Show event list (high level). Digi Connect IT® 4 User Guide...
  • Page 951: Show Hotspot

    Show L2TP access concentrator status & statistics. Syntax show l2tp lac [name STRING] Parameters name: Display more details for a specific L2TP access concentrator. show l2tp lns Show L2TP network server status & statistics. Syntax show l2tp lns [name STRING] Digi Connect IT® 4 User Guide...
  • Page 952: Show L2Tpeth

    'number'. show manufacture Show manufacturer information. Syntax show manufacture [verbose] Parameters verbose: Display more information (less concise, more detail). show modbus-gateway Digi Connect IT® 4 User Guide...
  • Page 953: Show Modem

    Show NEMO status and statistics. Syntax show nemo [name STRING] Parameters name: Display more details and configuration data for a specific NEMO instance. show network Show network interface status & statistics. Syntax show network [interface STRING] [all] [verbose] Digi Connect IT® 4 User Guide...
  • Page 954: Show Ntp

    Display more details and config data for a specific OpenVPN server. all: Display all servers including disabled servers. show route Show IP routing information. Syntax show route [ipv4] [ipv6] [verbose] Parameters ipv4: Display IPv4 routes. ipv6: Display IPv6 routes. Digi Connect IT® 4 User Guide...
  • Page 955: Show Scep-Client

    Show SureLink status & statistics for network interfaces. Syntax show surelink interface [name STRING] [all] Parameters name: The name of a specific network interface. all: Show all network interfaces. show surelink ipsec Show SureLink status & statistics for IPsec tunnels. Digi Connect IT® 4 User Guide...
  • Page 956: Show Surelink Openvpn

    Show SureLink state & fail counts for each network interfaces. Syntax show surelink state Parameters None show system Show system status & statistics. Syntax show system [verbose] Parameters verbose: Display more information (disk usage, etc). show usb Show USB information. Syntax show usb Digi Connect IT® 4 User Guide...
  • Page 957: Show Version

    The name or address of the remote speed test host/server. size: The number of kilobytes sent in the speed test packets. (Minimum: 0, Default: 1000) mode: The type of speed test protocol to run. (Default: nuttcp) Digi Connect IT® 4 User Guide...
  • Page 958: Ssh

    Telnet (port 23) at IP address 192.168.210.1. To return the device to normal operation, perform the configuration erase procedure with the device's ERASE button twice consecutively. Syntax system disable-cryptography Parameters None Digi Connect IT® 4 User Guide...
  • Page 959: System Duplicate-Firmware

    Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Digi Connect IT® 4 User Guide...
  • Page 960: System Firmware Ota Update

    Ignition power off delay. Format: number{h|m|s}, Max: 18h. (Minimum: 0s, Maximum: 18h) system restore Restore the device's configuration from a backup archive or CLI commands file. Syntax system restore <path> [passphrase STRING] Parameters path: The path to the backup file. Digi Connect IT® 4 User Guide...
  • Page 961: System Script Start

    The path and filename to save captured traffic to. If a relative path is provided, /etc/config/serial will be used as the root directory for the path and file. system serial show Displays the serial log on the screen. Digi Connect IT® 4 User Guide...
  • Page 962: System Support-Report

    Set the local time to the first enabled time source that returns valid time information. Syntax system time sync Parameters None system time test Test each enabled time source. This test will not affect the device's current local date and time. Syntax system time test Parameters None Digi Connect IT® 4 User Guide...
  • Page 963: Tail

    A value of -1 specifies that no specific port will be used. (Minimum: -1, Default: -1) nqueries: Sets the number of probe packets per hop. A value of -1 indicated. (Minimum: 1, Default: 3) Digi Connect IT® 4 User Guide...
  • Page 964 Use ICMP ECHO for probes. nomap: Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. Digi Connect IT® 4 User Guide...

Table of Contents