Digi IX10 User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Network Router
  5. IX10
  6. User manual

Digi IX10 User Manual

Hide thumbs Also See for IX10:
1
2
3
4
5
6
7
Table Of Contents
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
Table of Contents

Advertisement

Quick Links

Download this manual
IX10
User Guide
Firmware version 23.3

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IX10 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi IX10

Summary of Contents for Digi IX10

  • Page 1 IX10 User Guide Firmware version 23.3...

  • Page 2: Revision History-90002399

    Revision history—90002399 Revision Date Description Release of Digi IX10 firmware version 22.2: March 2022 VPN enhancements: Renamed VPN > IPsec > Tunnels > Policies > Local network setting to Local traffic selector and added Remote traffic selector. Added a Dynamic option to the Local traffic...
  • Page 3 New settings to control the NMEA message content that the devices sends when there is no valid fix from any of the configured location sources. Not used. Release of Digi IX10 firmware version 22.8: September 2022 Cellular modem enhancements: Added modem ota download and system...
  • Page 4 Added the ability to turn off all LEDs on the device to reduce power consumption. Release of Digi IX10 firmware version 22.11: December 2022 Updated the Linux kernel to version 5.19. The intelliFlow feature now integrates with Digi Remote Manager to provide aggregated insights and analytics for all Digi devices in your environment.
  • Page 5 Removed options in the local web UI and Admin CLI for manually starting, stopping, and clearing serial logs. These actions are now controlled under the data logging configuration settings. Release of Digi IX10 firmware version 23.3: May 2023 Surelink: Redesigned Surelink configuration settings.
  • Page 6 Dashboard. Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
  • Page 7 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (IX10 User Guide, 90002399 L) in the subject line of your email. IX10 User Guide...

  • Page 8: Table Of Contents

    Contents Revision history—90002399 What's new in Digi IX10 version 23.3 Digi IX10 Quick start Step 1: What's in the box Step 2: Gather accessories Step 3: Connect Apply Dielectric Grease over SIM Contacts Step 4: Configure Digi IX10 hardware reference Digi IX10 features and specifications...
  • Page 9 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple IX10 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 10 Configure RealPort mode using the Digi Navigator Installation and configuration process Digi Navigator features Install the Digi Navigator Configure RealPort on a Digi device from the Digi Navigator Digi Navigator application features Advanced RealPort configuration without using the Digi Navigator Windows Operating System...
  • Page 11 L2TP with IPsec Show L2TP tunnel status L2TPv3 Ethernet Configure an L2TPv3 tunnel Show L2TPV3 tunnel status NEMO Configure a NEMO tunnel Show NEMO status Services Allow remote access for web administration and SSH Configure the web administration service IX10 User Guide...
  • Page 12 Releasing the LEDs to system control Use Python to control the color of multi-colored LEDs Example: Set the LTE connection indicator to flashing purple Set up the IX10 to automatically run your applications Configure scripts to run automatically Show script information...
  • Page 13 Terminal Access Controller Access-Control System Plus (TACACS+) TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your IX10 device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration...
  • Page 14 Verify your web filtering configuration Show web filter service information Containers Use Digi Remote Manager to deploy and run containers Use an automation to start the container Upload a new LXC container Configure a container Starting and stopping the container...
  • Page 15 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems Digi IX10 regulatory and safety statements RF exposure statement Federal Communication (FCC) Part 15 Class B Radio Frequency Interference (RFI) (FCC 15.105)
  • Page 16 Display help for the config command from the root Admin CLI prompt Configuration mode Enable configuration mode Enter configuration commands in configuration mode Save changes and exit configuration mode Exit configuration mode without saving changes Configuration actions IX10 User Guide...
  • Page 17 IX10 User Guide...
  • Page 18 IX10 User Guide...
  • Page 19 IX10 User Guide...

  • Page 20: What's New In Digi Ix10 Version 23.3

    What's new in Digi IX10 version 23.3 Release of Digi IX10 firmware version 23.3: Surelink: Redesigned Surelink configuration settings. Added show surelink state Admin CLI command to display the overall pass/fail status of enabled Surelink tests. New configuration settings for LXC containers: Start on boot to configure the container to start when the system boots.

  • Page 21: Digi Ix10 Quick Start

    When you open the IX10 package, look for the following: Digi IX10 device The Digi IX10 has a product label on the bottom of the device. The label includes product identification information and the default password assigned to the device. The IX10 also includes a terminal connector for the power supply installed in the power input.

  • Page 22: Step 3: Connect

    Ordered separately. For optionally clipping the IX10 to a DIN rail. Laptop or personal computer Use an Ethernet cable to connect your IX10 to a laptop or PC. SIM card(s) If you intend to configure cellular WWAN access at this time, acquire SIM cards as needed.

  • Page 23: Apply Dielectric Grease Over Sim Contacts

    For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX10 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 24: Step 4: Configure

    Verify that the signal strength indicator on the front of the IX10 shows 2 or more bars. Note If your SIM card has an APN that is not recognized by the IX10 device, skip this step and configure the APN following the procedure at Configure cellular modem APNs.
  • Page 25 Digi IX10 Quick start Step 4: Configure 1. On the PC connected to the IX10, open a browser and go to 192.168.210.1. 2. Log into the IX10: User name: Use the default user name: admin. Password: Use the unique password printed on the bottom label of the device (or the printed label included in the package).

  • Page 26: Digi Ix10 Hardware Reference

    10/100 BaseT Ethernet port for high-speed connectivity. For a detailed list of IX10 hardware specifications, see https://www.digi.com/products/networking/cellular-routers/industrial/digi-ix10#specifications. IX10 accessories When accessories are purchased with the IX10 device, the following are provided: Cellular antennas. Power supply. Ethernet cable. DIN rail mounting clip.

  • Page 27: Ix10 Leds

    The SELECT button is used to manually toggle between the two SIM slots. 8. SIM slots See Install SIM cards for more details. IX10 LEDs The IX10 LEDs are located on the top front panel. . During bootup, the front-panel LEDs light up in sequence to indicate boot progress. IX10 User Guide...

  • Page 28: Power (Pwr)

    Digi IX10 hardware reference IX10 LEDs Power (PWR) No power. Solid green Device has power but is not connected to the internet. Flashing green/cyan Device has power and is in the process of connecting to the internet. Solid cyan Device has power and is connected to the internet.

  • Page 29: Signal Quality Indicators

    Digi IX10 hardware reference IX10 LEDs Solid yellow (or orange) Initializing or starting up. Flashing yellow (or orange) Flashing white In the process of connecting to the ETH port connection established and cellular network and to a device on in the process of connecting to the its ETH port.

  • Page 30: Ethernet Link And Activity

    Solid amber: 10/100 Mbps link detected. Signal quality bars explained The signal status bars for the Digi IX10 measure more than simply signal strength. The value reported by the signal bars is calculated using an algorithm that takes into consideration the Reference Signals Received Power (RSRP), the Signal-to-noise ratio (SNR), and the Received Signal Strength Indication (RSSI) to provide an accurate indicator of the quality of the signal that the device is receiving.

  • Page 31: Ix10 Power Supply Requirements

    IX10 power supply requirements IX10 is intended to be powered by a certified power supply with output rated at either 12 VDC/0.75 A or 24 VDC/0.375 A minimum. Use the Digi power supply accessory kit 76002104.

  • Page 32: 10-Pin Serial Cabling Options

    TxD/RxD- 10-pin serial cabling options Digi offers several cabling options for connecting a 10 pin RJ-45/RJ-50 serial port to DB9 and DB25 serial connectors. Digi recommends the RJ45/Bare Wire 48 inch cable, part number 76000723, which provides a customizable connector to connect EIA 422/485 Devices to Digi MEI products that have 10 pin RJ45 connectors.
  • Page 33 Digi IX10 hardware reference QR code definition Example IX10;00000000-00000000-112233FF-FF445566;PW1234567890;50001001-00 IX10 User Guide...

  • Page 34: Hardware Setup

    Hardware setup This chapter contains the following topics: Install SIM cards Connect data cables Mount the IX10 device IX10 User Guide...

  • Page 35: Install Sim Cards

    2. For high-vibration environments, apply a thin layer of dielectric grease to the SIM contacts. Note If the IX10 device is used in an environment with high vibration levels, SIM card contact fretting may cause unexpected SIM card failures. To protect the SIM cards, Digi strongly recommends that you apply a thin layer of dielectric grease to the SIM contacts prior to installing the SIM cards.

  • Page 36: Sim Removal

    SIM removal The IX10 has a PUSH-PUSH SIM connector. To insert, push each SIM in until it clicks, and repeat for removal. When you push to eject, the SIM ejects back out about 1/8 inch. Tips for improving cellular signal strength...

  • Page 37: Attach To A Mounting Surface By Using The Mounting Tabs

    Attach to DIN rail with clip The DIN rail clip is an optional accessory included when the IX10 is purchased with accessories. You can attach the din rail clip directly to the device either on the back or the bottom of the device.
  • Page 38 Hardware setup Mount the IX10 device b. Set the IX10 device onto a DIN rail and gently press until the clip snaps into the rail. 2. Attach the DIN rail clip to the bottom of the device: a. Attach the DIN rail clip to the bottom of the device with the screws provided.
  • Page 39 Hardware setup Mount the IX10 device b. Set the IX10 device onto a DIN rail and gently press until the clip snaps into the rail. WARNING! If being installed above head height on a wall or ceiling, ensure the device is fitted securely to avoid the risk of personal injury.
  • Page 40 This chapter contains the following topics: Review IX10 default settings Change the default password for the admin user Configuration methods Using Digi Remote Manager Using the local web interface Use the local REST API to configure the IX10 device Using the command line IX10 User Guide...

  • Page 41: Firmware Configuration

    Firmware configuration Review IX10 default settings Review IX10 default settings You can review the default settings for your IX10 device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the IX10 WebUI as a user with Admin access. See Using the local web interface details.

  • Page 42: Other Default Configuration Settings

    Security policies Packet filtering allows all outbound traffic. SSH and web administration: Enabled for local administration Firewall zone: Internal Device heath metrics uploaded to Digi Remote Manager at 60 minute Monitoring interval. SNMP: Disabled Enabled Serial port Serial mode: Remote...
  • Page 43 Firmware configuration Change the default password for the admin user 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 44: Configuration Methods

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 45: Using Digi Remote Manager

    Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your IX10 device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager, either: As part of the getting started process.

  • Page 46: Log Out Of The Web Interface

    On the main menu, click your user name. Click Log out. Use the local REST API to configure the IX10 device Your IX10 device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
  • Page 47 Firmware configuration Use the local REST API to configure the IX10 device 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type ? (question mark): (config)> ? auth Authentication cloud Central management...

  • Page 48: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    Firmware configuration Use the local REST API to configure the IX10 device "result": { "type": "object", "path": "service.ssh" "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge" "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" "mdns.name": "" "mdns.type": "_ssh._tcp." "port": "22" "protocol.0": "tcp"...

  • Page 49: Use The Delete Method To Remove Items From A List Array

    Firmware configuration Use the local REST API to configure the IX10 device $ curl -k -u admin "https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.enable&value=false" -X POST Enter host password for user 'admin': { "ok": true } Use the POST method to add items to a list array To add items to a list array, use the POST method with the path and append parameters.
  • Page 50 Firmware configuration Use the local REST API to configure the IX10 device "1": "edge" "2": "ipsec" "3": "setup" "4": "external" 2. Use the DELETE method to remove the external zone (list item 4). $ curl -k -u admin https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.acl.zone.4 -X DELETE Enter host password for user 'admin': { "ok": true }...

  • Page 51: Using The Command Line

    Log in to the command line interface    Command line 1. Connect to the IX10 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 52: Exit The Command Line Interface

    Admin CLI s: Shell q: Quit Select access or quit [admin] : Type a or admin to access the IX10 command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...

  • Page 53: Central Management

    Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple IX10 devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...

  • Page 54: Digi Remote Manager Support

    This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 55 HTTP proxy server support. To configure your device's Digi Remote Manager support:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 56 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the IX10 device should wait before reattempting to connect to remote cloud services after being disconnected. The default is 30 seconds.
  • Page 57 CLI. If disabled, no login prompt will be presented and the user will be logged in as admin. The default is disabled. 16. (Optional) Configure the IX10 device to communicate with remote cloud services by using SMS: a. Click to expand Short message service.
  • Page 58    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 59 (config)> cloud drm keep_alive 600s (config)> 7. (Optional) Set the amount of time that the IX10 device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 60 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 14. (Optional) Configure the IX10 device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...

  • Page 61: Collect Device Health Data And Set The Sample Interval

    To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 62 8. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 63 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.

  • Page 64: Enable Event Log Upload To Digi Remote Manager

    Type quit to disconnect from the device. Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval: ...
  • Page 65 Central management Configure your device for Digi Remote Manager support 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 66: Log Into Digi Remote Manager

    Central management Log into Digi Remote Manager 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 67: Use Digi Remote Manager To View And Manage Your Device

    The same default password is also shown on the label affixed to the bottom of the device. 6. (Optional) Complete the other fields. 7. Click Add Device. Remote Manager adds your IX10 device to your account and it appears in the Device Management view. IX10 User Guide...

  • Page 68: Configure Multiple Ix10 Devices By Using Digi Remote Manager Configurations

    Remote Manager configurations. Typically, if you want to provision multiple IX10 routers: 1. Using the IX10 local WebUI, configure one IX10 router to use as the model configuration for all subsequent IX10s you need to manage. 2. Register the configured IX10 device in your Remote Manager account.

  • Page 69: View Digi Remote Manager Connection Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 70: Interfaces

    Interfaces IX10 devices have several physical communications interfaces. These interfaces can be bridged in a Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Wireless Wide Area Networks (WWANs) Local Area Networks (LANs)

  • Page 71: Wireless Wide Area Networks (Wwans)

    Problems can occur beyond the immediate modem connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the IX10 device to detect that the modem has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 72 Reboot Device with other SureLink recovery actions, it should be the last action in the recovery action list. Otherwise, the device will reboot and all recovery actions listed after the Reboot Device action will be ignored. To configure the IX10 device to regularly probe connections through the WWAN:    Web...
  • Page 73 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 74 New tests are enabled by default. To disable, click to toggle off Enable. b. Type a Label for the test. c. Click to toggle on IPv6 if the test should apply to both IPv6 rather than IPv4. d. Select the Test type. Available test types: IX10 User Guide...
  • Page 75 Custom test: Tests the interface with custom commands. If Custom test is selected, complete the following: The Commands to run to test. TCP connection test: Tests that the interface can reach a destination port on the configured host. IX10 User Guide...
  • Page 76 Increase metric to change active default gateway: Increase the interface's metric by this amount. This should be set to a number large enough to change the routing table to use another default gateway. The default is 100. IX10 User Guide...
  • Page 77 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Powercycle the modem. This recovery action is available for WWAN interfaces only. IX10 User Guide...
  • Page 78    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 79 Uses ICMP to determine connectivity. If ping is selected, complete the following: Set the ping_method: (config network interface my_wwan surelink tests 1)> ping_ method value (config network interface my_wwan surelink tests 1)> where value is one of: IX10 User Guide...
  • Page 80 (config network interface my_wwan surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: IX10 User Guide...
  • Page 81 Set the TCP port to create a TCP connection to. (config network interface my_wwan surelink tests 1)> tcp_port port (config network interface my_wwan surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: IX10 User Guide...
  • Page 82 (config)> add network interface my_wwan surelink actions end (config network interface my_wwan surelink actions 0)> c. New actions are enabled by default. To disable: (config network interface my_wwan surelink actions 0)> enable false (config network interface my_wwan surelink actions 0)> IX10 User Guide...
  • Page 83 Set the number of attempts for this recovery action to perform, before moving to the next recovery action: (config network interface my_wwan surelink actions 0)> max_ attempts int (config network interface my_wwan surelink actions 0)> The default is 3. IX10 User Guide...
  • Page 84 (config network interface my_wwan surelink actions 0)> override_interval int (config network interface my_wwan surelink actions 0)> modem_power_cycle. If modem_power_cycle is selected, complete the following: Set the number of attempts for this recovery action to perform, before moving to the next recovery action: IX10 User Guide...
  • Page 85 (config network interface my_wwan surelink actions 0)> custom_action_commands_modem "string" (config network interface my_wwan surelink actions 0)> Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. IX10 User Guide...
  • Page 86 (config)> network interface my_wwan surelink timeout value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: IX10 User Guide...
  • Page 87 IP address is not accessible due to networking issues. To set to an alternate host: (config)> network interface my_wwan surelink advanced interface_ gateway hostname/IP_address (config)> 8. Save the configuration and apply the change: (config network interface my_wwan ipv4 surelink)> save Configuration saved. > IX10 User Guide...

  • Page 88: Configure The Device To Reboot When A Failure Is Detected

    To configure the IX10 device to reboot when an interface has failed:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX10 User Guide...
  • Page 89 Wireless Wide Area Networks (WWANs) 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 90 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. IX10 User Guide...
  • Page 91 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: IX10 User Guide...
  • Page 92 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: IX10 User Guide...
  • Page 93 Powercycle the modem. This recovery action is available for WWAN interfaces only. If Powercycle the modem is selected, complete the following: Attempts: The number of attempts for this recovery action to perform, before moving to the next recovery action. IX10 User Guide...
  • Page 94    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 95 (config network interface my_wwan surelink tests 1)> ping_host hostname/IP_address (config network interface my_wwan surelink tests 1)> interface_gateway. If set, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop IX10 User Guide...
  • Page 96 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config network interface my_wwan surelink tests 1)> interface_down_time 600s (config)> Set the amount of time to wait for the interface to connect for the first time before the test is considered to have failed. IX10 User Guide...
  • Page 97 If other is selected, complete the following: Set the interface to test. i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config network interface my_wan surelink tests 1)> other_ interface /network/interface/eth1 (config network interface my_wan surelink tests 1)> IX10 User Guide...
  • Page 98 (config network interface my_wwan surelink actions 0)> label string (config network interface my_wwan surelink actions 0)> e. Set the type of recovery action to reboot_device: (config network interface my_wwan surelink actions 0)> action reboot_ device (config network interface my_wwan surelink actions 0)> IX10 User Guide...
  • Page 99 (config)> network interface my_wwan surelink pass_threshold int (config)> The default is 1. e. Set the amount of time that the device should wait for a response to a test attempt before considering it to have failed: IX10 User Guide...
  • Page 100 The interface_gateway parameter is used by the Interface gateway Ping test as the endpoint for traceroute to use to determine the interface gateway. The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. To set to an alternate host: IX10 User Guide...

  • Page 101: Disable Surelink

    SureLink to disable the DNS test and use one or more other tests.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 102    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 103 WAN connections that do not allow DNS resolution, and configure alternate test.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 104 9. Click  to add a new test. 10. Type a Label for the test. 11. Click to toggle on IPv6 if the test should apply to both IPv6 rather than IPv4. 12. Select the Test type. Available test types: IX10 User Guide...
  • Page 105 If Custom test is selected, complete the following: The Commands to run to test. TCP connection test: Tests that the interface can reach a destination port on the configured host. If TCP connection test is selected, complete the following: IX10 User Guide...
  • Page 106    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 107 Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: (config network interface my_wan surelink tests 1)> dns_server IP_address (config network interface my_wan surelink tests 1)> IX10 User Guide...
  • Page 108 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: IX10 User Guide...
  • Page 109 The IPv6 connection must be up. The status required for the test to past. (config network interface my_wan surelink tests 1)> other_ status value (config network interface my_wan surelink tests 1)> where value is one of: IX10 User Guide...

  • Page 110: Using Cellular Modems In A Wireless Wan (Wwan)

    Typically, you configure SIM1 of the cellular modem as the primary cellular interface, and SIM2 as the backup cellular interface. In this way, if the IX10 device cannot connect to the network using SIM1, it automatically fails over to SIM2. IX10 devices automatically use the correct cellular module firmware for each carrier when switching SIMs.
  • Page 111 Interfaces Wireless Wide Area Networks (WWANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 112 11. For Access technology, select the type of cellular technology that this modem should use to access the cellular network, or select All technologies to configure the modem to use the best available technology. The default is All technologies. IX10 User Guide...
  • Page 113    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 114 For example, to set query_interval to ten minutes, enter either 10m or 600s: (config)> network modem wan query_interval 600s (config)> The default is 30s. 8. Set the maximum number of interfaces. This is used when using dual-APN SIMs. The default is (config)> network modem modem max_intfs int (config)> IX10 User Guide...
  • Page 115 12. Save the configuration and apply the change: (config)> save Configuration saved. > 13. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
  • Page 116 APN. To configure the APN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 117 10. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 118 No authentication is required. auto: The device will attempt to connect using CHAP first, and then PAP. chap: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. pap: Uses the Password Authentication Profile (PAP) to authenticate. IX10 User Guide...
  • Page 119    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 120 IPv4 DNS server(s) : 245.144.162.207, 245.144.162.208 IPv6 surelink : passing IPv6 address : 11f6:4680:0d67:59d2:552b:3429:81a8:f1ea IPv6 gateway : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) IX10 User Guide...
  • Page 121   Command line To unlock a SIM card: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 122    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 123 Separation of untrusted Internet traffic from trusted internal network traffic. Secure connection to internal customer network without using a VPN. Separate billing structures for public and private traffic. Site-to-site networking, without the overhead of tunneling for each device. IX10 User Guide...
  • Page 124 APNs, and then use routing roles to forward traffic to the appropriate WWAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 125 For Zone, select External. e. For Device, select Modem . f. (Optional): Configure the public APN. If the public APN is not configured, the IX10 will attempt to determine the APN. i. Click to expand APN list > APN.
  • Page 126 Click the  to add a new route policy. c. For Label, enter Route through private APN. d. For Interface, select Interface: WWAN_Private. e. Configure the source address: i. Click to expand Source address. ii. For Type, select IPv4 address. iii. For Address, type 192.168.2.101. IX10 User Guide...
  • Page 127    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 128 Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through private apn" (config network route policy 0)> c. Set the interface: (config network route policy 0)> interface /network/interface/WWANPrivate (config network route policy 0)> IX10 User Guide...

  • Page 129: Configure A Wireless Wide Area Network (Wwan)

    The firewall zone: External. The cellular modem that is used by the WWAN. Additional configuration items SIM selection for this WWAN. The SIM PIN. The SIM phone number for SMS connections. Enable or disable roaming. SIM failover configuration. APN configuration. IX10 User Guide...
  • Page 130    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 131 If SIM slot is selected, for Match SIM slot, select which SIM slot must be in active for this WWAN to be used. If Carrier is selected, for Match SIM carrier, select which cellular carrier must be in active for this WWAN to be used. IX10 User Guide...
  • Page 132 Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN list and APN list only, the IX10 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 133    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 134 6. Set theSIM matching criteria to determine when this WWAN should be used: (config network interface my_wwan)> modem match value (config network interface my_wwan)> Where value is one of: carrier Set the cellular carrier must be in active for this WWAN to be used: IX10 User Guide...
  • Page 135 (config network interface my_wwan)> sim_slot Set which SIM slot must be in active for this WWAN to be used: (config network interface my_wwan)> modem sim_slot value (config network interface my_wwan)> where value is either 1 or 2. IX10 User Guide...
  • Page 136 2G: Only 2G technology will be used. 3G: Only 3G technology will be used. 4G: Only 4G technology will be used. NR5G-NSA: Only 5G non-standalone technology will be used. NR5G-SA: Only 5G standalone technology will be used. The default is all. IX10 User Guide...
  • Page 137 The device will reboot if automatic SIM switching is unavailable. 12. The IX10 device uses a preconfigured list of Access Point Names (APNs) when attempting to connect to a cellular carrier for the first time. After the device has successfully connected, it will remember the correct APN.
  • Page 138 DNS server, the interface with the lowest metric will be used for DNS requests. never: Never use DNS servers for this WWAN. primary: Only use the DNS servers provided for this WWAN when the WWAN is the primary route. The default setting is primary. IX10 User Guide...

  • Page 139: Show Wwan Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 140: Delete A Wwan

    Type quit to disconnect from the device. Delete a WWAN. Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1, or the preconfigured WWAN, Modem.    Web IX10 User Guide...
  • Page 141 Interfaces Wireless Wide Area Networks (WWANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 142 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 143: Local Area Networks (Lans)

    Interfaces Local Area Networks (LANs) Local Area Networks (LANs) The IX10 device is preconfigured with the following Local Area Networks (LANs): Interface type Preconfigured interfaces Devices Default configuration Local Area Ethernet: Firewall zone: Network Internal (LAN) IP Address: 192.168.2.1/24 DHCP server...

  • Page 144: About Local Area Networks (Lans)

    The IPv4 Maximum Transmission Unit (MTU) of the LAN. When to use DNS: always, never, or only when this interface is the primary default route. IPv4 DHCP server configuration. See DHCP servers for more information. IX10 User Guide...
  • Page 145 To create a new LAN or edit an existing LAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 146 7. For Device, select an Ethernet device. 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The IX10 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 147    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 148 The LAN is configured by default to use a static IP address for its IPv4 configuration. To configure the LAN to be a DHCP client, rather than using a static IP addres: (config network interface my_lan)> ipv4 type dhcp (config network interface my_lan)> IX10 User Guide...
  • Page 149 (?): (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value --------------------------------------------------------------------- ---------- enable true Enable metric Metric mgmt Management priority 1500 prefix_id Prefix ID prefix_length Prefix length type prefix_delegation Type weight Weight Additional Configuration --------------------------------------------------------------------- IX10 User Guide...
  • Page 150 Modify any of the remaining default settings as appropriate. 8. (Optional) To configure 802.1x port based network access control: Note The IX10 can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the IX10 device: (config network interface my_lan)>...

  • Page 151: Change The Default Lan Subnet

    DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 152: Change The Lan Address Type

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 153 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 154: Show Lan Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 155: Delete A Lan

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a LAN Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1. IX10 User Guide...
  • Page 156 Interfaces Local Area Networks (LANs)    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 157: Dhcp Servers

    Type quit to disconnect from the device. DHCP servers You can enable DHCP on your IX10 device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 158 Map static IP addresses to hosts for information about static leases.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 159 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the IX10 device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
  • Page 160    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 161 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the IX10 device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)> network interface my_lan ipv4 dhcp_server advanced gateway_custom ip_address (config)>...
  • Page 162 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the IX10 device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 163 A label for this instance of the static lease. To map static IP addresses:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 164    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 165 Show current static IP mapping To view your current static IP mapping:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click Status 3. Under Networking, click DHCP Leases. ...
  • Page 166 Delete static IP mapping entries To delete a static IP entry:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 167    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 168 Force the option to be sent to the DHCP clients. A label for the custom option.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: IX10 User Guide...
  • Page 169 Interfaces Local Area Networks (LANs) Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
  • Page 170 Interfaces Local Area Networks (LANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 171 LAN. For the IX10 device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 172 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 173 Interfaces Local Area Networks (LANs) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 174    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 175: Virtual Lans (Vlans)

    VLAN can only access other devices on the same VLAN and each device is unaware of any other VLAN, which isolates networks from one another, even though they run over the same physical network. Your IX10 device supports two VLANs modes: Trunking: Supports multiple VLANs per Ethernet port, which enables you to extend your VLAN across multiple switches through your entire network.

  • Page 176: Create A Trunked Vlan Route

    The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 177    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 178: Create A Vlan Using Switchport Mode

    The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 179    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 180: Show Surelink Status And Statistics

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 181: Show Surelink Status For All Interfaces

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 182: Show Surelink Status For All Ipsec Tunnels

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 183: Show Surelink Status For All Openvpn Clients

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 184 Passed test_client1 194.43.79.75 (Ping) 5 seconds Passed > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 185: Serial Port

    Serial port IX10 devices have a single serial port that provides access to different features, depending on the serial port mode selection. Default serial port configuration You can review the default serial port configuration for your device. Serial mode options You can choose a serial mode option for each serial port, depending on the feature that you want to use.

  • Page 186: Configure Login Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 187    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 188 9. Set the type of parity used by the device to which you want to connect: (config)>serial port1 parity parity (config)> Allowed values are: even none The default is none. 10. Set the stop bits used by the device to which you want to connect: (config)>serial port1 stopbits bits (config)> IX10 User Guide...
  • Page 189 Log the time at which date was received or transmitted: (config)>serial port1 logging hex true (config)> f. Log data as hexadecimal values: (config)>serial port1 logging timestamp true (config)> 13. Save the configuration and apply the change: IX10 User Guide...

  • Page 190: Configure Remote Access Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 191 All service settings are disabled by default. Click available options to toggle them to enabled, and set the IP ports as appropriate. For each type of service, you can also configure the access control. To do this, you need to go to Device Configuration: IX10 User Guide...
  • Page 192 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. IX10 User Guide...
  • Page 193 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: i. Click Interfaces. ii. For Add Interface, click .
  • Page 194    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 195 8. Set the number of data bits used by the device to which you want to connect: (config)>serial port databits bits (config)> 9. Set the type of parity used by the device to which you want to connect: (config)>serial port parity parity (config)> Allowed values are: even none The default is none. IX10 User Guide...
  • Page 196 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)>serial port1 idle_timeout 600s (config) The default is 15m. 13. Configure monitor settings. IX10 User Guide...
  • Page 197 To disable: (config)>serial port1 autoconnect flush_string false (config)> The default is always. c. Set the option that initiates the connection: (config)>serial port1 autoconnect conn_type value (config)> where value is one of: telnet IX10 User Guide...
  • Page 198 The default is 1024. c. Set the length of time the device should wait before sending the packet: (config)>serial port1 framing idle_time value (config) where value is in milliseconds (ms) or seconds (s). The maximum value is 60s. IX10 User Guide...
  • Page 199 No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add serial port1 service ssh acl address6 end value (config)> Where value can be: IX10 User Guide...
  • Page 200 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add serial port1 service ssh acl interface end value (config)>...
  • Page 201 Set the option that initiates the connection: (config)>serial port1 service tcp conn_type value (config)> where value is one of: tls_auth The default is tls. v. Enable TCP nodelay messages: (config)>serial port1 service tcp nodelay true (config)> vi. (Optional) Configure access control: IX10 User Guide...
  • Page 202 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add serial port1 service tcp acl interface end value (config)>...
  • Page 203 (config)>serial port1 service telnet enable true (config)> ii. Set the port to be used for ssh communications: (config)>serial port1 service telnet port int (config)> where int is any integer between 1 and 65535. The default is 3001. iii. Enable TCP keep-alive messages: IX10 User Guide...
  • Page 204 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add serial port1 service telnet acl interface end value (config)>...
  • Page 205 Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vi. (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service telnet mdns enable true (config)> IX10 User Guide...

  • Page 206: Configure Application Mode

    Type quit to disconnect from the device. Configure Application mode Application mode provides access to the serial device from Python applications. To change the configuration to match the serial configuration of the device to which you want to connect: IX10 User Guide...
  • Page 207    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 208: Configure Ppp Dial-In Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 209 Serial port Configure PPP dial-in mode a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 210 Click Enable to enable the use of a connection script. c. For Connect script filename, type the name of the script. Scripts are located in the /etc/config/serial directory. An example script, windows_dun.sh is provided. Example windows_dun.sh file: IX10 User Guide...
  • Page 211    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 212 No authentication is required. auto: Attempt to authenticate using CHAP first, and then PAP. chap: Use Challenge Handshake Authentication Protocol (CHAP) to authenticate. pap: Use Password Authentication Protocol (PAP) to authenticate. IX10 User Guide...
  • Page 213 (config)> serial port1 ppp_dialin zone zone (config)> 14. (Optional) Configure the serial port to use a custom PPP configuration file: a. Enable the use of a custom PPP configuration file: (config)> serial port1 ppp_dialin custom enable true (config)> IX10 User Guide...
  • Page 214 # The shell's 'read' builtin breaks on newline, so translate incoming carriage- # return to newline, and outgoing newline to carriage-return-newline. stty icrnl onlcr opost # Read input from the serial port, one line at a time. IX10 User Guide...

  • Page 215: Configure Udp Serial Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 216 For Stop bits, select the number of stop bits used by the device to which you want to connect. e. For Flow control, select the type of flow control used by the device to which you want to connect. 8. Expand Data Framing Settings. IX10 User Guide...
  • Page 217 For Destinations, you can configure the remote sites to which you want to send data. If you do not specify any destinations, the IX10 sends new data from the last IP address and port from which data was received. To add a destination: i.
  • Page 218 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. IX10 User Guide...
  • Page 219 No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: i. Click Interfaces. ii. For Add Interface, click .
  • Page 220 Serial port Configure UDP serial mode 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 221 Set the end pattern. The packet is sent when this pattern is received from the serial port: (config)>serial port1 framing end_pattern backslash-escaped-string (config) e. Set the strip end pattern if you want to remove the end pattern from the packet before it is sent: (config)>serial port1 framing strip_pattern true (config) IX10 User Guide...
  • Page 222 (config)> 15. Configure the remote sites to which you want to send data. If you do not specify any destinations, the IX10 send new data to the last hostname and port from which data was received. To add a destination: i.
  • Page 223 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 224 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add serial port1 udp acl interface end value (config)>...
  • Page 225 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. IX10 User Guide...

  • Page 226: Configure Modbus Mode

    Type quit to disconnect from the device. Configure Modbus mode Modbus mode allows you to use the serial port for Modbus. See Modbus gateway. To change the configuration to match the serial configuration of the device to which you want to connect: IX10 User Guide...
  • Page 227 Serial port Configure Modbus mode    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both.
  • Page 228    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 229: Configure Realport Mode Using The Digi Navigator

    Digi Navigator on your computer, the RealPort application is automatically installed as well. With Digi Navigator, you can set all serial ports on the device to RealPort mode, and then also enable the RealPort service. The COM ports on your laptop are also configured. These processes ensure that RealPort is configured on the device and on your computer.

  • Page 230: Installation And Configuration Process

    5. When the download is complete, click on the downloaded .exe file. The Digi Navigator Setup wizard displays. 6. Select which user(s) should be able to launch the Digi Navigator from this computer after it has been installed: Anyone who uses this computer (all users): Any user who logs into this computer can launch the Digi Navigator.

  • Page 231: Configure Realport On A Digi Device From The Digi Navigator

    Navigator was installed can launch the Digi Navigator. This is the default. 7. Click Install. The Completing Digi Navigator Setup screen displays. 8. Choose the Run Digi Navigator option if you want to launch the Navigator when the installation is complete.
  • Page 232 Configure RealPort mode using the Digi Navigator Download and install the Digi Navigator. 2. Make sure the IX10 is powered connected your local network or computer with an Ethernet cable. 3. Launch the Digi Navigator. 4. Specify the IP address of the Digi device: To add a device, you will need the devices's IP address, and the user name and password for the device.

  • Page 233: Digi Navigator Application Features

    RealPort from within the Digi Navigator. 1. Launch the Digi Navigator if it is not currently open. A list of devices that have RealPort enabled and configured displays in the RealPort Devices section at the bottom of the application screen.
  • Page 234 After you have enabled and configured RealPort on at least one Digi device, a list of configured devices displays at the bottom of the Digi Navigator. You can refresh the list and easily access the COM port configuration on your computer.
  • Page 235 Click Login. Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to determine the types of Digi devices you want to display. Only the devices that are powered on and are discoverable are included.

  • Page 236: Advanced Realport Configuration Without Using The Digi Navigator

    Serial port Advanced RealPort configuration without using the Digi Navigator 4. In the Device Filters section, a list of the Digi device types display. All types are disabled by default, and when all are disabled, all types are displayed. 5. To filter the types that are displayed, click the enable slider for the types you want to display.

  • Page 237: Windows Operating System

    Serial port Advanced RealPort configuration without using the Digi Navigator Windows Operating System This method can be used if your computer has a Windows OS installed and you choose not to use the Digi Navigator to discover devices and configure RealPort.
  • Page 238 1. Navigate to the downloaded Realport .zip file. 2. Open the .zip file. 3. Click on setup.exe to launch the RealPort wizard. The Welcome to the Digi RealPort Setup Wizard screen displays. 4. If this is not the first time you have run the wizard, select the Add a New Device option. If this is the first time running the wizard, no options are available on the screen.

  • Page 239: Configure The Serial Port For Realport Mode

    Serial port Advanced RealPort configuration without using the Digi Navigator 7. Select the Encrypt Network Traffic check box to enable encrypted network traffic. When you select this option, the TCP Port for Encrypted Traffic field becomes available. 8. The TCP Port for Encrypted Traffic field has a default value of 1027. The entry must match the device's TCP port setting.
  • Page 240 Serial port Advanced RealPort configuration without using the Digi Navigator 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration >...
  • Page 241    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 242 Serial port Advanced RealPort configuration without using the Digi Navigator 6. (Optional) Set a label that will be used when referring to this port. (config)> serial port1 label label (config)> 7. Configure serial port logging: a. Enable serial port logging: (config)>serial port1 logging enable true...

  • Page 243: Configure The Realport Service

    Configure the RealPort service After you have configured RealPort mode on the IX10, you must enable and configure the RealPort service. When this step is complete, all of the serial ports on the IX10 are configured to use the RealPort service.

  • Page 244: Review The Serial Port Message Log

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 245 4. To clear and restart the log: > system serial clear port-number > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 246: Routing

    Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) IX10 User Guide...

  • Page 247: Ip Routing

    IP routing IP routing The IX10 device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.

  • Page 248: Configure A Static Route

    The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 249 7. For Interface, select the interface on the IX10 device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 250 Routing IP routing 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 251: Delete A Static Route

    Type quit to disconnect from the device. Delete a static route    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 252    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 253: Policy-Based Routing

    However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the IX10 device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 254 To configure a routing policy:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 255 5. (Optional) For Label, type a label that will be used to identify this route policy. 6. For Interface, select the interface on the IX10 device that will be used with this route policy. 7. (Optional) Enable Exclusive to configure the policy to drop packets that match the policy when the gateway interface is disconnected, rather than forwarded through other interfaces.
  • Page 256    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 257 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the IX10 device that will be used with this route policy: a. Use the ? to determine available interfaces: b. Set the interface. For example: (config network route policy 0)>...
  • Page 258 (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Current value: any (config network route policy 0)> src zone IX10 User Guide...
  • Page 259 Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: IX10 User Guide...
  • Page 260 (config network route policy 0)> dst address6 value (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the destination MAC address to the specified MAC address. Set the MAC address to be matched: IX10 User Guide...

  • Page 261: Example: Dual Wan Policy-Based Routing

    This example routes traffic to a specific IP address to go through the cellular WWAN interface, while all other traffic uses the Ethernet WAN interface.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 262 Click to expand Destination address. b. For Type, select IPv4 address. c. For IPv4 address, type the IP address that will be the destination for outgoing traffic routed through the WWAN interface. In the above example, this is 241.236.162.59. IX10 User Guide...
  • Page 263    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 264: Example: Domain-Based Routing With Dual Wan

    This example routes traffic destined for a specific domain to the WAN Ethernet port, and never through the cellular modem.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 265 Click to expand Destination address. b. For Type, select Domain. c. Click to expand Domains. d. Click the  to add a new domain. e. For Domain, type youtube.com. You can add additional domains by repeating the last two steps. IX10 User Guide...
  • Page 266    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 267: Example: Route Traffic To A Specific Wan Interface Based On The Client Mac Address

    MAC address, while all other client devices are routed through the Ethernet WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 268 Click Firewall > Zones. ii. For Add Zone, type CellularWAN and click . iii. Enable Source NAT. b. Create second firewall zone named EthernetWAN with Source NAT enabled: i. For Add Zone, type EthernetWAN and click . ii. Enable Source NAT. IX10 User Guide...
  • Page 269 Click to expand Source address. ii. For Type, select MAC address. iii. For MAC address, type 26:88:0E:23:50:C2. f. Configure the destination zone: i. Click to expand Destination address. ii. For Type, select Zone. iii. For Zone, select CellularWAN. IX10 User Guide...
  • Page 270    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 271 (config)> add network route policy end (config network route policy 0)> b. Set the label that will be used to identify this route policy: (config network route policy 0)> label "VoIP phone" (config network route policy 0)> IX10 User Guide...
  • Page 272 Set the lable to Reject LAN traffic to cellular WAN: (config firewall filter 2)> label "Reject LAN traffic to cellular WAN" (config firewall filter 2)> c. Set the action to drop: (config firewall filter 2)> action drop (config firewall filter 2)> IX10 User Guide...

  • Page 273: Routing Services

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Routing services Your IX10 includes support for dynamic routing services and protocols. The following routing services are supported: Service or...
  • Page 274 Routing IP routing 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 275    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 276: Show The Routing Table

    Show the routing table To display the routing table:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 277: Dynamic Dns

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 278: Configure Dynamic Dns

    The number of times to retry a failed IP address update.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 279 4. Type a name for this Dynamic DNS instance in Add Service and click . The Dynamic DNS configuration page displays. New Dynamic DNS configurations are enabled by default. To disable, toggle off Enable. 5. For Interface, select the interface that has its IP address registered with the Dynamic DNS provider. IX10 User Guide...
  • Page 280    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 281 8. Set the username to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> username name (config network ddns new_ddns_instance)> 9. Set the password to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> password pwd (config network ddns new_ddns_instance)> IX10 User Guide...
  • Page 282 13. (Optional) Set the number of times to retry a failed IP address update: (config network ddns new_ddns_instance)> retry_count value (config network ddns new_ddns_instance)> where value is any interger. The default is 5. 14. Save the configuration and apply the change: IX10 User Guide...

  • Page 283: Virtual Router Redundancy Protocol (Vrrp)

    Multiple IX10 devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 284 VRRP priorty of devices based on the status of their network connectivity.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 285 For Virtual IP, type the IPv4 or IPv6 address for a virtual IP of this VRRP instance. d. (Optional) Repeat to add additional virtual IPs. 11. See Configure VRRP+ for information about configuring VRRP+. 12. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 286 Routing Virtual Router Redundancy Protocol (VRRP) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 287: Configure Vrrp

    VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a IX10 device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 288 Routing Virtual Router Redundancy Protocol (VRRP) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 289 SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: IX10 User Guide...
  • Page 290 SureLink fails. i. Click to expand IPv4 > SureLink. ii. Click Enable. iii. For Interval, type a the amount of time to wait between connectivity tests. To guarantee seamless internet access for VRRP+ purposes, SureLink tests should occur IX10 User Guide...
  • Page 291    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 292 (config)> network interface eth ipv4 dhcp_server advanced gateway_ custom 192.168.3.3 (config)> b. For backup devices, set the default gateway to the IP address of the VRRP interface on the master device. For example: (config)> network interface eth ipv4 gateway 192.168.3.1 (config)> IX10 User Guide...
  • Page 293 (config network interface eth ipv4 surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config network interface eth ipv4 surelink target 0)> ping_size [num] (config network interface eth ipv4 surelink target 0)> IX10 User Guide...
  • Page 294 (config network interface eth ipv4 surelink target 0)> interface_timeout value (config network interface eth ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. IX10 User Guide...

  • Page 295: Example: Vrrp/Vrrp+ Configuration

    Configure device one (master device)    Web Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 296 Routing Virtual Router Redundancy Protocol (VRRP) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 297 1. Click to expand Network > Interfaces > ETH > IPv4 > DHCP Server 2. For Lease range start, leave at the default of 100. 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. IX10 User Guide...
  • Page 298   Command line Task 1: Configure VRRP on device one 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 299 2. Set the DHCP server gateway type to custom: (config)> network interface eth ipv4 dhcp_server advanced gateway custom (config)> 3. Set the custom gateway to 192.168.3.3: (config)> network interface eth ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> 4. Save the configuration and apply the change: IX10 User Guide...

  • Page 300: Configure Device Two (Backup Device)

    Configure device two (backup device)    Web Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 301 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. 4. Click  to add an interface for monitoring. 5. Select Interface: Modem. 6. Click to enable Monitor VRRP+ master. 7. For Priority modifier, type 30. IX10 User Guide...
  • Page 302 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. 6. For Ping host, type https://remotemanager.digi.com. Task 5: Configure the DHCP server for ETH on device two 1. Click to expand Network > Interfaces > ETH > IPv4 > DHCP Server 2.
  • Page 303   Command line Task 1: Configure VRRP on device two 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 304 (config)> add network interface eth ipv4 surelink target end (config network interface eth ipv4 surelink target 0)> 3. Set the type of test to ping: (config network interface eth ipv4 surelink target 0)> test ping (config network interface eth ipv4 surelink target 0)> IX10 User Guide...

  • Page 305: Show Vrrp Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show VRRP status and statistics This section describes how to display VRRP status and statistics for a IX10 device. VRRP status is available from the Web UI only. ...
  • Page 306 Routing Virtual Router Redundancy Protocol (VRRP) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 307 Routing Virtual Router Redundancy Protocol (VRRP) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 308 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet NEMO IX10 User Guide...

  • Page 309: Ipsec

    Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The IX10 supports the Tunnel mode. With the Tunnel mode, the entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet. Transport mode is not currently supported.

  • Page 310: Authentication

    Client authenticaton XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The IX10 device can be configured to authenticate with the remote peer as an XAUTH client. RSA Signatures With RSA signatures authentication, the IX10 device uses a private RSA key to authenticate with a...
  • Page 311 NAT is being used. If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel. The Network Address Translation (NAT) keep alive time. The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH). IX10 User Guide...
  • Page 312    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 313 8. (Optional) Enable Force UDP encapsulation to force the tunnel to use UDP encapsulation even when it does not detect that NAT is being used. 9. For Zone, select the firewall zone for the IPsec tunnel. Generally this should be left at the default of IPsec. IX10 User Guide...
  • Page 314 For Authentication type, select one of the following: Pre-shared key: Uses a pre-shared key (PSK) to authenticate with the remote peer. i. Type the Pre-shared key. Asymmetric pre-shared keys: Uses asymmetric pre-shared keys to authenticate with the remote peer. IX10 User Guide...
  • Page 315 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the IX10 device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See...
  • Page 316 Round robin: Attempts to connect to hostnames sequentially based on the list order. Random: Randomly selects an IPsec peer to connect to from the hostname list. Priority ordered: Selects the first hostname in the list that is resolvable. c. Click to expand Hostname. IX10 User Guide...
  • Page 317 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. IX10 User Guide...
  • Page 318 For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. IX10 User Guide...
  • Page 319 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. IX10 User Guide...
  • Page 320 27. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 321 Default value: ipsec Current value: ipsec (config vpn ipsec tunnel ipsec_example)> Note Depending on your network configuration, you may need to add a packet filtering rule to allow incoming traffic. For example, for the IPsec zone: IX10 User Guide...
  • Page 322 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. The default is esp. IX10 User Guide...
  • Page 323 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key (config vpn ipsec tunnel ipsec_example)> IX10 User Guide...
  • Page 324 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> IX10 User Guide...
  • Page 325 Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. (config vpn ipsec tunnel ipsec_example)> local id type ipv4_id (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. IX10 User Guide...
  • Page 326 Attempts to connect to hostnames sequentially based on the list order. random: Randomly selects an IPsec peer to connect to from the hostname list. priority: Selects the first hostname in the list that is resolvable. IX10 User Guide...
  • Page 327 ID_FQDN IKE identity. keyid: The ID will be interpreted as a Key ID and sent as an ID_KEY_ID IKE identity. Set the key ID: (config vpn ipsec tunnel ipsec_example)> remote id type keyid_id (config vpn ipsec tunnel ipsec_example)> IX10 User Guide...
  • Page 328 To disable: (config vpn ipsec tunnel ipsec_example)> ike pad false (config vpn ipsec tunnel ipsec_example)> f. Set the amount of time that the IKE security association expires after a successful negotiation and must be re-authenticated: IX10 User Guide...
  • Page 329 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ii. Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> IX10 User Guide...
  • Page 330 Use the ? to determine available Diffie-Hellman group types: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> dh_group ? curve25519 curve448 ecp192 ecp224 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> ii. Set the Diffie-Hellman group type: IX10 User Guide...
  • Page 331 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 aes192 aes192gcm128 aes192gcm64 IX10 User Guide...
  • Page 332 The default is modp2048. vi. (Optional) Add additional phase 2 proposals: i. Move back one level in the schema: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> (config vpn ipsec tunnel ipsec_example ike phase2_proposal)> ii. Add an additional proposal: IX10 User Guide...
  • Page 333 Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. (config vpn ipsec tunnel ipsec_example nat 0)> dst value (config vpn ipsec tunnel ipsec_example nat 0)> IX10 User Guide...
  • Page 334 (config vpn ipsec tunnel ipsec_example policy 0)> where value is the IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. dynamic: Uses the address of the local endpoint. IX10 User Guide...
  • Page 335 (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: any: Matches any protocol. tcp: Matches TCP protocol only. udp: Matches UDP protocol only. icmp: Matches ICMP requests only. IX10 User Guide...
  • Page 336 IKE timeout (config)> Generally, the default settings for these should be sufficient. c. You can also enable debugging for IPsec: (config)> vpn ipsec advanced debug value (config)> where value is one of: none basic_auditing detailed_control generic_control raw_data sensitive_data IX10 User Guide...
  • Page 337 20. Save the configuration and apply the change: (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 338: Configure Ipsec Failover

    Virtual Private Networks (VPN) IPsec Configure IPsec failover There are two methods to configure the IX10 device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 339 See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line IX10 User Guide...
  • Page 340 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation IX10 User Guide...

  • Page 341: Configure Surelink Active Recovery For Ipsec

    To configure the IX10 device to regularly probe the IPsec connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 342 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 343 11. Click to expand Tests. By default, Test DNS servers configured for this interface is automatically configured and enabled. This test communication with DNS servers that are either provided by DHCP, or statically configured for this interface. IX10 User Guide...
  • Page 344 For example, to set Down time to ten minutes, enter 10m or 600s. Initial connection time: The amount of time to wait for the interface to connect for the first time before the test is considered to have failed. IX10 User Guide...
  • Page 345 100 to change the default gateway. Restart interface. b. Click . New recovery actions are enabled by default. To disable, click to toggle off Enable. c. Type a Label for the recovery action. d. For Recovery type, select Reboot device. IX10 User Guide...
  • Page 346 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. IX10 User Guide...
  • Page 347    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 348 Set the test type: (config vpn ipsec tunnel ipsec_example surelink tests 1)> test value (config vpn ipsec tunnel ipsec_example surelink tests 1)> where value is one of: ping: Uses ICMP to determine connectivity. If ping is selected, complete the following: IX10 User Guide...
  • Page 349 Failing this test infers that all other tests fail. If interface_up is set, complete the following: Set the amount of time that the interface is down before the test can be considered to have failed. IX10 User Guide...
  • Page 350 If tcp_connection is selected, complete the following: Set the hostname or IP address of the host to create a TCP connection to: (config vpn ipsec tunnel ipsec_example surelink tests 1)> tcp_host hostname/IP_address (config vpn ipsec tunnel ipsec_example surelink tests 1)> IX10 User Guide...
  • Page 351 The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). f. Repeat for each additional test. 6. Add recovery actions: a. Type ... to return to the root of the configuration: (config vpn ipsec tunnel ipsec_example surelink tests 1)> ... (config)> IX10 User Guide...
  • Page 352 (config vpn ipsec tunnel ipsec_example surelink actions 0)> modem_ action value (config vpn ipsec tunnel ipsec_example surelink actions 0)> WAN interfaces: (config vpn ipsec tunnel ipsec_example surelink actions 0)> action value (config vpn ipsec tunnel ipsec_example surelink actions 0)> IX10 User Guide...
  • Page 353 (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. IX10 User Guide...
  • Page 354 Set the number of attempts for this recovery action to perform, before moving to the next recovery action: (config vpn ipsec tunnel ipsec_example surelink actions 0)> max_attempts int (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. IX10 User Guide...
  • Page 355 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> g. Repeat for each additional recovery action. 7. Optional SureLink configuration parameters: IX10 User Guide...
  • Page 356 (config)> vpn ipsec tunnel ipsec_example surelink timeout 600s (config)> The default is 15s. f. Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. IX10 User Guide...

  • Page 357: Show Ipsec Status And Statistics

    > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show IPsec status and statistics    Web IX10 User Guide...

  • Page 358: Debug An Ipsec Configuration

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 359 Virtual Private Networks (VPN) IPsec 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 360: Configure A Simple Certificate Enrollment Protocol Client

    Virtual Private Networks (VPN) IPsec 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 361 The number of days that the certificate enrollment can be renewed, prior to the request expiring.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 362 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the IX10 device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 363 Click Use New Private Key to enable the creation of a new private key for renewal requests. c. Use Client Certificate is enabled by default. Click to disable the use of a client certificate for renewal requrests. 22. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 364 Virtual Private Networks (VPN) IPsec 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 365 The URL to the file name used to access the certificate revocation list from the crldp: The CRL distribution point. getCRL: A CRL query using the issuer name and serial number from the certificate whose revocation status is being queried. The default is url. IX10 User Guide...
  • Page 366 (config network scep_client scep_client_name)> polling_interval 600s (config network scep_client scep_client_name)> The default is 5s. 14. Set the bit size of the private key: (config network scep_client scep_client_name)> key_length int (config network scep_client scep_client_name)> The default is 2048. IX10 User Guide...

  • Page 367: Example: Scep Client Configuration With Fortinet Scep Server

    Type quit to disconnect from the device. Example: SCEP client configuration with Fortinet SCEP server In this example configuration, we will configure the IX10 device as a SCEP client that will connect to a Fortinet SCEP server. Fortinet configuration On the Fortinet server: 1.
  • Page 368 IX10 configuration On the IX10 device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 369 This value must match the setting of the Allow renewal x days before the certified is expired option on the Fortinet server. 7. (Optional) Click Debug to enable verbose logging in /var/log/scep_client. IX10 User Guide...
  • Page 370    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 371 (config network scep_client Fortinet_SCEP_client)> d. Set the Locality: (config network scep_client Fortinet_SCEP_client)> distinguished_name l value (config network scep_client Fortinet_SCEP_client)> e. Set the Organization: (config network scep_client Fortinet_SCEP_client)> distinguished_name o value (config network scep_client Fortinet_SCEP_client)> f. Set the Organizational Unit: IX10 User Guide...

  • Page 372: Show Scep Client Status And Information

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 373 Certificate Authority Certificate {3} ------------------------------------- Subject : CN=TA-SCEP-1-CA Issuer : CN=TA-SCEP-1-CA Serial : 681670E9EFB7FCB74E79C33DD9D54847 Expiry : Apr 25 13:36:42 2027 GMT Certificate Revocation List --------------------------- Issuer : CN=TA-SCEP-1-CA Last Update : May 23 13:27:21 2022 GMT > IX10 User Guide...
  • Page 374 Virtual Private Networks (VPN) IPsec 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 375: Openvpn

    OpenVPN clients. OpenVPN clients use Network Address Translation (NAT) to route traffic from devices connected on its LAN interfaces to the OpenVPN server. The manner in which the IP subnets are defined depends on the OpenVPN topology in use. The IX10 device supports two types of OpenVPN topology:...

  • Page 376: Configure An Openvpn Server

    Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The IX10 device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 377 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 378 6. If TUN (OpenVPN managed) or TAP - OpenVPN managed is selected for Device type: a. For Zone, select the firewall zone for the OpenVPN server. For TUN device types, this should be set to Internal to treat clients as LAN devices. IX10 User Guide...
  • Page 379 For Add Address, click . c. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. IX10 User Guide...
  • Page 380    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 381 LAN interfaces to the OpenVPN server. TAP - OpenVPN managed—Also know as bridging mode. A more advanced implementation of OpenVPN. The IX10 device creates an OpenVPN interface and uses standard interface configuration (for example, a standard DHCP server configuration).
  • Page 382 (config vpn openvpn server name)> autogenerate true (config vpn openvpn server name)> b. To create certificates externally and add them to the server (config vpn openvpn server name)> autogenerate false (config vpn openvpn server name)> The default setting is false. IX10 User Guide...
  • Page 383 (config vpn openvpn server name)> add acl address end value (config vpn openvpn server name)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. IX10 User Guide...
  • Page 384 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config vpn openvpn server name)> add acl interface end value (config vpn openvpn server name)>...

  • Page 385: Configure An Openvpn Authentication Group And User

    If username and password authentication is used for the OpenVPN server, you must create an OpenVPN authentication group and user. Configure an OpenVPN server for information about configuring an OpenVPN server to use username and password authentication. See IX10 user authentication for more information about creating authentication groups and users. IX10 User Guide...
  • Page 386 Virtual Private Networks (VPN) OpenVPN    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 387 Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. IX10 User Guide...
  • Page 388 OpenVPN d. Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. IX10 User Guide...
  • Page 389    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 390: Configure An Openvpn Client By Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 391 9. (Optional) For Username and Password, type the login credentials as configured on the OpenVPN server. 10. For OVPN file, paste the content of the client.ovpn file. IX10 User Guide...
  • Page 392    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 393: Configure An Openvpn Client Without Using An .Ovpn File

    Additional OpenVPN parameters. Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX10 User Guide...
  • Page 394 Virtual Private Networks (VPN) OpenVPN 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 395 15. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 396 To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Format: dynamic_routes edge external internal ipsec loopback setup Current value: (config vpn openvpn client name)> IX10 User Guide...
  • Page 397 (config vpn openvpn client name)> advanced_options enable true (config vpn openvpn client name)> b. Configure whether the additional OpenVPN parameters should override default options: (config vpn openvpn client name)> advanced_options override true (config vpn openvpn client name)> IX10 User Guide...

  • Page 398: Configure Surelink Active Recovery For Openvpn

    To configure the IX10 device to regularly probe the OpenVPN connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 399 Configure an OpenVPN client by using an .ovpn file Configure an OpenVPN client without using an .ovpn file. To edit an existing OpenVPN client, click to expand the appropriate client. 5. After creating or selecting the OpenVPN client, click SureLink. IX10 User Guide...
  • Page 400 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. IX10 User Guide...
  • Page 401 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: IX10 User Guide...
  • Page 402 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: IX10 User Guide...
  • Page 403 Powercycle the modem. This recovery action is available for WWAN interfaces only. If Powercycle the modem is selected, complete the following: Attempts: The number of attempts for this recovery action to perform, before moving to the next recovery action. IX10 User Guide...
  • Page 404    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 405 Uses ICMP to determine connectivity. If ping is selected, complete the following: Set the ping_method: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_method value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is one of: IX10 User Guide...
  • Page 406 (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. IX10 User Guide...
  • Page 407 Set the TCP port to create a TCP connection to. (config vpn openvpn client openvpn_client1 surelink tests 1)> tcp_port port (config vpn openvpn client openvpn_client1 surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: IX10 User Guide...
  • Page 408 (config)> add vpn openvpn client openvpn_client1 surelink actions end (config vpn openvpn client openvpn_client1 surelink actions 0)> c. New actions are enabled by default. To disable: (config vpn openvpn client openvpn_client1 surelink actions 0)> enable false (config vpn openvpn client openvpn_client1 surelink actions 0)> IX10 User Guide...
  • Page 409 (config vpn openvpn client openvpn_client1 surelink actions 0)> modem_action value (config vpn openvpn client openvpn_client1 surelink actions 0)> where value is one of: update_routing_table: Increases the interface's metric to change the default gateway. If update_routing_table is selected, complete the following: IX10 User Guide...
  • Page 410 (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> reset_modem: This recovery action is available for WWAN interfaces only. If reset_modem is selected, complete the following: IX10 User Guide...
  • Page 411 0)> max_attempts int (config vpn openvpn client openvpn_client1 surelink actions 0)> The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. IX10 User Guide...
  • Page 412 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> g. Repeat for each additional recovery action. IX10 User Guide...
  • Page 413 For example, to set timeout to ten minutes, enter either 10m or 600s: (config)> vpn openvpn client openvpn_client1 surelink timeout 600s (config)> The default is 15s. IX10 User Guide...
  • Page 414 (config vpn openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 415: Show Openvpn Server Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 416: Show Openvpn Client Status And Statistics

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 417 : udp Port : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 418: Generic Routing Encapsulation (Gre)

    Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 419    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 420 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 421    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 422 8. (Optional) Enable the device to reply to Cisco GRE keepalive packets: (config vpn iptunnel gre_example)> keepalive true (config vpn iptunnel gre_example)> 9. Save the configuration and apply the change: (config vpn iptunnel gre_example)> save Configuration saved. > IX10 User Guide...
  • Page 423 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 424: Show Gre Tunnels

    To view information about currently configured GRE tunnels:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.

  • Page 425: Example: Gre Tunnel Over An Ipsec Tunnel

    Example: GRE tunnel over an IPSec tunnel The IX10 device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 426 Configure the IX10-1 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 427 5. Click to expand Authentication. 6. For Pre-shared key, type testkey. 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the IX10-2 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 428    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 429 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 430 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). IX10 User Guide...
  • Page 431 (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX10-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)>...
  • Page 432 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface1: (config)> add network interface gre_interface1 (config network interface gre_interface1)> IX10 User Guide...
  • Page 433 Configure the IX10-2 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 434 3. Click VPN > IPsec > Tunnels. 4. For Add IPsec Tunnel, type ipsec_gre2 and click . 5. Click to expand Authentication. 6. For Pre-shared key, type the same pre-shared key that was configured for the IX10-1 (testkey). 7. Click to expand Remote endpoint.
  • Page 435    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 436 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 437 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). IX10 User Guide...
  • Page 438 (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on IX10-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel2)>...
  • Page 439 7. Click Apply to save the configuration and apply the change.    Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> IX10 User Guide...

  • Page 440: Dynamic Multipoint Vpn (Dmvpn)

    This is achieved by the creation of a dynamic GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke IX10 User Guide...

  • Page 441: Configure A Dmvpn Spoke

    Configure a DMVPN spoke To configure a DMVPN spoke:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 442 For Zone, select Internal. d. For Device, select the IP tunnel created above. e. Click to expand IPv4. f. For Address, type the IP address and netmask of the tunnel. The netmask must be set to IX10 User Guide...
  • Page 443 For Tunnel, select the IP tunnel created above. i. Click to expand Next hop servers. j. Click  to add a server. k. For NBMA address, type the hostname or IP address of the node that will be the next hop IX10 User Guide...
  • Page 444 For IP address, type the IP address of the hub. h. Click to toggle on eBGP multihop. 7. Repeat to add additional spokes. 8. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 445 Virtual Private Networks (VPN) Dynamic Multipoint VPN (DMVPN) 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 446 (config network route service nhrp network 0)> tunnel /vpn/iptunnel/dmvpn_tunnel (config network route service nhrp network 0)> g. Add a net hop server: (config network route service nhrp network 0)> add nhs end (config network route service nhrp network 0 nhs 0)>- IX10 User Guide...
  • Page 447 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 448: L2Tp

    Optional configuration data in the format of a pppd options file.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: IX10 User Guide...
  • Page 449 Virtual Private Networks (VPN) L2TP Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
  • Page 450 No limit to IPv6 addresses that can access the service-type. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces. b. For Add Interface, click .
  • Page 451    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 452 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add vpn l2tp acl interface end value (config)>...
  • Page 453 (config add vpn l2tp lac name)> where name is the name of the LAC. For example, to add an LAC named lac_tunnel: (config)> add vpn l2tp lac lac_tunnel (config vpn l2tp lac lac_tunnel)> LACs are enabled by default. To disable: IX10 User Guide...
  • Page 454 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: IX10 User Guide...
  • Page 455 (config vpn l2tp lns lns_server)> This can also be: A range of IP addresses, using the format x.x.x.x-y.y.y.y, for example 192.168.188.1- 192.168.188.254. The keyword any, which means that the server will accept connections from any IP address. IX10 User Guide...
  • Page 456 Use the ? to determine available zones: (config vpn l2tp lns lns_server)> zone ? Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: IX10 User Guide...

  • Page 457: L2Tp With Ipsec

    L2TP is commonly used in conjunction with IPsec in transport mode (to provide security). Your IX10 supoorts L2TP with IPsec by configuring a transport-mode IPsec tunnel between the two endpoints, and then an L2TP tunnel with its LNS and LAC configured the same as the IPsec tunnel’s endpoints.

  • Page 458: Show L2Tp Tunnel Status

    Show the status of L2TP access connectors from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 459: L2Tpv3 Ethernet

    Show the status of L2TP network servers from the Admin CLI 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 460: Configure An L2Tpv3 Tunnel

    The Layer2SpecificHeader type. The Sequence numbering control.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 461 Send: Add a sequence number to each outgoing packet. Receive: Reorder packets if they are received out of order. Both: Add a sequence number to each outgoing packet, and reorder packets if they are received out of order. IX10 User Guide...
  • Page 462    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 463 Allowed value is 8 or 16 hex digits. 13. (Optional) Set the cookie value of the remote peer: (config vpn l2tpeth L2TPv3_example session_example)> peer cookie value (config vpn l2tpeth L2TPv3_example session_example)> Allowed value is 8 or 16 hex digits. IX10 User Guide...

  • Page 464: Show L2Tpv3 Tunnel Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 465: Nemo

    Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the IX10 device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.

  • Page 466: Configure A Nemo Tunnel

    If the local network is set to Interface, identify the local interface to be used.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
  • Page 467 4. For Home IP address, type the IPv4 address of the NEMO virtual network interface. 5. For Zone, select Internal. The Internal firewall zone configures the IX10 device to trust traffic going to the tunnel and allows it through the network.
  • Page 468 10. For MTU discovery, leave enabled to determine the maximum transmission unit (MTU) size. If disabled, for MTU, type the MTU size. The default MTU size for LANs on the IX10 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 469 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the IX10 device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 470 Virtual Private Networks (VPN) NEMO The Internal firewall zone configures the IX10 device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network. a. Set the method to determine the Care-of-Address: (config vpn nemo nemo_example)>...

  • Page 471: Show Nemo Status

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 472 ---------- lan1 192.168.2.1/24 Advertized LAN2 192.168.3.1/24 Advertized > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
  • Page 473 Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Enable service discovery (mDNS) Use the MQTT broker service Use the iPerf service Configure the ping responder service IX10 User Guide...

  • Page 474: Allow Remote Access For Web Administration And Ssh

    Add the External firewall zone to the web administration service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 475    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 476 Type quit to disconnect from the device. Add the External firewall zone to the SSH service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 477 Services Allow remote access for web administration and SSH 4. For Add Zone, click . 5. Select External. 6. Click Apply to save the configuration and apply the change. IX10 User Guide...

  • Page 478: Configure The Web Administration Service

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 479 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 480 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 481 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 482 9. Legacy port redirection is used to redirect client HTTP requests to the HTTPS service. Legacy port redirection is enabled by default, and normally these settings should not be changed. To disable legacy port redirection, click to expand Legacy port redirection and deselect Enable. IX10 User Guide...
  • Page 483    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 484 4. (Optional) If you have your own signed SSL certificate, if you have your own signed SSL certificate, set the certificate and private key by pasting their contents into the service web_ admin cert command. Enclose the certificate and private key contents in quotes ("). (config)> service web_admin cert "ssl-cert-and-private-key" (config)> IX10 User Guide...
  • Page 485 (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ 1fsnD8KDS43Wg57+far9fQ2MIHsgnoAGz+w6PIKJR594y/MfqQffDFNCh2lJY49F hOqEtA5B9TyXRKwoa3j/lIC/t5cpIBcCAwEAAaNTMFEwHQYDVR0OBBYEFDVtrWBH E1ZcBg9TRRxMn7chKYjXMB8GA1UdIwQYMBaAFDVtrWBHE1ZcBg9TRRxMn7chKYjX MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp IX10 User Guide...
  • Page 486 The default setting of 443 normally should not be changed. (config)> service web_admin port 444 (config)> 7. (Optional) Set the minimum TLS version that can be used by client to negotiate the HTTPS session: (config)> service web_admin legacy_encryption value (config)> where value is one of: IX10 User Guide...
  • Page 487 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 488: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 489    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 490 Services Configure SSH access    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 491 No limit to IPv6 addresses that can access the SSH service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 492    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 493 ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. 4. (Optional) Set the private key in PEM format. If not set, the device will use an automatically- generated key. IX10 User Guide...
  • Page 494 (config)> service ssh custom config_file value (config)> where value is one or more entires in the form of an OpenSSH sshd_config file. For example, to enable the diffie-helman-group-sha-14 key exchange algorithm: (config)> service ssh custom config_file "KexAlgorithms +diffie- hellman-group14-sha1" (config)> IX10 User Guide...
  • Page 495 8. Save the configuration and apply the change: (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 496: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 497 These instructions assume an existing user named temp_user. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.
  • Page 498 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 499: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 500 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX10 User Guide...
  • Page 501 Configure telnet access 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 502    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 503 No limit to IPv6 addresses that can access the telnet service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service telnet acl interface end value (config)>...

  • Page 504: Configure Dns

    Type quit to disconnect from the device. Configure DNS The IX10 device includes a caching DNS server which forwards queries to the DNS servers that are associated with the network interfaces, and caches the results. This server is used within the device, and cannot be disabled.
  • Page 505 192.168.210.1 IP address. To configure the DNS server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 506 No limit to IPv6 addresses that can access the DNS service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 507    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 508 Services Configure DNS To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service dns acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ...
  • Page 509 (config service dns server 0)> c. To restrict the device's use of this DNS server based on the domain, use the domain command. If no domain are listed, then all queries may be sent to this server. IX10 User Guide...

  • Page 510: Show Dns Server

      Command line Show DNS information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 511 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 512: Simple Network Management Protocol (Snmp)

    Enable Multicast DNS (mDNS) support. To configure the SNMP agent on your IX10 device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 513 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SNMP agent. d. Click  again to list additional IP addresses or networks. IX10 User Guide...
  • Page 514    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 515 No limit to IPv6 addresses that can access the SNMP service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service snmp acl interface end value (config)>...
  • Page 516 9. (Optional) Set the authentication type. Allowed values are MD5 or SHA. The default is MD5. (config)> service snmp auth_type SHA (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. IX10 User Guide...

  • Page 517: Download Mibs

    To download a .zip archive of the SNMP MIBs supported by this device:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the IX10 device.
  • Page 518 Services Simple Network Management Protocol (SNMP) The SNMP page is displayed. 4. Click Download. IX10 User Guide...

  • Page 519: Location Information

    Location messages forwarded to the device from other location-enabled devices. You can also configure your IX10 device to forward location messages, either from the IX10 device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.

  • Page 520: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 521    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 522: Enable Or Disable Modem Gnss Support

    To disable support for the modem's GNSS receiver, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 523    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 524: Configure The Device To Use A User-Defined Static Location

    You can configured your IX10 device to use a user-defined static location.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 525    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 526 9. Save the configuration and apply the change: (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 527: Configure The Device To Accept Location Messages From External Sources

    To configure the device to accept location messages from external sources:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 528 No limit to IPv6 addresses that can access the location server UDP port. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 529    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 530: Forward Location Information To A Remote Host

    Configure the IX10 device to forward location information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 531 GGA: Reports time, position, and fix related data. GLL: Reports position data: position fix, time of position fix, and status. GSA: Reports GPS DOP and active satellites. GSV: Reports the number of SVs in view, PRN, elevation, azimuth, and SNR. IX10 User Guide...
  • Page 532 13. (Optional) For Prepend text, enter text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the IX10 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 533 Services Location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 534 9. (Optional) Set the text to prepend to the forwarded message. Two variables can be included in the prepended text: %s: Includes the IX10 device's serial number in the prepended text. %v: Includes the vehicle ID in the prepended text.
  • Page 535 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. IX10 User Guide...

  • Page 536: Configure Geofencing

    Type quit to disconnect from the device. Configure geofencing Geofencing is a mechanism to create a virtual perimeter that allows you configure your IX10 device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 537 Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 538 6. For Boundary type, select the type of boundary that the geofence will have. If Circular is selected: a. Click to expand Center. b. Type the Latitude and Longitude of the center point of the circle. Allowed values are: IX10 User Guide...
  • Page 539 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following:...
  • Page 540 1MB or 1M. vi. Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. IX10 User Guide...
  • Page 541 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change. IX10 User Guide...
  • Page 542    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 543 Configure additional vortices: (config service location geofence test_geofence coordinates 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int IX10 User Guide...
  • Page 544 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 545 Add the action: (config)> add service location geofence test_geofence on_ entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value IX10 User Guide...
  • Page 546 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> IX10 User Guide...
  • Page 547 (config)> add service location geofence test_geofence on_exit action end (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> IX10 User Guide...
  • Page 548 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: IX10 User Guide...

  • Page 549: Show Location Information

      Command line Show location information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 550: Modbus Gateway

    Type quit to disconnect from the device. Show geofence information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 551: Configure The Modbus Gateway

    The maximum time between bytes in a packets. Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. IX10 User Guide...
  • Page 552 Whether packets should have their Modbus address adjusted downward before to delivery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 553 For Port, enter or select an appropriate port. The default is port 502. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX10 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 554 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 555 Modbus server is running. If Serial is selected for Connection type: a. For Serial port, select the appropriate serial port on the IX10 device. 5. For Packet mode, select RTU or RAW (if Connection type is set to Socket) or ASCII (if Connection typeis set to Serial) for the type of packet that will be used by this connection.
  • Page 556 No limit to IPv6 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 557    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 558 (config service modbus_gateway server test_modbus_server)> where value is either rtu or raw. The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> IX10 User Guide...
  • Page 559 (config service modbus_gateway server test_modbus_ server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. IX10 User Guide...
  • Page 560 (config service modbus_gateway client test_modbus_client)> where type is either socket or serial. The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> IX10 User Guide...
  • Page 561 600s (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> IX10 User Guide...
  • Page 562 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: IX10 User Guide...
  • Page 563 (config service modbus_gateway client test_modbus_client)> filter 1 50-100 (config service modbus_gateway client test_modbus_client)> g. If request messages handled by this client should always be forwarded to a specific device, , use fixed_server_address to set the device's Modbus address: IX10 User Guide...

  • Page 564: Show Modbus Gateway Status And Statistics

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show Modbus gateway status and statistics You can view status and statistics about location information from either the WebUI or the command line.    Web IX10 User Guide...
  • Page 565    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 566 Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_socket_21 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses IX10 User Guide...
  • Page 567 Modbus gateway RX Timeouts TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 568: System Time

    Additional Configuration Options Additional upstream NTP servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 569 4. (Optional) For Timezone, select either UTC or select the location nearest to your current location to set the timezone for your IX10 device. The default is UTC. 5. (Optional) Add upstream NTP servers that the device will use to synchronize its time. The default setting is time.devicecloud.com.
  • Page 570 Services System time 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 571    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 572: Manually Set The System Date And Time

    Services Network Time Protocol 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 573: Configure The Device As An Ntp Server

    The time zone setting, if the default setting of UTC is not appropriate. To configure the IX10 device's NTP service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 574 3. Click Services > NTP. 4. Enable the IX10 device's NTP service by clicking Enable. 5. (Optional) Configure the access control list to limit downstream access to the IX10 device's NTP service. To limit access to specified IPv4 addresses and networks: a.
  • Page 575    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 576 5. Allow the device's local system clock to be used as backup time source: (config)> service ntp local true (config)> 6. (Optional) Configure the access control list to limit downstream access to the IX10 device's NTP service. To limit access to specified IPv4 addresses and networks: (config)>...
  • Page 577 No limit to IPv6 addresses that can access the NTP server agent. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service ntp acl interface end value (config)>...

  • Page 578: Show Status And Statistics Of The Ntp Server

    By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the IX10 device can use the NTP service. 7. (Optional) Set the timezone for the location of your IX10 device. The default is UTC. (config)> system time timezone value (config)>...

  • Page 579: Configure A Multicast Route

    To configure a multicast route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 580 9. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 581 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 7. Set a destination interface that the IX10 device will send mutlicast packets to: a. Use the ? to determine available interfaces: b. Set the interface. For example: (config service multicast test)>...

  • Page 582: Enable Service Discovery (Mdns)

    You can enable the IX10 device to use mDNS.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 583    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 584 No limit to IPv6 addresses that can access the mDNS service. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service mdns acl interface end value (config)>...

  • Page 585: Use The Mqtt Broker Service

    MQTT is a lightweight publish/subscribe messaging protocol for the Internet of Things (IoT) applications, designed to connect devices using a small footprint and minimum network bandwidth. Your IX10 device includes an MQTT broker service that serves as an intermediary between MQTT clients. The broker receives and distributes client messages.
  • Page 586 Whether to allow clients that have no client ID to connect. Whether replace the client's ID with its username.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 587 No limit to IPv6 addresses that can access the iperf service. d. Click  again to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: a. Click Interfaces.
  • Page 588 For Access, select the level of access that the client will have: Read Write Read/write Deny v. Click  again to add additional topics. e. Click  again to add additional clients. 12. Click to expand Encryption. 13. For Type, select either None or PSK. IX10 User Guide...
  • Page 589 For Access, select the level of access that the client will have: Read Write Read/write Deny e. Click  again to add additional topics. 15. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 590 Services Use the MQTT broker service 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 591 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. IX10 User Guide...
  • Page 592 (config service mqtt client 0 topic_acl 0)> ii. Set the topic: (config service mqtt client 0 topic_acl 0)> topic value (config service mqtt client 0 topic_acl 0)> where value is one of: The topic. The signal level wildcard, +. The multi-level wildcard, #. IX10 User Guide...
  • Page 593 Enable the PSK identity sent by the client to be used as its username: (config)> service mqtt encryption use_identity_as_username true (config)> c. Set the pre-shared keys: i. Add a pre-shared key: (config)> add service mqtt encryption psk end (config service mqtt encryption psk 0)> IX10 User Guide...
  • Page 594 The signal level wildcard, +. The multi-level wildcard, #. d. Set the access type to apply to the topic: (config service mqtt topic_acl anonymous 0)> access value (config service mqtt topic_acl anonymous 0)> where value is one of: deny read IX10 User Guide...
  • Page 595 The default is readwrite. e. Add additional topics: (config service mqtt topic_acl pattern 0)> add ..pattern end (config service mqtt topic_acl pattern 1)> f. Repeat the above steps to set the topic and access type. IX10 User Guide...

  • Page 596: Show Mqtt Broker Information

      Command line Show MQTT broker information 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 597: Use The Iperf Service

    Type quit to disconnect from the device. Use the iPerf service Your IX10 device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 598 To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 599    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 600 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service iperf acl interface end value (config)>...
  • Page 601 Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. 6. Save the configuration and apply the change: (config)> save Configuration saved. > IX10 User Guide...

  • Page 602: Example Performance Test Using Iperf3

    IP address, interfaces, and/or zones. To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 603 For Add Address, click . c. For Address, enter the IPv6 address or network that can access the device's ping responder. Allowed values are: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. IX10 User Guide...
  • Page 604    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 605 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the IX10 device: (config)> add service iperf acl interface end value (config)>...

  • Page 606: Example Performance Test Using Iperf3

    Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the IX10 device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 607 Applications The IX10 supports Python 3.6 and provides you with the ability to run Python applications on the device interactively or from a file. You can also specify Python applications and other scripts to be run each time the device system restarts, at specific intervals, or at a specified time.

  • Page 608: Develop Python Applications

    Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. Create and test a Python application. In addition to the standard Python library, the IX10 includes a set of extensions to access its configuration and interfaces. See Python modules.

  • Page 609: Set Up The Ix10 For Python Development

    Set up the IX10 for Python development 1. Access the IX10 local web interface a. Use an Ethernet cable to connect the IX10 to your local laptop or PC.  The factory default IP address is 192.168.2.1 b. Log into the IX10 WebUI as a user with full admin access rights.
  • Page 610 IX10. Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.
  • Page 611 """ def handle(self): # self.request is the TCP socket connected to the client self.data = self.request.recv(1024).strip() print("{} wrote:".format(self.client_address[0])) print(self.data) # just send back the same data, but upper-cased self.request.sendall(self.data.upper()) IX10 User Guide...
  • Page 612 Create a custom firewall rule    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 613: Python Modules

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 614 Digidevice module section. Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: IX10 User Guide...
  • Page 615 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 616 Get help executing a CLI command from Python by accessing help for cli.execute: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 617 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 618 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 619 Read the device configuration 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 620 Use the set() and commit() methods to modify the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 621 Get help for reading and modifying the device configuration by accessing help for digidevice.config: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 622 Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices. Use Remote Manager's SCI interface to create SCI requests that are sent to your IX10 device, and use the device_request module to send responses to those requests to Remote Manager.
  • Page 623 >>> In Remote Manager, you will receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="myTarget" status="0">OK</device_request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request IX10 User Guide...
  • Page 624 This can be done from either the WebUI or the command line:    Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. ii. Access the device configuration: Remote Manager: i.
  • Page 625 For Label, type Show system application. vi. For Run mode, select On boot. vii. For Exit action, select Restart script. viii. For Commands, type python /etc/config/scripts/showsystem.py. ix. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 626 Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 627 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 628 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi IX10 Serial Number : IX10-000068 Hostname : IX10 : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 23.3.31.129...
  • Page 629 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 630 Use the keys() and get() methods to read the device configuration: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 631 Use the set() method to modify the runtime database: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 632 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 633 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 634 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 635 Determine if the device's location 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 636 You can update this snapsot: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 637 "quality": "Standard GNSS (2D/3D)", "selected_source_idx": "0", "source": "USB (/dev/ttyACM0)", "source_idx.0.altitude": "273.200012", "source_idx.0.direction": "None", "source_idx.0.horizontal_velocity": "0.195489", "source_idx.0.label": "usb", "source_idx.0.latitude": "44.902662", "source_idx.0.latitude.deg_min_sec": "44* 55' 45.065\" N", "source_idx.0.longitude": "-93.560648", "source_idx.0.longitude.deg_min_sec": "93* 16' 52.966\" W", "source_idx.0.num_satellites": "12", "source_idx.0.quality": "Standard GNSS (2D/3D)", IX10 User Guide...
  • Page 638 Get help for the digidevice location module: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 639 Develop Python applications 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.
  • Page 640 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). The digidevice led submodule Use the led submodule to redefine the purpose of any front-panel LED on the IX10 device. With this submodule, you can: Gain control of the LED with the led.acquire() function.
  • Page 641 3. Import the Led and State objects from the led submodule: >>> from digidevice.led import Led, State 4. Use led.acquire() to gain control of the all LEDs: >>> led.acquire(Led.ALL) 5. Use led.set() to set the state of the LEDs: >>> led.set(Led.ALL, State.FLASH) IX10 User Guide...

  • Page 642: The Use(Led) Function

    Use Python to control the color of multi-colored LEDs One or more LEDs in the IX10 are RGB (red, green, and blue) LEDs, capable of producing a wide range of colors. You can use the digidevice.led Python module to control the color as well as the state of these LEDs.
  • Page 643 Led.COM Blue Led.ETH Led.ONLINE Led.COM Blue flashing Led.ETH Led.ONLINE FLASH Led.COM White Led.ETH Led.ONLINE Led.COM White flashing FLASH Led.ETH FLASH Led.ONLINE FLASH Led.COM Yellow Led.ETH Led.ONLINE Led.COM Yellow flashing FLASH Led.ETH FLASH Led.ONLINE Led.COM Purple Led.ETH Led.ONLINE IX10 User Guide...

  • Page 644: Example: Set The Lte Connection Indicator To Flashing Purple

    FLASH The digidevice led submodule for a definition of the IX10's LEDs, including RGB leds, and the names of the attributes for each LED that will be used by the digidevice.led module. Example: Set the LTE connection indicator to flashing purple 1.
  • Page 645 SMS scripting. Enable the ability to schedule SMS scripting    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 646    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 647 # a CLI command. Send a reponse SMS to the sender before running the command import os import threading import sys from digidevice import cli from digidevice.sms import Callback, send COND = threading.Condition() allowed_incoming_phone_number = '2223334444' def sms_test_callback(sms, info): if info['content.number'] == allowed_incoming_phone_number: print(f"SMS message from {info['content.number']} received") IX10 User Guide...
  • Page 648 SMS messages") os._exit(0) Use Python to access serial ports You can use the Python serial module to access serial ports on your IX10 device that are configured to be in Application mode. See Configure Application mode for information about configuring a serial port in Application mode.
  • Page 649 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use the Paho MQTT python library Your IX10 device includes support for the Paho MQTT python library. MQTT is a lightweight messaging protocol used to communicate with various applications including cloud-based applications such as Amazon Web Services and Microsoft Azure.
  • Page 650 HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): path = cmd_path[len(PREFIX_CMD):] IX10 User Guide...
  • Page 651 {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) def publish_dhcp_leases(): IX10 User Guide...
  • Page 652 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) IX10 User Guide...

  • Page 653: Set Up The Ix10 To Automatically Run Your Applications

    Applications Set up the IX10 to automatically run your applications Set up the IX10 to automatically run your applications This section contains the following topics: Configure scripts to run automatically Show script information Stop a script that is currently running...
  • Page 654    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 655 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 656 Applications Set up the IX10 to automatically run your applications 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off.
  • Page 657    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 658 Applications Set up the IX10 to automatically run your applications 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)>...
  • Page 659 Applications Set up the IX10 to automatically run your applications (Optional) Configure the script to run only a single instance at a time: (config system schedule script 0)> once true (config system schedule script 0)> If once is set to false, a new instance of the script will be started at every interval, regardless of whether the script is still running from a previous interval.

  • Page 660: Show Script Information

    You can view status and statistics about location information from either the WebUI or the command line.    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. At the Status page, click Scripts. The Scripts page displays: ...

  • Page 661: Stop A Script That Is Currently Running

    Applications Set up the IX10 to automatically run your applications 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 662: Start An Interactive Python Session

    1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.

  • Page 663: Run A Python Application At The Shell Prompt

    1. Upload the Python application to the IX10 device:    Web a. Log into the IX10 WebUI as a user with Admin access. b. On the menu, click System. Under Administration, click File System. The File System page appears. c. Highlight the scripts directory and click  to open the directory.

  • Page 664: Configure Scripts To Run Manually

    You can also create scripts by using the vi command when logged in with shell access. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.

  • Page 665: Task One: Upload The Application

    Task one: Upload the application    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the menu, click System. Under Administration, click File System. The File System page appears. 3. Highlight the scripts directory and click  to open the directory.

  • Page 666: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 667 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click . The script configuration window is displayed. Custom scripts are enabled by default. To disable, toggle off Enable to toggle off. 5. (Optional) For Label, provide a label for the script. IX10 User Guide...
  • Page 668    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 669 (config system schedule script 0)> max_memory value (config system schedule script 0)> where value uses the syntax number{b|bytes|KB|k|MB|MB|M|GB|G|TB|T}. 9. To run the script only once at the specified time: (config system schedule script 0)> once true (config system schedule script 0)> IX10 User Guide...

  • Page 670: Start A Manual Script

    3. For scripts that are enabled and configured to have a run mode of Manual, click Start Script to start the script.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 671 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 672: User Authentication

    User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for IX10 users Example user configuration IX10 User Guide...

  • Page 673: Ix10 User Authentication

    User authentication IX10 user authentication IX10 user authentication User authentication on the IX10 has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes. Determines how long a user session can be idle before the system automatically disconnects.
  • Page 674 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. IX10 User Guide...

  • Page 675: Add A New Authentication Method

    The types of authentication method to be used: To add an authentication method:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 676 This procedure describes how to add methods to various places in the list. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 677: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 678    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 679: Rearrange The Position Of Authentication Methods

    For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 680    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 681: Authentication Groups

    Disable shell access for more information about the Allow shell parameter. Serial access: Users with Serial access have the ability to log into the IX10 device by using the serial console. Preconfigured authentication groups The IX10 device has two preconfigured authentication groups:...
  • Page 682 The preconfigured authentication groups cannot be deleted, but the access rights defined for the group are configurable. This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group IX10 User Guide...

  • Page 683: Change The Access Rights For A Predefined Group

    By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 684    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 685: Add An Authentication Group

    (config)> where value is either: full: provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 686 Access rights to query the device for Nagios monitoring. To add an authentication group:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 687 Full access or Read-only access. where value is either: Full access full: provides users of this group with the ability to manage the IX10 device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 688    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 689 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> IX10 User Guide...

  • Page 690: Delete An Authentication Group

    To delete an authentication group that you have created:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 691    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 692: Local Users

    TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each IX10 device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.

  • Page 693: Change A Local User's Password

    Change a local user's password To change a user's password:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 694    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 695: Configure A Local User

    Whether to allow passcode reuse (time based verification only). The passcode refresh interval (time based verification only). The valid code window size. The login limit. The login limit period. One-time use eight-digit emergency scratch codes. To configure a local user:    Web IX10 User Guide...
  • Page 696 User authentication Local users 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 697 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. a. Click to expand Groups. b. For Add Group, click . c. For Group, select an appropriate group. IX10 User Guide...
  • Page 698 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Login limit period to ten minutes, enter 10m or 600s. j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch code: IX10 User Guide...
  • Page 699    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 700 Where n is index number of the authentication method to be deleted. For example, to delete the serial group as displayed by the example show command, above: (config auth user new_user)> del group 1 (config auth user new_user)> 8. (Optional) Add SSH keys for the user to use passwordless SSH login: IX10 User Guide...
  • Page 701 For time-based verification only, configure the code refresh interval. This is the amount of time that a code will remain valid. (config auth user new_user 2fa)> refresh_interval value (config auth user new_user 2fa)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. IX10 User Guide...
  • Page 702 (config auth user new_user 2fa scratch_code)> add end code (config auth user new_user 2fa scratch_code)> Where code is an digit number, with a minimum of 10000000. iii. To add additional scratch codes, use the add end code command again. IX10 User Guide...

  • Page 703: Delete A Local User

    Delete a local user To delete a user from your IX10:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 704    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 705: Terminal Access Controller Access-Control System Plus (Tacacs+)

    With TACACS+ support, the IX10 device acts as a TACACS+ client, which sends user credentials and connection parameters to a TACACS+ server over TCP. The TACACS+ server then authenticates the TACACS+ client requests and sends back a response message to the device.

  • Page 706: Tacacs+ User Configuration

    The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your IX10. Alternatively, if the user is also configured as a local user on the IX10 device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.

  • Page 707: Tacacs+ Server Failover And Fallback To Local Authentication

    $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your IX10 device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 708 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 709 TACACS+ login fails. 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the IX10 authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf...
  • Page 710    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 711 10. Save the configuration and apply the change: (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 712: Remote Authentication Dial-In User Service (Radius)

    To use RADIUS authentication, you must set up a RADIUS server that is accessible by the IX10 device prior to configuration. The process of setting up a RADIUS server varies by the server environment. An example of a RADIUS server is FreeRADIUS.

  • Page 713: Radius User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional RADIUS servers can be configured as backup servers for user authentication. This section outlines how to configure a RADIUS server to be used for user authentication on your IX10 device.

  • Page 714: Configure Your Ix10 Device To Use A Radius Server

    60 seconds. Enable additional debug messages from the RADIUS client.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 715 For Timeout, type or select the amount of time in seconds to wait for the RADIUS server to respond. Allowed value is any integer from 3 to 60. The default value is 3. f. (Optional) Click  again to add additional RADIUS servers. IX10 User Guide...
  • Page 716    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 717 You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the IX10 device by using the WebUI, the default value is for NAS ID is httpd.

  • Page 718: Ldap

    When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the IX10 device prior to configuration. The process of setting up a LDAP server varies by the server environment.

  • Page 719: Ldap User Configuration

    (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication. This section outlines how to configure a LDAP server to be used for user authentication on your IX10 device.

  • Page 720: Ldap Server Failover And Fallback To Local Configuration

    LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your IX10 device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 721 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 722 11. For Login attribute, enter the user attribute containing the login of the authenticated user. For example, in the LDAP user configuration, the login attribute is uid. If this attribute is not set, the user will be denied access. IX10 User Guide...
  • Page 723    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 724 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of IX10 authentication groups that the authenticated user has access to. See...

  • Page 725: Configure Serial Authentication

    15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure serial authentication This section describes how to configure authentication for serial access.    Web IX10 User Guide...
  • Page 726 User authentication Configure serial authentication 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 727    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 728: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 729    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 730: Set The Idle Timeout For Ix10 Users

    By default, the Idle timeout is set to 10 minutes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 731    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 732 User authentication Set the idle timeout for IX10 users (config)> auth idle_timeout 600s (config)> 4. Save the configuration and apply the change: (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 733: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 734    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 735 (config auth user adminuser)> password pwd (config auth user adminuser)> 7. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> 8. Save the configuration and apply the change: IX10 User Guide...

  • Page 736: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the IX10 device, user authentication will occur in the following order: 1. The user is authenticated by the RADIUS server. If the RADIUS server is unavailable, 2.
  • Page 737 The authentication group on the IX10 device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
  • Page 738 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 739 1. Configure a user on the RADIUS server: a. On the ubuntu machine hosting the FreeRadius server, open the /etc/freeradius/3.0/users file: $ sudo gedit /etc/freeradius/3.0/users b. Add a RADIUS user to the users file: admin1 Cleartext-Password := "password1" Unix-FTP-Group-Names := "admin" IX10 User Guide...
  • Page 740 Save and close the tac_plus.conf file. 3. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 741 Assign a password to the user: (config auth user adminuser)> password password1 (config auth user adminuser)> c. Assign the user to the admin group: (config auth user adminuser)> add group end admin (config auth user adminuser)> IX10 User Guide...
  • Page 742 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
  • Page 743 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering IX10 User Guide...

  • Page 744: Firewall Configuration

    To create a zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 745    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...

  • Page 746: Configure The Firewall Zone For A Network Interface

    This example procedure uses an existing network interface named ETH and changes the firewall zone from the default zone, Internal, to External.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 747    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 748: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 749: Port Forwarding Rules

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 750: Configure Port Forwarding

    To configure a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 751 11. For Destination Port(s), type the port number, comma-separated list of port numbers, or range of port numbers on the server to which traffic should be forwarded. For example, to forward traffic to ports one, three, and five through ten, enter: 1, 3, 5-10. IX10 User Guide...
  • Page 752    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 753 IP address or firewall zone, change to the acl node: (config firewall dnat 0)> acl (config firewall dnat 0 acl)> To white list an IP address: For IPv4 addresses: (config firewall dnat 0 acl> add address end ip-address (config firewall dnat 0 acl)> IX10 User Guide...

  • Page 754: Delete A Port Forwarding Rule

    Type quit to disconnect from the device. Delete a port forwarding rule To delete a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. IX10 User Guide...
  • Page 755    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 756 5. Save the configuration and apply the change: (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 757: Packet Filtering

    ICMP6 To configure a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 758 Firewall configuration for more information about firewall zones. 9. For Destination zone, select the firewall zone. Packets destined for network interfaces that are members of this zone will either be accepted, rejected or dropped by this rule. IX10 User Guide...
  • Page 759    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 760 (config firewall filter 1)> ip_version value (config firewall filter 1)> where value is one of: ipv4 ipv6 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 IX10 User Guide...

  • Page 761: Enable Or Disable A Packet Filtering Rule

    Enable or disable a packet filtering rule To enable or disable a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 762    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 763: Delete A Packet Filtering Rule

    Delete a packet filtering rule To delete a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 764    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 765: Configure Custom Firewall Rules

    To configure custom firewall rules:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 766    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 767: Configure Quality Of Service Options

    These example bindings are disabled by default. Enable the preconfigured bindings    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 768    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 769 Type quit to disconnect from the device. Create a new binding    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 770 Typically, this should be 95% of the available bandwidth. Allowed value is any integer between 1 and 1000. 9. Create a policy for the binding: At least one policy is required for each binding. Each policy can contain up to 30 rules. IX10 User Guide...
  • Page 771 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. IX10 User Guide...
  • Page 772    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 773 (config firewall qos 2 policy)> add end (config firewall qos 2 policy 0)> New QoS binding policies are enabled by default. To disable: (config firewall qos 2 policy 0)> enable false (config firewall qos 2 policy 0)> IX10 User Guide...
  • Page 774 New QoS binding policy rules are enabled by default. To disable: (config firewall qos 2 policy 0 rule 0)> enable false (config firewall qos 2 policy 0 rule 0)> iii. (Optional) Set a label for the new binding policy rule: IX10 User Guide...
  • Page 775 Only traffic from the selected interface will be matched. Set the interface: i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config network qos 2 policy 0 rule 0)> src interface /network/interface/eth1 (config network qos 2 policy 0 rule 0)> IX10 User Guide...
  • Page 776 (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: IX10 User Guide...

  • Page 777: Web Filtering

    Type quit to disconnect from the device. Web filtering Web filtering allows you to control access to services that can be accessed through the IX10 device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 778 Web filtering Task two: Configure web filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 779 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your IX10 is invalid, you can clear the device ID.    Command line 1.

  • Page 780: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 781 10. Click Apply to save the configuration and apply the change.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. IX10 User Guide...
  • Page 782 Add the first DNS server: i. Add the server: (config)> add firewall web-filter server end (config firewall web-filter server 0)> ii. Set the server's IP address: (config firewall web-filter server 0)> ip 208.67.222.220 (config firewall web-filter server 0)> IX10 User Guide...

  • Page 783: Verify Your Web Filtering Configuration

    Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 784 4. From a new tab in your browser, attempt to connect to the Cisco test URL http://www.internetbadguys.com. The connection should be successful. 5. Return to the IX10 WebUI and enable web filtering: a. Click Firewall > Web filtering service. b. Click Enable web filtering to enable.

  • Page 785: Show Web Filter Service Information

    Cisco open DNS servers. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.
  • Page 786 Firewall Web filtering 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 787 Containers The IX10 device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.

  • Page 788: Use Digi Remote Manager To Deploy And Run Containers

    Use Digi Remote Manager to deploy and run containers Use Digi Remote Manager to deploy and run containers Note Container support must be enabled in Digi Remote Manager. Contact your Digi sales representative for information. 1. In Remote Manager, create a Configuration template. See the Remote Manager User Guide instructions.
  • Page 789 Containers Use Digi Remote Manager to deploy and run containers i. Click Browse and select the container file. ii. Type the Name of the container. The Name entered here must be the same name as the container .tgz file. This is absolutely necessary, otherwise the container file will not be properly configured on the local devices.
  • Page 790 Containers Use Digi Remote Manager to deploy and run containers c. For the Automation step: i. Click to toggle on Enable Scanning. ii. Click to toggle on Remediate. Run a manual configuration scan to apply the container and configuration settings to all applicable devices.

  • Page 791: Use An Automation To Start The Container

    Containers Use Digi Remote Manager to deploy and run containers vi. Click the Stream ID to view container status. To verify by using the show containers command on the local device: a. From the Remote Manager main menu, click  Management >  Devices.

  • Page 792: Upload A New Lxc Container

    Is one of the devices included on the Target page. Upload a new LXC container    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. From the main menu, click Status. Under Services, click Containers. 3. Click Upload New Container. IX10 User Guide...

  • Page 793: Configure A Container

    Serial ports on the device that the container will have access to.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 794 (Optional) Enter a static IP Address and netmask for the container. This must be a valid IP address for the bridge, or, if left blank, a DHCP server can assign the container an IP address. c. (Optional) For Gateway, type the IP address of the network gateway. IX10 User Guide...
  • Page 795    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 796 (config system container name)> restart_timeout value (config system container name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set restart_timeout to ten minutes, enter either 10m or 600s: IX10 User Guide...
  • Page 797 (config system container name)> b. Add the port: (config system container name)> add ports end port1 (config system container name)> 12. Save the configuration and apply the change: (config network wireless client new_client)> save Configuration saved. > IX10 User Guide...

  • Page 798: Starting And Stopping The Container

    To start the container in non-persistent mode: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.

  • Page 799: Stopping The Container

    Stopping the container 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.

  • Page 800: Show Status Of All Containers

    1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 801: Schedule A Script To Run In The Container

    2. Execute a ping command every ten seconds from inside the container.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 802 For example: lxc test_lxc /bin/ping -c 1 192.168.1.146 9. Click to disable Sandbox. Sandbox restrictions are not necessary when a container is used. 10. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 803 Containers Schedule a script to run in the container 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 804: Create A Custom Container

    In this example, we will use a simple container file named test_lxc.tgz. You can download test_lxc.tgz from the Digi website. At the command line of a Linux host, we will unpack the file, add a simple python script, and create a new container file that includes the python script.

  • Page 805: Test The Custom Container File

    Click Apply. 2. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the IX10 local command line as a user with shell access.

  • Page 806: System Administration

    Review device status Configure system information Update system firmware Update cellular module firmware Reboot your IX10 device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configure a power profile Configuration files...

  • Page 807: Review Device Status

       Web To display system information: 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click Status. A secondary menu appears, along with a status panel. 3. On the secondary menu, click to display the details panel for the status you want to view.

  • Page 808: Configure System Information

    Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your IX10 device, such as providing a name and location for the device. IX10 User Guide...
  • Page 809 A banner that will be displayed when users access terminal services on the device. To enter system information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 810    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 811: Update System Firmware

    For example, IX10-23.3.31.129.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
  • Page 812    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 813 Update firmware from a local file    Web 1. Download the IX10 operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the IX10 WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
  • Page 814 1. Download the IX10 operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 815: Dual Boot Behavior

    > reboot Rebooting system > 7. Once the device has rebooted, log into the IX10's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...

  • Page 816: Update Cellular Module Firmware

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 817: Update Modem Firmware Over The Air (Ota)

    OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.
  • Page 818 Newest firmware version available to download is '24.01.5x4_ATT' Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...

  • Page 819: Update Modem Firmware By Using A Local Firmware File

    IX10 device. 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 820: Reboot Your Ix10 Device

    Type quit to disconnect from the device. Reboot your IX10 device You can reboot the IX10 device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See...

  • Page 821: Schedule Reboots Of Your Device

    > reboot Schedule reboots of your device    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 822    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 823: Erase Device Configuration And Reset To Factory Defaults

    With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 824 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the IX10 by using the serial port or by using an Ethernet cable to connect the IX10 ETH port to your PC. b. Log into the IX10: User name: Use the default user name: admin.
  • Page 825 The device reboots again and resets to factory defaults, as well as also removing generated certificates and keys. 3. After resetting the device: a. Connect to the IX10 by using the serial port or by using an Ethernet cable to connect the IX10 ETH port to your PC. b. Log into the IX10: User name: Use the default user name: admin.

  • Page 826: Custom Factory Default Settings

    Type quit to disconnect from the device. Custom factory default settings You can configure your IX10 device to use custom factory default settings. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 827 If you do not wait five minutes after restoring to custom factory defaults before performing these activities, the device will clear the custom factory defaults and reboot to standard factory defaults.    Command line IX10 User Guide...

  • Page 828: Locate The Device By Using The Find Me Feature

    System administration Locate the device by using the Find Me feature 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 829: Configure A Power Profile

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 830 System administration Configure a power profile    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 831    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 832 6. Save the configuration and apply the change: (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 833: Configuration Files

    If you do not save configuration changes, the system discards the changes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 834: Save Configuration To A File

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 835    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 836: Restore The Device Configuration

    > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your IX10 device by using a backup from the device, or a backup from a similar device. ...
  • Page 837 System administration Configuration files 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 838: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 839 If Duration window is set to 24 hours, Start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time. Setting Duration window to 24 hours can potentially overstress the device and should be used with caution. IX10 User Guide...
  • Page 840    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 841 If the duration length is set to any value other than to 0 or 24 hours, the maintenance tasks will run at a random time during the time allotted for the duration window. IX10 User Guide...
  • Page 842 Device firmware update check is enabled by default. This enables to automated checking for device firmware updates. To disable: (config)> system schedule maintenance firmware_update_check device false (config)> b. Set how often automated checking for device firmware should take place: (config)> system schedule maintenance frequency value (config)> IX10 User Guide...

  • Page 843: Disable Device Encryption

    Type quit to disconnect from the device. Disable device encryption You can disable the cryptography on your IX10 device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.

  • Page 844: Re-Enable Cryptography After It Has Been Disabled

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 845 Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 IX10 User Guide...

  • Page 846: Configure The Speed Of Your Ethernet Port

    Configure the speed of your Ethernet port 2. Connect the PC's Ethernet port to the Ethernet port on your IX10 device. 3. Open a telnet session and connect to the IX10 device at the IP address of 192.168.210.1. 4. Log into the device: Username: admin Password: The default unique password for your device is printed on the device label.
  • Page 847 System administration Configure the speed of your Ethernet port 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 848: Configure The System Watchdog

    You can configure your IX10 device's advanced watchdog to test the system for problems, and to reboot the device when problems are encountered.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 849 60 percent, the maximum is 100 percent. The default is 95 percent. f. To log memory usage with every watchdog memory usage test, click to enable Log memory usage every interval. 8. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...
  • Page 850 System administration Configure the system watchdog 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 851 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
  • Page 852 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe IX10 User Guide...

  • Page 853: Intelliflow

    Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.

  • Page 854: Enable Intelliflow

    The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 855    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 856: Configure Service Types

    For example, to define a service type called "MyService" using ports 9000 and 9001:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 857 8. For Service name, type MyService. 9. Click  to add a another port. 10. For Port number, type 9001. 11. For Service name, type MyService. 12. Click Apply to save the configuration and apply the change.    Command line IX10 User Guide...

  • Page 858: Configure Domain Name Groups

    Monitoring intelliFlow 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 859 Monitoring intelliFlow 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 860    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 861 Monitoring intelliFlow 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 862: Use Intelliflow To Display Average Cpu And Ram Usage

    This procedure is only available from the WebUI. To display display average CPU and RAM usage:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 863: Use Intelliflow To Display Top Data Usage Information

    Top data usage by service To generate a top data usage chart:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow.
  • Page 864 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. IX10 User Guide...

  • Page 865: Use Intelliflow To Display Data Usage By Host Over Time

    Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow.

  • Page 866: Configure Netflow Probe

    To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the IX10 device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 867 Monitoring Configure NetFlow Probe    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 868    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 869 7. Set the number of seconds that a flow can be active before sent to a collector: (config)> monitoring netflow active_timeout value (config)> where value is any is any number between 1 and 1800. The default is 1800. IX10 User Guide...
  • Page 870 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...
  • Page 871 File system This chapter contains the following topics: The IX10 local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files...

  • Page 872: File System

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 873: Create A Directory

    For example: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 874: Display File Contents

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 875: Move Or Rename A File Or Directory

      Command line To rename a file named test.py in /etc/config/scripts to final.py: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 876: Delete A File Or Directory

      Command line To delete a file named test.py in /etc/config/scripts: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 877: Upload And Download Files

    Upload and download files To delete a directory named temp from /opt: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 878: Upload And Download Files By Using The Secure Copy Command

    IX10 device. local-path is the location on the IX10 device where the copied file will be placed. For example: To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the IX10 device, issue the following command: >...

  • Page 879: Upload And Download Files Using Sftp

    IX10 device. For example: To copy a support report from the IX10 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...
  • Page 880 Transfer a file from the IX10 device to a remote host This example downloads a file named test.py from the IX10 device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1...
  • Page 881 Generate a support report View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems IX10 User Guide...

  • Page 882: Perform A Speedtest

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 883: Support Report Overview

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 884 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system IX10 User Guide...
  • Page 885 AT commands netstat_-i Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report IX10 User Guide...
  • Page 886 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) IX10 User Guide...

  • Page 887: View System And Event Logs

    View System Logs    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool.
  • Page 888    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 889: View Event Logs

    View Event Logs    Web 1. Log into the IX10 WebUI as a user with Admin access. 2. On the main menu, click System > Logs. 3. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 890 Diagnostics View system and event logs 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 891 Diagnostics View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 892: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 893    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 894 1 and 65535. The default is 514. 5. Set the IP protocol to use for communication with the syslog server: (config system log remote 0)> protocol value (config system log remote 0)> where value is either tcp or udp. The default is udp. IX10 User Guide...

  • Page 895: Configure Options For The Event And System Logs

    To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 896 7. Enable Preserve system logs to save the current session's system log after a reboot. By default, the IX10 device erases system logs each time the device is powered off or rebooted. Note You should only enable Preserve system logs temporarily to debug issues.
  • Page 897    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 898 ----------------------------------------------------------------- -------------- info true Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver ii. To disable informational messages for the DHCP server: (config)> system log event dhcpserver info false (config)> IX10 User Guide...
  • Page 899 7. Save the configuration and apply the change: (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 900: Analyze Network Traffic

    Analyze network traffic Analyze network traffic The IX10 device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.

  • Page 901: Configure Packet Capture For The Network Analyzer

    The frequency with which captured events will be saved. To configure a packet capture configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 902 You can select from preconfigured filters to determine which types of packets to capture or ignore, or you can create your own Berkeley packet filter expression. b. To create a filter that either captures or ignores packets from a particular IP address or network: IX10 User Guide...
  • Page 903 For Ethernet MAC address, type the MAC address to be captured or ingored. iv. For Source or destination Ethernet MAC address, select whether the filter should apply to packets when the Ethernet MAC address is the source, the destination, or both. IX10 User Guide...
  • Page 904 Set time: Runs the capture filter at a specified time of the day. If Set Time is selected, specify the time that the capture filter should run in Run time, using the format HH:MM. During system maintenance: The capture filter will run during the system maintenance time window. IX10 User Guide...
  • Page 905    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 906 Use the ? to determine available protocols and the appropriate format: (config network analyzer name filter protocol 0)> protocol ? IP protocol to capture or ignore: IP protocol to capture or ignore. Format: icmp icmpv6 igmp ospf other IX10 User Guide...
  • Page 907 The filter will apply to packets when the port is the source. destination: The filter will apply to packets when the port is the destination. either: The filter will apply to packets when the port is either the source or the destination. IX10 User Guide...
  • Page 908 To create a filter that either captures or ignores packets from one or more specified VLANs: i. Add a new VLAN filter: (config network analyzer name)> add filter vlan end (config network analyzer name filter vlan 0)> IX10 User Guide...
  • Page 909 (config network analyzer name)> on_interval 600s (config network analyzer name)> set_time: Runs the script at a specified time of the day. If set_time is set, set the time that the script should run, using the format HH:MM: IX10 User Guide...

  • Page 910: Example Filters For Capturing Data Traffic

    The following are examples of filters using Berkeley Packet Filter (BPF) syntax for capturing several types of network data. See https://biot.com/capstats/bpf.html for detailed information about BPF syntax. Example IPv4 capture filters Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 IX10 User Guide...

  • Page 911: Capture Packets From The Command Line

    See Configure packet capture for the network analyzer for information about scheduling packet capturing. Additional analyzer commands allow you to: IX10 User Guide...

  • Page 912: Stop Capturing Packets

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 913: Show Captured Traffic Data

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 914 See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > show anaylzer name ? name: Name of the capture filter to use. Format: test_capture capture_ping IX10 User Guide...

  • Page 915: Save Captured Data Traffic To A File

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 916    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 917: Clear Captured Data

       Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.

  • Page 918: Use The Ping Command To Troubleshoot Network Connections

    Ping to check internet connection To check your internet connection: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 919 (www.google.com) through the default gateway. The command output shows that 15 routing hops were required to reach the host: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.

  • Page 920: Digi Ix10 Regulatory And Safety Statements

    Radio Frequency Interference (RFI) (FCC 15.105) The Digi IX10 has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.

  • Page 921: Ifetel

    Digi IX10 regulatory and safety statements IFETEL Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market. Refer to the radio regulatory agency in the desired countries of operation for more information.

  • Page 922: Maximum Transmit Power For Radio Frequencies

    Digi IX10 regulatory and safety statements Maximum transmit power for radio frequencies Maximum transmit power for radio frequencies The following tables show the maximum transmit power for frequency bands. Cellular frequency bands Frequency bands Maximum transmit power Cellular LTE 700 MHz...

  • Page 923: Rohs Compliance Statement

    However, cellular-based products contain radio devices which require specific consideration. Take the time to read and understand the following guidance. Digi International assumes no liability for an end user’s failure to comply with these precautions.

  • Page 924: Product Disposal Instructions

    At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU IX10 User Guide...
  • Page 925 Safety warnings English Bulgarian--бъ л га рс ки Croatian--Hrvatski French--Français Greek--Ε λλην ικά Hungarian--Magyar Italian--Italiano Latvian--Latvietis Lithuanian--Lietuvis Polish--Polskie Portuguese--Português Slovak--Slovák Slovenian--Esloveno Spanish--Español IX10 User Guide...

  • Page 926: English

    Do not power on the unit in any aircraft. Operation of this equipment in a residential environment could cause radio interference. For ambient temperatures above 60° C, this equipment must be installed in a Restricted Access Location only. IX10 User Guide...

  • Page 927: Bulgarian--Бъ Л Га Рс Ки

    З а окол ни т е м пе ра т ури на д 60 ° C, т ов а оборудв а не т ря бв а да с е инс т а л ира с а м о на м я с т о с огра нич е н дос т ъ п. IX10 User Guide...

  • Page 928: Croatian--Hrvatski

    ​ ​ j edinicu ni u jednom zrakoplovu. Rad ove opreme u stambenom okruženju mogao bi prouzročiti radio smetnje. Za okolne temperature iznad 60 ° C, ova oprema mora biti instalirana samo na mjestu s ograničenim pristupom. IX10 User Guide...

  • Page 929: French--Français

    L'utilisation de cet équipement dans un environnement résidentiel peut provoquer des interférences radio. Pour des températures ambiantes supérieures à 60 °C, cet équipement doit être installé uniquement dans un emplacement à accès restreint. IX10 User Guide...

  • Page 930: Greek--Ε Λλην Ικά

    Γ ια θερ μοκρ ασ ίες περ ιβάλλον τ ος άν ω τ ων 60 ° C, αυτ ός ο εξ οπλισ μός πρ έπει ν α εγ κατ ασ τ αθεί μόν ο σ ε θέσ η περ ιορ ισ μέν ης πρ όσ βασ ης IX10 User Guide...

  • Page 931: Hungarian--Magyar

    60 ° C feletti környezeti hőmérséklet esetén ezt a berendezést csak korlátozott hozzáférésű helyre kell telepíteni. Az EZ04-IAG4-EXT és EZ04-IA00-EXT készletekhez mellékelt kiterjesztett hőmérsékletű, dugaszolható tápegység (76002079 /24000141) nem C1D2 tanúsítvánnyal rendelkezik, és nem használható C1D2 besorolású veszélyes helyeken. IX10 User Guide...

  • Page 932: Italian--Italiano

    Non accendere l'unità in nessun aereo. Il funzionamento di questa apparecchiatura in un ambiente residenziale potrebbe causare interferenze radio. Per temperature ambiente superiori a 60° C, questa apparecchiatura deve essere installata solo in un luogo ad accesso limitato. IX10 User Guide...

  • Page 933: Latvian--Latvietis

    Iekārtai jābūt izslēgtai, ja notiek spridzināšana, sprādzienbīstama vide vai medicīnas vai dzīvības uzturēšanas aprīkojuma tuvumā. Nevienā lidmašīnā neieslēdziet ierīci. Šīs ierīces darbība dzīvojamā vidē var izraisīt radio traucējumus. Ja apkārtējā temperatūra pārsniedz 60 ° C, šī iekārta jāuzstāda tikai ierobežotas piekļuves vietā. IX10 User Guide...

  • Page 934: Lithuanian--Lietuvis

    Įrenginys turi būti išjungtas ten, kur vyksta sprogdinimas, sprogi aplinka arba šalia medicinos ar gyvybės palaikymo įrangos. Neįjunkite įrenginio jokiuose orlaiviuose. Naudojant šią įrangą gyvenamojoje aplinkoje, gali kilti radijo trukdžių. Esant aukštesnei nei 60 ° C aplinkos temperatūrai, ši įranga turi būti montuojama tik riboto patekimo vietoje. IX10 User Guide...

  • Page 935: Polish--Polskie

    życie. Nie włączaj urządzenia w żadnym samolocie. Praca tego sprzętu w środowisku mieszkalnym może powodować zakłócenia radiowe. W przypadku temperatur otoczenia powyżej 60°C urządzenie to należy instalować wyłącznie w miejscach o ograniczonym dostępie. IX10 User Guide...

  • Page 936: Portuguese--Português

    Não ligue a unidade em nenhuma aeronave. A operação deste equipamento em um ambiente residencial pode causar interferência de rádio. Para temperaturas ambientes acima de 60 ° C, este equipamento deve ser instalado apenas em locais de acesso restrito. IX10 User Guide...

  • Page 937: Slovak--Slovák

    života. Jednotku nezapínajte v žiadnom lietadle. Prevádzka tohto zariadenia v obytnom prostredí by mohla spôsobiť rádiové rušenie. Pri teplotách okolia nad 60 ° C musí byť toto zariadenie inštalované iba na mieste s obmedzeným prístupom. IX10 User Guide...

  • Page 938: Slovenian--Esloveno

    življenja. Enote ne vklopite v nobenem letalu. Delovanje te opreme v stanovanjskem okolju lahko povzroči radijske motnje. Pri temperaturah okolice nad 60 ° C mora biti ta oprema nameščena samo na lokaciji z omejenim dostopom. IX10 User Guide...

  • Page 939: Spanish--Español

    Para temperaturas ambiente superiores a 60 ° C, este equipo debe instalarse únicamente en una ubicación de acceso restringido. DigiIX10 Certifications International EMC (Electromagnetic Compatibility) and safety standards This product complies with the requirements of the following Electromagnetic Compatibility standards. IX10 User Guide...
  • Page 940 DigiIX10 Certifications International EMC (Electromagnetic Compatibility) and safety standards There are no user-serviceable parts inside the product. Contact your Digi representative for repair information. Certification category Standards EN 300 328 v1.8.1 Electromagnetic Compatibility (EMC) compliance standards EN 301 893 v1.7.2...
  • Page 941 Auto-complete commands and parameters Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference IX10 User Guide...

  • Page 942: Command Line Interface

    Log in to the command line interface    Command line 1. Connect to the IX10 device by using a serial connection, SSH or telnet, or the Terminal in the WebUI or the Console in the Digi Remote Manager. See Access the command line interface more information.

  • Page 943: Exit The Command Line Interface

    2. At the main menu, click Terminal. The device console appears. IX10 login: 3. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10 local command line as a user with full Admin access rights.
  • Page 944 Command line interface Execute a command from the web interface The Admin CLI prompt appears. > IX10 User Guide...

  • Page 945: Display Help For Commands And Parameters

    Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the IX10 command line, and other keyboard shortcuts: > help Commands ------------------------------------------------------------------------------ Show commands help <Tab>...

  • Page 946: Display Help For Individual Commands

    Show IP routing information. scep-client Show SCEP client statistics. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. > show IX10 User Guide...

  • Page 947: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    Parameter values, where the value is one of an enumeration or an on|off type; for example: (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. IX10 User Guide...

  • Page 948: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the IX10 device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the IX10 device and a IX10 User Guide...

  • Page 949: Use The Scp Command

    The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the IX10 device from a remote host, or to the remote host from the IX10 device.
  • Page 950 IX10 device. For example: To copy a support report from the IX10 device to a remote host at the IP address of 192.168.4.1: 1. Use the system support-report command to generate the report: >...

  • Page 951: Display Status And Statistics Using The Show Command

    Command line interface Display status and statistics using the show command Display status and statistics using the show command The IX10 show command display status and statistics for various features. For example: show config show config command displays all the configuration settings for the device that have been changed from the default settings.

  • Page 952: Show Network

    For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The IX10 device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 953 Multicast remote_control Remote control snmp SNMP telnet Telnet web_admin Web administration > config service 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. IX10 User Guide...

  • Page 954: Configuration Mode

    There are two ways to enter configuration commands while in configuration mode: Enter the full command string from the config prompt. For example, to disable the ssh service by entering the full command string at the config prompt: IX10 User Guide...

  • Page 955: Save Changes And Exit Configuration Mode

    In configuration mode, configuration actions are available to perform tasks related to saving or canceling the configuration changes, and to manage items and elements in lists. The commands can be listed by entering a question mark (?) at the config prompt. IX10 User Guide...

  • Page 956: Display Command Line Help In Configuration Mode

    (?) character at the config prompt. For example: 1. Enter ? at the config prompt: (config)> ? This will display the following help information: (config)> ? Additional Configuration ------------------------------------------------------------------------ application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network IX10 User Guide...
  • Page 957 SNMP telnet Telnet web_admin Web administration (config)> service 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)> service ssh ? IX10 User Guide...
  • Page 958 (config)> service ssh enable ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> IX10 User Guide...

  • Page 959: Move Within The Configuration Schema

    You can also enter multiple nodes at once to move multiple steps in the configuration: (config)> service ssh acl zone (config service ssh acl zone)> Move backward one node in the configuration by entering two periods (..): (config service ssh acl zone)> .. (config service ssh acl)> IX10 User Guide...

  • Page 960: Manage Elements In Lists

    As demonstrated above, the end keyword is used to add an element to the end of a list. Additionally, the end keyword is used to add an element to a list that does not have any elements. For example, to add an authentication group to a user that has just been created: IX10 User Guide...
  • Page 961 Use the show command to verify that the local authentication method was removed: (config)> show auth method 0 tacacs+ 1 radius (config)> Move elements within a list Use the move command to reorder elements in a list. For example, to reorder the authentication methods: IX10 User Guide...

  • Page 962: The Revert Command

    (config)> The revert command The revert command is used to revert changes to the IX10 device's configuration and restore default configuration settings. The behavior of the revert command varies depending on where in the configuration hierarchy the command is executed, and whether the optional path parameter is used.
  • Page 963 3. Save the configuration and apply the change: (config auth method)> save Configuration saved. > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 964: Enter Strings In Configuration Commands

    (config)> system description "Digi IX10" Example: Create a new user by using the command line In this example, you will use the IX10 command line to create a new user, provide a password for the user, and assign the user to authentication groups.
  • Page 965 IX10 User Guide...
  • Page 966 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. IX10 User Guide...

  • Page 967: Command Line Reference

    IX10 User Guide...

  • Page 968: Analyzer Clear

    Clears the traffic captured by the analyzer. IX10 User Guide...

  • Page 969: Analyzer Save

    Stops the traffic capture session. Syntax analyzer stop <name> Parameters name: Name of the capture filter to use. clear dhcp-lease ip-address Clear the DHCP lease for the specified IP address. Syntax clear dhcp-lease ip-address ADDRESS IX10 User Guide...

  • Page 970: Clear Dhcp-Lease Mac

    <source> <destination> [force] Parameters source: The source file or directory to copy. destination: The destination path to copy the source file or directory to. force: Do not ask to overwrite the destination file if it exists. IX10 User Guide...

  • Page 971: Grep

    Command line reference grep Grep the contents of a file. Syntax grep <match> <path> Parameters match: Output all lines in file matching string. path: The file to grep. help Show CLI editing and navigation commands. Syntax help Parameters None IX10 User Guide...
  • Page 972 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. IX10 User Guide...

  • Page 973: Mkdir

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware list List modem firmware files found in the /opt/[MODEM_MODEL]/ directory. IX10 User Guide...

  • Page 974: Modem Firmware Ota Check

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem firmware ota check Query the Digi firmware server for the latest remote modem firmware version. Syntax modem firmware ota check [name STRING] [imei STRING] Parameters name: The configured name of the modem to execute this CLI command on.

  • Page 975: Modem Firmware Update

    Disable the PIN lock on the SIM card that is active in the modem. Warning: Attempting to use an incorrect PIN code may PUK lock the SIM. Syntax modem pin disable <pin> [name STRING] [imei STRING] Parameters pin: The SIM's PIN code. IX10 User Guide...

  • Page 976: Modem Pin Enable

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. modem puk status Print the PUK status and the number of PUK unlock attempts remaining. IX10 User Guide...

  • Page 977: Modem Puk Unlock

    The configured name of the modem to execute this CLI command on. imei: The IMEI of the modem to execute this CLI command on. timeout: The amount of time in seconds to wait for modem scan to complete. (Default: 300) modem sim-slot IX10 User Guide...

  • Page 978: Monitoring

    Immediately upload current device health metrics. Functions as if a scheduled upload was triggered. Syntax monitoring metrics upload Parameters None more View a file. Syntax more <path> Parameters path: The file to view. Move a file or directory. IX10 User Guide...

  • Page 979: Ping

    The number of bytes sent in the ICMP ping request. (Minimum: 0, Default: 56) count: The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. poweroff Power off the system. Syntax poweroff Parameters None reboot Reboot the system. Parameters None IX10 User Guide...
  • Page 980 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. IX10 User Guide...

  • Page 981: Scp

    Display IPv4 routes. If no IP version is specified IPv4 & IPV6 will be displayed. ipv6: Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None IX10 User Guide...

  • Page 982: Show Config

    Show all leases (active and inactive (not in etc/config/dhcp.*lease)). verbose: Display more information (less concise, more detail). show dns Show DNS servers and associated domains. Syntax show dns Parameters None show eth Show ethernet status & statistics. IX10 User Guide...

  • Page 983: Show Event

    Display more details and config data for a specific IPsec tunnel. all: Display all tunnels including disabled tunnels. verbose: Display status of one or all tunnels in plain text. show l2tp lac Show L2TP access concentrator status & statistics. Syntax show l2tp lac [name STRING] IX10 User Guide...

  • Page 984: Show L2Tp Lns

    Filters for type of log message displayed (critical, warning, info, debug). Note, filters from the number of messages retrieved not the whole log (this can be very time consuming). If you require more messages of the filtered type, increase the number of messages retrieved using 'number'. show manufacture IX10 User Guide...

  • Page 985: Show Modbus-Gateway

    Display more information (less concise, more detail). show mqtt Show MQTT broker information. Syntax show mqtt [verbose] Parameters verbose: Display more information (less concise, more detail). show nemo Show NEMO status and statistics. Syntax show nemo [name STRING] IX10 User Guide...

  • Page 986: Show Network

    Display all clients including disabled clients. show openvpn server Show OpenVPN server status & statistics. Syntax show openvpn server [name STRING] [all] Parameters name: Display more details and config data for a specific OpenVPN server. all: Display all servers including disabled servers. IX10 User Guide...

  • Page 987: Show Route

    None show serial Show serial status & statistics. Syntax show serial [port STRING] Parameters port: Display more details and config data for a specific serial port. show surelink interface Show SureLink status & statistics for network interfaces. IX10 User Guide...

  • Page 988: Show Surelink Ipsec

    The name of the OpenVPN client. all: Show all OpenVPN clients. show surelink state Show SureLink state & fail counts for each network interfaces. Syntax show surelink state Parameters None show system Show system status & statistics. Syntax show system [verbose] IX10 User Guide...

  • Page 989: Show Usb

    Display more details and config data for a specific VRRP instance. all: Display all VRRP instances including disabled instances. verbose: Display all VRRP status and statistics including disabled instances. show web-filter Show web filter status & statistics. Syntax show web-filter Parameters None speedtest IX10 User Guide...

  • Page 990: Ssh

    Remove a backup file. system disable-cryptography Erase the device's configuration and reboot into a limited mode with no cryptography available. The device's shell will be accessible over Telnet (port 23) at IP address 192.168.210.1. To return the device IX10 User Guide...

  • Page 991: System Duplicate-Firmware

    Find Me function to flash LEDs on this device to help users locate the unit. Syntax system find-me <state> Parameters state: Find Me control to flash cellular-related LEDs. system firmware ota check Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check IX10 User Guide...

  • Page 992: System Firmware Ota List

    Command line interface Command line reference Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update. The device will be updated to the latest firmware version unless the version argument is used to specify the firmware version.

  • Page 993: System Script Start

    Script to stop. system serial restart Delete and restart the serial log. Syntax system serial restart <port> Parameters port: Serial port. system serial save Saves the current serial log to a file. Syntax system serial save <port> <path> IX10 User Guide...

  • Page 994: System Serial Show

    Set the local time to the first enabled time source that returns valid time information. Syntax system time sync Parameters None system time test Test each enabled time source. This test will not affect the device's current local date and time. IX10 User Guide...

  • Page 995: Tail

    Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway. interface: Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table. IX10 User Guide...
  • Page 996 Do not fragment probe packets. icmp: Use ICMP ECHO for probes. nomap: Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. IX10 User Guide...

Table of Contents