Digi Connect EZ Mini User Manual
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Server
  5. Connect EZ Mini
  6. User manual

Digi Connect EZ Mini User Manual

Hide thumbs Also See for Connect EZ Mini:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
Table of Contents

Advertisement

Quick Links

Download this manual
Connect EZ Mini
User Guide
Firmware version 23.6

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Connect EZ Mini and is the answer not in the manual?

Questions and answers

Related Manuals for Digi Connect EZ Mini

Summary of Contents for Digi Connect EZ Mini

  • Page 1 Connect EZ Mini User Guide Firmware version 23.6...
  • Page 2 Advanced Watchdog options: Added System > Advanced Watchdog options to all devices. Digi Remote Manager support: Each time a device connects to Digi Remote Manager after the device boots (or re-boots), the device now immediately uploads all health metrics. VPN: Added new Enable open routing configuration setting (VPN >...
  • Page 3 2022 Updated the Linux kernel to version 5.19. The intelliFlow feature now integrates with Digi Remote Manager to provide aggregated insights and analytics for all Digi devices in your environment. Added support for Next-hop routing protocol (NHRP). Added support for mGRE tunnels.
  • Page 4 Added Monitoring > Device Health > Only report changed values to Digi Remote Manager option to control sending metrics to Digi Remote Manager on the basis of whether the values have changed since they were last reported. Added Monitoring > Device Health > Data point tuning configuration options to fine tune what datapoints are uploaded as health metrics to Digi Remote Manager.
  • Page 5 Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the Digi Connect EZ Mini User Guide...
  • Page 6 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect EZ Mini User Guide, 90002409 A) in the subject line of your email. Digi Connect EZ Mini User Guide...

  • Page 7: Table Of Contents

    Step 2: Connect the power supply Step 3: Connect to site network using an Ethernet LAN Step 4: Discover the IP address using the Digi Navigator Step 5: Configure RealPort from the Digi Navigator Step 6: Connect to the web UI and update the Connect EZ firmware...
  • Page 8 Show SureLink status for a specific OpenVPN client Configure a TCP connection timeout Serial port Default serial port configuration Serial mode options View serial port information Default serial port configuration Configure Login mode Configure Remote Access mode Digi Connect EZ Mini User Guide...
  • Page 9 Installation and configuration process Digi Navigator features Install the Digi Navigator Configure RealPort on a Digi device from the Digi Navigator Digi Navigator device discovery process Services used to discover a device when connected to a network Digi Navigator application features...
  • Page 10 Create and test a Python application Python modules Set up the Connect EZ to automatically run your applications Configure scripts to run automatically Show script information Stop a script that is currently running Start an interactive Python session Digi Connect EZ Mini User Guide...
  • Page 11 Delete a custom firewall zone Port forwarding rules Configure port forwarding Delete a port forwarding rule Packet filtering Configure packet filtering Enable or disable a packet filtering rule Delete a packet filtering rule Configure custom firewall rules Digi Connect EZ Mini User Guide...
  • Page 12 Collect device health data and set the sample interval Enable event log upload to Digi Remote Manager Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Digi Connect EZ Mini User Guide...
  • Page 13 Configure multiple Connect EZ devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more File system The Connect EZ local file system Display directory contents Create a directory Display file contents Copy a file or directory...
  • Page 14 Example: Create a new user by using the command line Command line reference analyzer clear analyzer save analyzer start analyzer stop clear dhcp-lease ip-address clear dhcp-lease mac grep help mkdir monitoring monitoring metrics upload more ping poweroff reboot Digi Connect EZ Mini User Guide...
  • Page 15 Digi Connect EZ Mini User Guide...
  • Page 16 Digi Connect EZ Mini User Guide...

  • Page 17: Digi Connect Ez Mini User Guide

    The Connect EZ Mini offers a small form factor that can be easily deployed on a DIN rail, mounted on a wall or panel, or as a "bump in the cable". The Connect EZ Mini leverages Digi’s DAL firmware and TrustFence security framework to extend Digi’s critical infrastructure management offerings with...

  • Page 18: Get Started With Connect Ez

    Step 2: Connect the power supply Step 3: Connect to site network using an Ethernet LAN Step 4: Discover the IP address using the Digi Navigator Step 5: Configure RealPort from the Digi Navigator Step 6: Connect to the web UI and update the Connect EZ firmware...

  • Page 19: Step 2: Connect The Power Supply

    The power supply is included with the device. The power supply is a Direct Plugin Class 2 output transformer rated 18 W, 12 VDC, with 1.5 A output. 1. Orient the device so the top of the device is facing you. Digi Connect EZ Mini User Guide...

  • Page 20: Step 3: Connect To Site Network Using An Ethernet Lan

    You can use the Digi Navigator to quickly discover the IP address for the Connect EZ. Note If you don't have access to the Digi Navigator, you can use a manual method to discover the IP address. See Discover the device's IP address: Additional methods.

  • Page 21: Step 5: Configure Realport From The Digi Navigator

    Ethernet cable. 3. Launch the Digi Navigator. 4. A list of the devices discovered by the Digi Navigator displays. Click on the device that you want to configure. For information about how devices are discovered and how to add a device...

  • Page 22: Step 6: Connect To The Web Ui And Update The Connect Ez Firmware

    8. Click Update Firmware. Note For more detailed information about this process, see Update system firmware. NEXT STEP: If you are performing the initial device set-up, proceed to the next step: Step 7: Connect to Digi Remote Manager. Digi Connect EZ Mini User Guide...

  • Page 23: Step 7: Connect To Digi Remote Manager

    Step 7: Connect to Digi Remote Manager Step 7: Connect to Digi Remote Manager Connect your device to Digi Remote Manager to ensure that you receive automatic notification of firmware updates and security notices. From Remote Manager, you can also easily update firmware, ensure consistent configuration across a large group of devices, and manage and monitor cellular connectivity.

  • Page 24: Connect Equipment To The Connect Ez Serial Port

    Press Enter. c. When the connection has been make, the serial port LED is solid green. Serial connector pinout: Connect EZ Mini The Connect EZ Mini has a DB9 serial connector. The table below contains the pinout information. DB-9 pin EIA-232...

  • Page 25: Serial Status Page

    You can change this from the Serial Configuration page. Click the  (configuration) icon in the upper right corner of the page to access that page. The port number and name displays as a link when the port is configured for Digi Connect EZ Mini User Guide...
  • Page 26 Displays the total number of bytes that have been transmitted and received. Signals Indicates the types of communication that the device is ready to send. DCD: Carrier Detected CTS: Clear to Send DTR: Data Terminal Ready RTS: Ready to Send Digi Connect EZ Mini User Guide...

  • Page 27: Hardware

    The serial port LED shows the status of the connection. Off: The port is not in use. Solid Green: A device is connected to the port. Blinking Green: The port is in use and there is activity on the port. Digi Connect EZ Mini User Guide...

  • Page 28: Bottom Panel

    Right (green): The port is in use. Bottom panel Name Description Connect equipment to a serial port to provide console access to Serial port the equipment through a connected Ethernet WAN. See Connect equipment to the Connect EZ serial port. Digi Connect EZ Mini User Guide...

  • Page 29: Back Panel

    Use to reset the device to factory defaults. Reset button You can attach a DIN rail clip to the back DIN rail clip the device and then mount the device to a DIN rail. Digi Connect EZ Mini User Guide...

  • Page 30: Change The Password On The Connect Ez

    Attach the device to a surface using the two tabs on the device. The type and length are dependent on the mounting surface type. Note Screws are not provided. Mounting onto soft or thin materials Examples: Wallboard, sheetrock, wood, thin sheet metal, or plastic. Use a screw that meets these requirements: Digi Connect EZ Mini User Guide...

  • Page 31: Attach To Din Rail With Clip

    The Connect EZ retains its configuration if power is lost and then power is restored when the Hub is plugged into a main power supply, or if the Hub is commanded to restart automatically or interactively. Digi Connect EZ Mini User Guide...

  • Page 32: Use The Erase Button To Reset Your Device To The Factory Defaults

    You can use the Digi Navigator to quickly discover the IP address for the Connect EZ. Note If you don't have access to the Digi Navigator, you can use a manual method to discover the IP address. See Discover the device's IP address: Additional methods.

  • Page 33: Discover The Device's Ip Address: Additional Methods

    Scroll down until you discover the Connect EZ. f. Write down the IP address shown for the device. Manually configure the PC and assign an IP address to the device You can manually assign an IP address to the device. Digi Connect EZ Mini User Guide...
  • Page 34 IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process. 5. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect EZ Mini User Guide...

  • Page 35: Connect To The Local Web Ui On The Connect Ez

    Connect to the local Web UI on the Connect EZ Once you are connected to the local Web UI, you can configure your device. Note You can also use the Digi Navigator to access the web UI and configure the device. See Access the web UI from the Digi Navigator.

  • Page 36: Device Label Sticker Sample

    Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.
  • Page 37 The unique serial number assigned to the device. The SN is needed when submitting a Digi support ticket. Device kit part The part number and revision level of the device kit. number and revision level Digi Connect EZ Mini User Guide...
  • Page 38 Using Digi Remote Manager Access Digi Remote Manager Using the local web interface Use the local REST API to configure the Connect EZ device Access the terminal screen from the web UI Using the command line Digi Connect EZ Mini User Guide...

  • Page 39: Firmware Configuration

    Firmware configuration Review Connect EZ default settings Review Connect EZ default settings You can review the default settings for your Connect EZ device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect EZ WebUI as a user with Admin access.

  • Page 40: Change The Default Password For The Admin User

    To change the default password for the admin user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 41: Configuration Methods

    Web interface. The web interface can be accessed in two ways: Central management using the Digi Remote Manager, a cloud-based device management and data enablement platform that allows you to connect any device to any application, anywhere. With the Remote Manager, you can configure your Connect EZ device and use...

  • Page 42: Using Digi Remote Manager

    Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your Connect EZ device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager, either: As part of the getting started process.

  • Page 43: Using The Local Web Interface

    Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.
  • Page 44 4. To determine further allowed path location values by using the ? (question mark) with the path name: (config> service ? Services Additional Configuration --------------------------------------------------------------------- ---------- iperf IPerf location Location mdns Service Discovery (mDNS) modbus_gateway Modbus Gateway multicast Multicast ping Ping responder Digi Connect EZ Mini User Guide...
  • Page 45 You can also use the GET method to return the configuration parameters associated with an item: curl -k -u admin https://192.168.210.1/cgi-bin/config.cgi/keys/service/ssh -X GET Enter host password for user 'admin': { "ok": true, "result": [ "acl", "custom", "enable", "key", "mdns", "port", "protocol" ] } Digi Connect EZ Mini User Guide...

  • Page 46: Use The Post Method To Modify Device Configuration Parameters And List Arrays

    { "ok": true, "result": "network.route.static.1" } Use the DELETE method to remove items from a list array To remove items from a list array, use the DELETE method. For example, using curl: $ curl -k -u admin "https://192.168.210.1/cgi-bin/config.cgi/value?path=path Digi Connect EZ Mini User Guide...

  • Page 47: Access The Terminal Screen From The Web Ui

    4. Enter the number of the port that you want to access. 5. Information about the port you are connected to displays, as well as commands. Connecting to port5: Settings: 9600, 8, 1, none, none Digi Connect EZ Mini User Guide...
  • Page 48 6. Enter ~b? to display additional commands. Command Description Disconnect from the port. Send a BREAK sequence. Clear the history buffer. Send a DTR reset sequence. Display a list of commands. 7. Enter ~b. to disconnect from the port. Digi Connect EZ Mini User Guide...

  • Page 49: Using The Command Line

    You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.

  • Page 50: Exit The Command Line Interface

    2. Depending on the device configuration, you may be presented with another menu, for example: Access selection menu: a: Admin CLI q: Quit Select access or quit [admin] : Type q or quit to exit. Digi Connect EZ Mini User Guide...

  • Page 51: Interfaces

    6. (Optional) Add DNS servers to use with this static IP address. a. Expand the DNS Servers section. b. Click the plus sign icon next to Add DNS server. c. In the DNS server field, enter the IP address of the DNS server. Digi Connect EZ Mini User Guide...

  • Page 52: Ip Address And Netmask

    Configure SureLink active recovery to detect WAN failures Configure the device to reboot when a failure is detected Disable SureLink Configure a Wide Area Network (WAN) Show WAN status and statistics Delete a WAN Digi Connect EZ Mini User Guide...

  • Page 53: Wide Area Networks (Wans)

    The metric for each WAN.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 54 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 55: Configure Surelink Active Recovery To Detect Wan Failures

    WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network. Using Digi SureLink, you can configure the Connect EZ device to regularly probe connections through the WAN to determine if the WAN has failed.
  • Page 56 Backoff interval: The time to add to the test interval when restarting the list of actions. Test interface gateway by pinging: Used by the Interface gateway Ping test as the endpoint for traceroute to use to determine the interface gateway. Digi Connect EZ Mini User Guide...
  • Page 57 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Response timeout to ten minutes, enter 10m or 600s. Digi Connect EZ Mini User Guide...
  • Page 58 Failing this test infers that all other tests fail. If Test the interface status is selected, complete the following: Down time: The amount of time that the interface is down before the test can be considered to have failed. Digi Connect EZ Mini User Guide...
  • Page 59 12. Add recovery actions: a. Click to expand Recovery actions. b. Click . New recovery actions are enabled by default. To disable, click to toggle off Enable. c. Type a Label for the recovery action. Digi Connect EZ Mini User Guide...
  • Page 60 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect EZ Mini User Guide...
  • Page 61 The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. 14. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 62 1)> d. if the test should apply to both IPv6 rather than IPv4, enable IPv6: (config network interface my_wan surelink tests 1)> ipv6 true (config network interface my_wan surelink tests 1)> Digi Connect EZ Mini User Guide...
  • Page 63 (config network interface my_wan surelink tests 1)> http url (config network interface my_wan surelink tests 1)> dns_configured: Tests communication with DNS servers that are either provided by DHCP, or statically configured for this interface. Digi Connect EZ Mini User Guide...
  • Page 64 1)> custom_test_ commands "string" (config network interface my_wan surelink tests 1)> tcp_connection: Tests that the interface can reach a destination port on the configured host. If tcp_connection is selected, complete the following: Digi Connect EZ Mini User Guide...
  • Page 65 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). f. Repeat for each additional test. Digi Connect EZ Mini User Guide...
  • Page 66 (config network interface my_wan surelink actions 0)> The default is 100. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect EZ Mini User Guide...
  • Page 67 (config network interface my_wan surelink actions 0)> f. Repeat for each additional recovery action. 7. Optional SureLink configuration parameters: a. Type ... to return to the root of the configuration: (config network interface my_wan surelink actions 0)> ... (config)> Digi Connect EZ Mini User Guide...
  • Page 68 (config)> network interface my_wan advanced delayed_start value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set delayed_start to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...

  • Page 69: Configure The Device To Reboot When A Failure Is Detected

    IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi Connect EZ Mini User Guide...
  • Page 70 11. (Optional) For Response timeout, type the amount of time that the device should wait for a response to a test attempt before considering it to have failed. Digi Connect EZ Mini User Guide...
  • Page 71 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Initial connection time to ten minutes, enter 10m or 600s. Custom test: Tests the interface with custom commands. Digi Connect EZ Mini User Guide...
  • Page 72 For Delayed Start, type the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up.(missing or bad snippet) The default is 300 seconds. Digi Connect EZ Mini User Guide...
  • Page 73 If both the restart and reboot parameters are enabled, the reboot parameter takes precedence. 6. Add a test target: (config network interface my_wan)> add ipv4 surelink target end (config network interface my_wan ipv4 surelink target 0)> Digi Connect EZ Mini User Guide...
  • Page 74 (config network interface my_wan ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set parameter name to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...
  • Page 75 (config network interface my_wan ipv4 surelink> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interval to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...

  • Page 76: Disable Surelink

    If your device uses a private APN with no Internet access or has a restricted WAN connection that doesn't allow DNS resolution, you can disable SureLink connectivity tests. You can also reconfigure SureLink to disable the DNS test and use one or more other tests.    Web Digi Connect EZ Mini User Guide...
  • Page 77 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 78 WAN connections that do not allow DNS resolution, and configure alternate test.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 79 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect EZ Mini User Guide...
  • Page 80 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect EZ Mini User Guide...
  • Page 81 (config network interface my_wan surelink tests 1)> test value (config network interface my_wan surelink tests 1)> where value is one of: ping: Uses ICMP to determine connectivity. If ping is selected, complete the following: Digi Connect EZ Mini User Guide...
  • Page 82 Failing this test infers that all other tests fail. If interface_up is set, complete the following: Set the amount of time that the interface is down before the test can be considered to have failed. Digi Connect EZ Mini User Guide...
  • Page 83 If tcp_connection is selected, complete the following: Set the hostname or IP address of the host to create a TCP connection to: (config network interface my_wan surelink tests 1)> tcp_host hostname/IP_address (config network interface my_wan surelink tests 1)> Digi Connect EZ Mini User Guide...
  • Page 84 (config network interface my_wan ipv4 surelink)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 85: Configure A Wide Area Network (Wan)

    1. Log into the Connect EZ WebUI as a user with full Admin access rights 2. On the menu, click System. Under Configuration, click Device Configuration. 3. The Configuration window is displayed. 4. Click Network > Interfaces. Digi Connect EZ Mini User Guide...
  • Page 86 FQDN option. Configure system information for information about setting the Connect EZ device's system name. 10. (Optional) Configure IPv6 settings: a. Click to expand IPv6. b. Enable IPv6 support. c. For Type, select DHCPv6 address. Digi Connect EZ Mini User Guide...
  • Page 87 For Add MAC address, click . c. Type the MAC address. 1. See Configure SureLink active recovery to detect WAN failures for information about configuring SureLink. 13. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 88 Set the device for the LAN: (config network interface my_wan)> device device (config network interface my_wan)> 6. Configure IPv4 settings: IPv4 support is enabled by default. To disable: (config network interface my_wan)> ipv4 enable false (config network interface my_wan)> Digi Connect EZ Mini User Guide...
  • Page 89 See Configure WAN priority and default route metrics for further information about metrics. 7. (Optional) Configure IPv6 settings: a. Enable IPv6 support: (config network interface my_wan)> ipv6 enable true (config network interface my_wan)> Digi Connect EZ Mini User Guide...

  • Page 90: Show Wan Status And Statistics

    9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show WAN status and statistics    Web Digi Connect EZ Mini User Guide...
  • Page 91 4. Enter show network interface name at the Admin CLI prompt to display additional information about a specific WAN. For example, to display information about ETH1, enter show network interface eth1: > show network interface eth1 wan1 Interface Status --------------------- Device : eth1 Digi Connect EZ Mini User Guide...

  • Page 92: Delete A Wan

    Follow this procedure to delete any WANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 93: Show Surelink Status And Statistics

    You can show SureLink status for all interfaces, or for an individual interface. You can also show Surelink status for ipsec tunnels and OpenVPN clients. SureLink status is only available from the Admin CLI.    Command line Digi Connect EZ Mini User Guide...

  • Page 94: Show Surelink State

    2. At the Admin CLI prompt, type : > show surelink interface all Interface Test Proto Last Response Status --------- ----------------------------- ----- ------------- ------- eth1 Interface is up IPv4 32 seconds Passing eth1 Interface's DNS servers (DNS) IPv4 28 seconds Passing Digi Connect EZ Mini User Guide...

  • Page 95: Show Surelink Status For A Specific Interface

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 96: Show Surelink Status For A Specific Ipsec Tunnel

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 97: Show Surelink Status For A Specific Openvpn Client

    A low number of retries will end a "stale" connection more quickly that a larger number. The default is 15 retries. Digi Connect EZ Mini User Guide...
  • Page 98 Interfaces Configure a TCP connection timeout    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 99: Serial Port

    Access: Provides socket level access to ports. Application: Provides access to the serial device from Python applications. RealPort: Used in conjunction with the Digi RealPort driver. RealPort can also be configured using the Digi Navigator. For more information about configuring RealPort, see...

  • Page 100: Configure Login Mode

    DCD is not required, and DSR is needed instead. 6. (Optional) For Label, enter a label that will be used when referring to this port. 7. For Signalling, select the electrical signaling interface type used on this serial port: Digi Connect EZ Mini User Guide...
  • Page 101 If you want to log the time at which date was received or transmitted, click the Timestamps toggle to Enable. f. If you want to log the data as hexadecimal values, click the Hexadecimal toggle to Enable. Digi Connect EZ Mini User Guide...
  • Page 102 The time is measured in milliseconds. The default is 0ms: (config)> serial port1 "rts_pre_delay value (config)> For rts_post_delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms: Digi Connect EZ Mini User Guide...
  • Page 103 (config)>serial port1 parity parity (config)> Allowed values are: even none The default is none. 11. Set the stop bits used by the device to which you want to connect: (config)>serial port1 stopbits bits (config)> Digi Connect EZ Mini User Guide...
  • Page 104 Log the time at which date was received or transmitted: (config)>serial port1 logging hex true (config)> f. Log data as hexadecimal values: (config)>serial port1 logging timestamp true (config)> 14. Save the configuration and apply the change: Digi Connect EZ Mini User Guide...

  • Page 105: Configure Remote Access Mode

    If altpin is disabled, the hardware signal on RJ45 pin 1 becomes DSR instead of DCD. This alternative can be used if DCD is not required, and DSR is needed instead. 6. (Optional) For Label, enter a label that will be used when referring to this port. Digi Connect EZ Mini User Guide...
  • Page 106 Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. 10. Expand Service Settings. All service settings are disabled by default. Click available options to toggle them to enabled, and set the IP ports as appropriate. Digi Connect EZ Mini User Guide...
  • Page 107 For example, to set the Access Control List for the SSH connection for serial port 1, click to expand Serial > Port 1 > SSH connection > Access Control List: To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . Digi Connect EZ Mini User Guide...
  • Page 108 For Connection port, enter the TCP port of the remote server (1-65535). f. If Connect when the data that is received matches the specified string is selected for Connection trigger: i. For Data match string, type the string that, when received, will trigger the connection. Digi Connect EZ Mini User Guide...
  • Page 109 Note You can review the message log in the Serial Port Log page. See Review the serial port message log. 15. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 110 (config)> serial port1 "rts_pre_delay value (config)> For rts_post_delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms: (config)> serial port1 rts_post_delay value (config)> Digi Connect EZ Mini User Guide...
  • Page 111 11. Set the stop bits used by the device to which you want to connect: (config)>serial port stopbits bits (config)> 12. Set the type of flow control used by the device to which you want to connect: (config)>serial port flow value (config)> Digi Connect EZ Mini User Guide...
  • Page 112 (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config)>serial port1 monitor cts true (config) b. (Optional) Enable monitoring of DCD (Data Carrier Detect) changes on this port: (config)>serial port1 monitor dcd true (config) 15. (Optional) Configure autoconnect: Digi Connect EZ Mini User Guide...
  • Page 113 (config)>serial port1 autoconnect conn_type value (config)> where value is one of: telnet tls_auth The default is tls. d. Set the host name or IP address of the destination server: (config)>serial port1 autoconnect destination hostname/IP_address (config)> Digi Connect EZ Mini User Guide...
  • Page 114 Set the end pattern. The packet is sent when this pattern is received from the serial port: (config)>serial port1 framing end_pattern backslash-escaped-string (config) e. Set the strip end pattern if you want to remove the end pattern from the packet before it is sent: Digi Connect EZ Mini User Guide...
  • Page 115 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ Mini User Guide...
  • Page 116 (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service ssh mdns enable true (config)> b. Configure TCP settings: i. Enable TCP: (config)>serial port1 service tcp enable true (config)> ii. Set the port to be used for ssh communications: Digi Connect EZ Mini User Guide...
  • Page 117 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ Mini User Guide...
  • Page 118 (Optional) Enable Multicast DNS (mDNS): (config)>serial port1 service tcp mdns enable true (config)> c. Configure telnet settings: i. Enable SSH: (config)>serial port1 service telnet enable true (config)> ii. Set the port to be used for ssh communications: Digi Connect EZ Mini User Guide...
  • Page 119 (config)> add serial port1 service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: Digi Connect EZ Mini User Guide...
  • Page 120 Enable serial port logging: (config)>serial port1 logging enable true (config)> b. Set the file name: (config)>serial port1 logging filename string (config)> c. Set the maximum allowed log size for the serial port log when starting the log: Digi Connect EZ Mini User Guide...

  • Page 121: Configure Application Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed. Digi Connect EZ Mini User Guide...
  • Page 122 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...
  • Page 123 Enable Termination if you want to enable electrical termination on this serial port. rs-485 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Digi Connect EZ Mini User Guide...

  • Page 124: Configure Ppp Dial-In Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 125 PAP: Use Password Authentication Protocol (PAP) to authenticate. If Automatic, CHAP, or PAP are selected, type the Username and Password used to authenticate the remote peer. 16. (Optional) Configure the serial port to use a custom PPP configuration file: Digi Connect EZ Mini User Guide...
  • Page 126 0 # start up the local PPP session AT*) echo "OK" # passively accept any other AT command esac done 18. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 127 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)> serial port1 idle_timeout 600s (config)> Digi Connect EZ Mini User Guide...
  • Page 128 Use the ? to determine available zones: (config)> serial port1 ppp_dialin zone ? Zone: The firewall zone assigned to this interface. This can be used by packet filtering rules and access control lists to restrict network traffic on this Digi Connect EZ Mini User Guide...
  • Page 129 For example: (config)> serial port1 ppp_dialin custom config_file "debug lcp-echo- interval 10 lcp-echo-failure 2" (config)> 16. (Optional) Configure a script that will be run to prepare the link before PPP negotiations are started: Digi Connect EZ Mini User Guide...
  • Page 130 (config)> save Configuration saved. > 18. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 131: Configure Udp Serial Mode

    For RTS Post-delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms. RS-422 Enable Termination if you want to enable electrical termination on this serial port. Digi Connect EZ Mini User Guide...
  • Page 132 For End Pattern, enter the end pattern. The packet is sent when this pattern is received from the serial port. v. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. Digi Connect EZ Mini User Guide...
  • Page 133 Access the configuration for the appropriate type of service: i. Click to expand Serial. ii. Click to expand the appropriate serial port. iii. Click to expand UDP serial. iv. Click to expand Access Control List. Digi Connect EZ Mini User Guide...
  • Page 134 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: Digi Connect EZ Mini User Guide...
  • Page 135 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...
  • Page 136 Enable Termination if you want to enable electrical termination on this serial port. rs-485 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Digi Connect EZ Mini User Guide...
  • Page 137 12. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Allowed values are: none rts/cts xon/xoff The default is none. 13. (Optional) Configure data framing: Digi Connect EZ Mini User Guide...
  • Page 138 (config)> add serial port1 upd destination end (config serial port1 udp destination 0)> ii. (Optional) Enter a description of the destination: (config serial port1 udp destination 0)> description string (config serial port1 udp destination 0)> Digi Connect EZ Mini User Guide...
  • Page 139 (config)> add serial port1 udp acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: Repeat this step to list additional interfaces. Digi Connect EZ Mini User Guide...
  • Page 140 (config)> add serial port1 udp acl address6 end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. Digi Connect EZ Mini User Guide...
  • Page 141 (config)> Repeat this step to include additional firewall zones. 18. Configure serial port logging: a. Enable serial port logging: (config)>serial port1 logging enable true (config)> b. Set the file name: Digi Connect EZ Mini User Guide...

  • Page 142: Configure Modem Emulator Mode

    To change the configuration to match the serial configuration of the device to which you want to connect:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect EZ Mini User Guide...
  • Page 143 Configure Modem emulator mode 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 144 A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the service-type. iv. Click  again to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...

  • Page 145: Configure Modbus Mode

    Modbus mode allows you to use the serial port for Modbus. See Modbus gateway. To change the configuration to match the serial configuration of the device to which you want to connect:    Web Digi Connect EZ Mini User Guide...
  • Page 146 Enable Termination if you want to enable electrical termination on this serial port. RS-485 Enable Termination if you want to enable electrical termination on this serial port. Enable Full Duplex if you want to enable full duplex communication on this serial port. The default is RS-232. Digi Connect EZ Mini User Guide...
  • Page 147 DCD is not required, and DSR is needed instead. 6. Set the signaling interface type used on this serial port: rs-232 Enable rts_toggle if you want to enable RTS toggling during transmission on this serial port. If enabled, this setting overrides RTS\CTS flow control: Digi Connect EZ Mini User Guide...
  • Page 148 2. Set the number of data bits used by the device to which you want to connect: (config)>serial port1 databits bits (config)> 3. Set the type of parity used by the device to which you want to connect: (config)>serial port1 parity parity (config)> Digi Connect EZ Mini User Guide...

  • Page 149: Configure Realport Mode Using The Digi Navigator

    These processes ensure that RealPort is configured on the device and on your computer. Operating system The Digi Navigator can only be installed on a computer with a Windows OS. If you are using Linux, you can manually install and configure RealPort without Digi Navigator. For the Linux installation process,...

  • Page 150: Digi Navigator Features

    5. When the download is complete, click on the downloaded .exe file. The Digi Navigator Setup wizard displays. 6. Select which user(s) should be able to launch the Digi Navigator from this computer after it has been installed: Anyone who uses this computer (all users): Any user who logs into this computer can launch the Digi Navigator.

  • Page 151: Configure Realport On A Digi Device From The Digi Navigator

    Navigator was installed can launch the Digi Navigator. This is the default. 7. Click Install. The Completing Digi Navigator Setup screen displays. 8. Choose the Run Digi Navigator option if you want to launch the Navigator when the installation is complete.
  • Page 152 Ethernet cable. 3. Launch the Digi Navigator. 4. A list of the devices discovered by the Digi Navigator displays. Click on the device that you want to configure. For information about how devices are discovered and how to add a device...

  • Page 153: Digi Navigator Device Discovery Process

    Digi Navigator. If a Digi device is not on the same network as your computer or the device is undiscoverable, the device is not displayed in the Digi Navigator. You can add the device using that device's IP address, and after it has been added, it also displays in the Digi Navigator.
  • Page 154 Use the autodiscovery protocol to discover a device If a Digi device is directly connected to a computer or connected to a network with no DHCP server, you can assign an IP address to the Digi device so that the device is automatically discovered.
  • Page 155 Serial port Configure RealPort mode using the Digi Navigator Assign a generic IP address to the device If the Connect EZ device is directly connected to a computer or connected to a network with no DHCP server, you can assign a generic IP address to the device. Using this IP address requires you to set this IP address on your computer as well as on the device.
  • Page 156 Serial port Configure RealPort mode using the Digi Navigator 4. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. 5. Select Use the following IP address. Note IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process.
  • Page 157 Click OK. Specify the IP address to discover a Digi device If a Digi device is not on the same network as your computer or the device is undiscoverable, you can manually add the device using that device's IP address.

  • Page 158: Digi Navigator Application Features

    6. Enter the user name and password for the device in the User name and Password fields. 7. Click Submit. 8. The device you just added displays at the bottom of the Digi Navigator screen. You can click Refresh to update the screen until the device appears.
  • Page 159 Manage the RealPort configured Digi device list After you have enabled and configured RealPort on at least one Digi device, a list of configured devices displays at the bottom of the Digi Navigator. You can refresh the list and easily access the COM port configuration on your computer.
  • Page 160 Click Login. Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to determine the types of Digi devices you want to display. Only the devices that are powered on and are discoverable are included.

  • Page 161: Advanced Realport Configuration Without Using The Digi Navigator

    Serial port Advanced RealPort configuration without using the Digi Navigator 4. In the Device Filters section, a list of the Digi device types display. All types are disabled by default, and when all are disabled, all types are displayed. 5. To filter the types that are displayed, click the enable slider for the types you want to display.

  • Page 162: Windows Operating System

    Serial port Advanced RealPort configuration without using the Digi Navigator Windows Operating System This method can be used if your computer has a Windows OS installed and you choose not to use the Digi Navigator to discover devices and configure RealPort.
  • Page 163 1. Navigate to the downloaded Realport .zip file. 2. Open the .zip file. 3. Click on setup.exe to launch the RealPort wizard. The Welcome to the Digi RealPort Setup Wizard screen displays. 4. If this is not the first time you have run the wizard, select the Add a New Device option. If this is the first time running the wizard, no options are available on the screen.

  • Page 164: Configure The Serial Port For Realport Mode

    Serial port Advanced RealPort configuration without using the Digi Navigator 7. Select the Encrypt Network Traffic check box to enable encrypted network traffic. When you select this option, the TCP Port for Encrypted Traffic field becomes available. 8. The TCP Port for Encrypted Traffic field has a default value of 1027. The entry must match the device's TCP port setting.
  • Page 165 Serial port Advanced RealPort configuration without using the Digi Navigator 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
  • Page 166 Serial port Advanced RealPort configuration without using the Digi Navigator RS-422 Enable Termination if you want to enable electrical termination on this serial port. RS-485 Enable Termination if you want to enable electrical termination on this serial port. Enable Full Duplex if you want to enable full duplex communication on this serial port.
  • Page 167 Serial port Advanced RealPort configuration without using the Digi Navigator 5. Set the sharing mode: (config)> serial port1 sharing value (config)> where value is one of: none: Only the user that opened the port can change the port settings. All other users are rejected.
  • Page 168 Serial port Advanced RealPort configuration without using the Digi Navigator (config)> serial port1 full_duplex true (config)> The default is rs-232. 7. Enable Altpin to use the Altpin feature. Altpin is disabled by default. (config)> serial port1 altpin true (config)> This feature should be enabled when you are using a modem and an 8-pin cable and you need CD (Carrier Detect).

  • Page 169: Configure The Realport Service

    11. Enable TCP Port Keepalive to send TCP keepalive packets. This is disabled by default. 12. Click Apply to save the configuration and apply the change. Show serial status and statistics To show the status and statistics for the serial port: Digi Connect EZ Mini User Guide...

  • Page 170: Review The Serial Port Message Log

    If there is no Log button, the serial port mode selected for the port does not support serial port logging. 5. Review the messages in the window. Click Refresh to refresh the log display. Digi Connect EZ Mini User Guide...
  • Page 171 > system serial clear port-number > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 172: Virtual Private Networks (Vpn)

    Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet Digi Connect EZ Mini User Guide...

  • Page 173: Ipsec

    Diffie-Hellman key exchange. This creates the IKE SAs that are used to encrypt further IKE communications. For IKEv1, there are two modes for the phase 1 negotiation: Main mode and Aggressive mode. IKEv2 does not use these modes. Digi Connect EZ Mini User Guide...

  • Page 174: Authentication

    CA certificate from the signing authority and, if available, a Certificate Revocation List (CRL). Configure an IPsec tunnel Configuring an IPsec tunnel with a remote device involves configuring the following items: Digi Connect EZ Mini User Guide...
  • Page 175 NAT is being used. If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel. The Network Address Translation (NAT) keep alive time. The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH). Digi Connect EZ Mini User Guide...
  • Page 176 The lifetime margin, a randomizing amount of time before the IPsec tunnel is renegotiated.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 177 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. Digi Connect EZ Mini User Guide...
  • Page 178 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. Digi Connect EZ Mini User Guide...
  • Page 179 IP address, from the remote peer. 19. Click to expand Local endpoint. a. For Type, select either: Default route: Uses the same network interface as the default route. Interface: Select the Interface to be used as the local endpoint. Digi Connect EZ Mini User Guide...
  • Page 180 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. Digi Connect EZ Mini User Guide...
  • Page 181 Serial number: The device's serial number will be used as the ID and sent as a ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. Digi Connect EZ Mini User Guide...
  • Page 182 Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. Digi Connect EZ Mini User Guide...
  • Page 183 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. Digi Connect EZ Mini User Guide...
  • Page 184 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 185 Zone: The firewall zone assigned to this IPsec tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Default value: ipsec Current value: ipsec (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ Mini User Guide...
  • Page 186 (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: esp (Encapsulating Security Payload): Provides encryption as well as authentication and integrity. ah (Authentication Header): Provides authentication and integrity only. Digi Connect EZ Mini User Guide...
  • Page 187 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: (config vpn ipsec tunnel ipsec_example)> auth peer_public_key key (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ Mini User Guide...
  • Page 188 Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> b. Set the XAUTH client username: (config vpn ipsec tunnel ipsec_example)> xauth_client username name (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ Mini User Guide...
  • Page 189 (config vpn ipsec tunnel ipsec_example)> ipv6: The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. Digi Connect EZ Mini User Guide...
  • Page 190 Randomly selects an IPsec peer to connect to from the hostname list. priority: Selects the first hostname in the list that is resolvable. c. Set the ID type: (config vpn ipsec tunnel ipsec_example)> remote id type value (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ Mini User Guide...
  • Page 191 The device's MAC address will be used for the Key ID and sent as an ID_KEY_ID IKE identity. serial_number: The ID device's serial number will be used for the Key ID and sent as an ID_KEY_ID IKE identity. Digi Connect EZ Mini User Guide...
  • Page 192 (config vpn ipsec tunnel ipsec_example)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set phase1_lifetime to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...
  • Page 193 Set the type of encryption to use during phase 1: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 Digi Connect EZ Mini User Guide...
  • Page 194 Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> The default is modp2048. v. (Optional) Add additional phase 1 proposals: Digi Connect EZ Mini User Guide...
  • Page 195 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of: 3des aes128 aes128gcm128 aes128gcm64 aes128gcm96 aes192 aes192gcm128 aes192gcm64 aes192gcm96 aes256 aes256gcm128 aes256gcm64 aes256gcm96 null Digi Connect EZ Mini User Guide...
  • Page 196 (config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)> Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman group for the additional proposal. iii. Repeat to add more phase 2 proposals. Digi Connect EZ Mini User Guide...
  • Page 197 (config vpn ipsec tunnel ipsec_example nat 0)> ... (config)> b. Add a policy: (config)> add vpn ipsec tunnel ipsec_example policy end (config vpn ipsec tunnel ipsec_example policy 0)> c. Set the type of local traffic selector: Digi Connect EZ Mini User Guide...
  • Page 198 (config vpn ipsec tunnel ipsec_example policy 0)> local protocol value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: any: Matches any protocol. tcp: Matches TCP protocol only. udp: Matches UDP protocol only. Digi Connect EZ Mini User Guide...
  • Page 199 Change to the root of the configuration schema: (config vpn ipsec tunnel ipsec_example policy 0)> ... (config)> b. Use the ? to determine available options: (config)> vpn ipsec advanced ? Advanced: Advanced configuration that applies to all IPsec tunnels. Digi Connect EZ Mini User Guide...
  • Page 200 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 201: Configure Ipsec Failover

    For example: Tunnel_1: Metric: 10 Local endpoint > Interface: ETH2 Remote endpoint > Hostname: 192.168.10.1 SureLink configuration: Restart Interface enabled Test target: Test type: Ping test Ping host: 192.168.10.2 Tunnel_2: Digi Connect EZ Mini User Guide...
  • Page 202 Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).    Command line Digi Connect EZ Mini User Guide...
  • Page 203 (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. Digi Connect EZ Mini User Guide...

  • Page 204: Configure Surelink Active Recovery For Ipsec

    To configure the Connect EZ device to regularly probe the IPsec connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
  • Page 205 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 206 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect EZ Mini User Guide...
  • Page 207 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect EZ Mini User Guide...
  • Page 208 Reset modem: This recovery action is available for WWAN interfaces only. If Reset modem is selected, complete the following: Attempts: The number of attempts for this recovery action to perform, before moving to the next recovery action. Digi Connect EZ Mini User Guide...
  • Page 209 SureLink testing begins. This setting is bypassed when the interface is determined to be Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Delayed start to ten minutes, enter 10m or 600s. Digi Connect EZ Mini User Guide...
  • Page 210 To add additional tests: a. Add a test: (config vpn ipsec tunnel ipsec_example)> add surelink tests end (config vpn ipsec tunnel ipsec_example surelink tests 1)> b. New tests are enabled by default. To disable: Digi Connect EZ Mini User Guide...
  • Page 211 1)> ping_size int (config vpn ipsec tunnel ipsec_example surelink tests 1)> dns: Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: Digi Connect EZ Mini User Guide...
  • Page 212 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. Digi Connect EZ Mini User Guide...
  • Page 213 The IPv4 connection must be up. ipv6: The IPv6 connection must be up. The status required for the test to past. (config vpn ipsec tunnel ipsec_example surelink tests 1)> other_status value (config vpn ipsec tunnel ipsec_example surelink tests 1)> Digi Connect EZ Mini User Guide...
  • Page 214 Set the type of recovery action. If multiple recovery actions are configured, they are performed in the order that they are listed. The command varies depending on whether the interface is a WAN or WWAN: Digi Connect EZ Mini User Guide...
  • Page 215 Set the number of attempts for this recovery action to perform, before moving to the next recovery action: (config vpn ipsec tunnel ipsec_example surelink actions 0)> max_attempts int (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Digi Connect EZ Mini User Guide...
  • Page 216 This recovery action is available for WWAN interfaces only. If modem_power_cycle is selected, complete the following: Set the number of attempts for this recovery action to perform, before moving to the next recovery action: Digi Connect EZ Mini User Guide...
  • Page 217 (config network interface my_wan surelink actions 0)> custom_ action_commands_modem "string" (config network interface my_wan surelink actions 0)> Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect EZ Mini User Guide...
  • Page 218 (config)> vpn ipsec tunnel ipsec_example surelink timeout value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...
  • Page 219 (config)> vpn ipsec tunnel ipsec_example surelink advanced interface_ gateway hostname/IP_address (config)> 8. Save the configuration and apply the change: (config vpn ipsec tunnel ipsec_example connection_monitor target 0)> save Configuration saved. > Digi Connect EZ Mini User Guide...

  • Page 220: Show Ipsec Status And Statistics

    : tunnel Type : esp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 221: Debug An Ipsec Configuration

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 222: Configure A Simple Certificate Enrollment Protocol Client

    The challenge password provided by the SCEP server that the SCEP client will use when making SCEP requests. The distinguished name to be used for the CSR. Additional configuration The number of days that the certificate enrollment can be renewed, prior to the request expiring. Digi Connect EZ Mini User Guide...
  • Page 223 Virtual Private Networks (VPN) IPsec    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 224 16. For Encryption Algorithm, select the PKCS#7 encryption algorithm. The default is Auto, which automatically selects the best algorithm. 17. For Signature Algorithm, select the PKCS#7 signature algorithm. The default is Auto, which automatically selects the best algorithm. Digi Connect EZ Mini User Guide...
  • Page 225 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ Mini User Guide...
  • Page 226 (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: (config network scep_client scep_client_name)> distinguished_name c value (config network scep_client scep_client_name)> c. Set the State or Province: Digi Connect EZ Mini User Guide...
  • Page 227 The default is url. c. If type is set to url, set the URL that should be used: (config network scep_client scep_client_name)> crl url value (config network scep_client scep_client_name)> 11. Configure certificate renewal: Digi Connect EZ Mini User Guide...
  • Page 228 This value is configured on the SCEP server, and is used by the Connect EZ device to determine when to start attempting to auto-renew an existing certificate. The default is 7. (config network scep_client scep_client_name)> renewable_time integer (config network scep_client scep_client_name)> Digi Connect EZ Mini User Guide...

  • Page 229: Example: Scep Client Configuration With Fortinet Scep Server

    Click Enable SCEP if it is not enabled. c. For Default enrollment password, enter a password. The password entered here must correspond to the challenge password configured for the SCEP client on the Connect EZ device. Digi Connect EZ Mini User Guide...
  • Page 230 Connect EZ configuration On the Connect EZ device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 231 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi Connect EZ Mini User Guide...
  • Page 232 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 233 (config network scep_client Fortinet_SCEP_client)> distinguished_name dc value (config network scep_client Fortinet_SCEP_client)> b. Set the two letter Country Code: (config network scep_client Fortinet_SCEP_client)> distinguished_name c value (config network scep_client Fortinet_SCEP_client)> c. Set the State or Province: Digi Connect EZ Mini User Guide...

  • Page 234: Show Scep Client Status And Information

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. Digi Connect EZ Mini User Guide...
  • Page 235 Issuer : CN=TA-SCEP-1-CA Serial : 1100000002A1E755981C0C3F34000000000002 Expiry : Apr 25 13:42:47 2023 GMT Certificate Authority Certificate {2} ------------------------------------- Subject : C=US,CN=TA-SCEP-1-MSCEP-RA Issuer : CN=TA-SCEP-1-CA Serial : 1100000003268AFB5E98BFCA73000000000003 Expiry : Apr 25 13:42:48 2023 GMT Digi Connect EZ Mini User Guide...
  • Page 236 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 237: Openvpn

    OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect EZ device supports two mechanisms for configuring an OpenVPN server in TAP mode: Digi Connect EZ Mini User Guide...

  • Page 238: Configure An Openvpn Server

    If username and password authentication is used, you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificates and keys: The CA certificate (usually in a ca.crt file). The Public key (for example, server.crt) Digi Connect EZ Mini User Guide...
  • Page 239 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 240 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Digi Connect EZ Mini User Guide...
  • Page 241 Click Enable to enable the use of additional OpenVPN parameters. b. Click Override if the additional OpenVPN parameters should override default options. c. For OpenVPN parameters, type the additional OpenVPN parameters. 12. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 242 (config vpn openvpn server name)> address ip_address/netmask (config vpn openvpn server name)> b. Set the firewall zone for the OpenVPN server. For TUN device types, this should be set to internal to treat clients as LAN devices. Digi Connect EZ Mini User Guide...
  • Page 243 1 and 255. The number entered here will represent the last client IP address. For example, if address is set to 192.168.1.1/24 and server_last_ip is set to 99, the last client IP address will be 192.168.1.80. The default is from 80. Digi Connect EZ Mini User Guide...
  • Page 244 Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> iv. Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: Digi Connect EZ Mini User Guide...
  • Page 245 To limit access based on firewall zones: (config vpn openvpn server name)> add acl zone end value (config vpn openvpn server name)> Where value is a firewall zone defined on your device, or the any keyword. Digi Connect EZ Mini User Guide...
  • Page 246 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 247: Configure An Openvpn Authentication Group And User

       Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 248 Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. Digi Connect EZ Mini User Guide...
  • Page 249 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 250 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 251: Configure An Openvpn Client By Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 252 (config vpn openvpn client name)> where name is the name of the OpenVPN server. The OpenVPN client is enabled by default. To disable the client, type: (config vpn openvpn client name)> enable false (config vpn openvpn client name)> Digi Connect EZ Mini User Guide...
  • Page 253 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 254: Configure An Openvpn Client Without Using An .Ovpn File

    Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 255 Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. Digi Connect EZ Mini User Guide...
  • Page 256 (config vpn openvpn client name)> zone value (config vpn openvpn client name)> To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Digi Connect EZ Mini User Guide...
  • Page 257 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name)> public_cert value (config vpn openvpn client name)> 13. Paste the contents of the private key (for example, client.key) into the value of the private_ key parameter: Digi Connect EZ Mini User Guide...

  • Page 258: Configure Surelink Active Recovery For Openvpn

    The number of probe attempts before the OpenVPN connection is considered to have failed. The amount of time that the device should wait for a response to a probe attempt before considering it to have failed. Digi Connect EZ Mini User Guide...
  • Page 259 To configure the Connect EZ device to regularly probe the OpenVPN connection:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 260 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi Connect EZ Mini User Guide...
  • Page 261 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi Connect EZ Mini User Guide...
  • Page 262 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: Digi Connect EZ Mini User Guide...
  • Page 263 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect EZ Mini User Guide...
  • Page 264 (config)> vpn openvpn client openvpn_client1 (config vpn openvpn client openvpn_client1)> 4. Enable SureLink: (config vpn openvpn client openvpn_client1)> surelink enable true (config vpn openvpn client openvpn_client1)> Digi Connect EZ Mini User Guide...
  • Page 265 The hostname or IP address of an external server. Set ping_host to the hostname or IP address of the server: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_host hostname/IP_address (config vpn openvpn client openvpn_client1 surelink tests 1)> Digi Connect EZ Mini User Guide...
  • Page 266 For example, to set interface_down_time to ten minutes, enter either 10m or 600s: (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time 600s (config)> Digi Connect EZ Mini User Guide...
  • Page 267 If other is selected, complete the following: Set the interface to test. i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config vpn openvpn client openvpn_client1 surelink tests 1)> other_interface /network/interface/eth1 Digi Connect EZ Mini User Guide...
  • Page 268 (config vpn openvpn client openvpn_client1 surelink actions 0)> d. Create a label for the action: (config vpn openvpn client openvpn_client1 surelink actions 0)> label string (config vpn openvpn client openvpn_client1 surelink actions 0)> Digi Connect EZ Mini User Guide...
  • Page 269 (config vpn openvpn client openvpn_client1 surelink actions 0)> The default is 3. Set the amount that the interface's metric should be increased. This should be set to a number large enough to change the routing table to use another default gateway. Digi Connect EZ Mini User Guide...
  • Page 270 (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> switch_sim: Switches to an alternate SIM. This recovery action is available for WWAN interfaces only. If switch_sim is selected, complete the following: Digi Connect EZ Mini User Guide...
  • Page 271 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> custom_action: Execute custom recovery commands. Digi Connect EZ Mini User Guide...
  • Page 272 Only one test needs to pass for Surelink to consider an interface to be up. all: All tests need to pass for SureLink to consider the interface to be up. Digi Connect EZ Mini User Guide...
  • Page 273 (config)> vpn openvpn client openvpn_client1 surelink advanced backoff_ interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set backoff_interval to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...

  • Page 274: Show Openvpn Server Status And Statistics

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 275: Show Openvpn Client Status And Statistics

    OpenVPN client's status pane.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ Mini User Guide...
  • Page 276 : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 277: Generic Routing Encapsulation (Gre)

    Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 278 (config network interface gre_interface)> device /network/device/loopback (config network interface gre_interface)> 6. Set the IP address and subnet mask of the local GRE endpoint. For example, to set the local GRE endpoint's IP address and subnet mask to 10.10.1.1/24: Digi Connect EZ Mini User Guide...
  • Page 279 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 280 (config vpn iptunnel gre_example)> local /network/interface/gre_endpoint (config vpn iptunnel gre_example)> 6. If type is set to gre, set the IP address of the GRE endpoint on the remote peer: (config vpn iptunnel gre_example)> remote ip_address (config vpn iptunnel gre_example)> Digi Connect EZ Mini User Guide...
  • Page 281 (config vpn iptunnel gre_example)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 282: Show Gre Tunnels

    2. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 3. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane. Digi Connect EZ Mini User Guide...

  • Page 283: Example: Gre Tunnel Over An Ipsec Tunnel

    Remote network set to the IP address of the remote GRE tunnel, 172.30.0.1/32. 2. Create an IPsec endpoint interface named ipsec_endpoint2: a. Zone set to Internal. b. Device set to Ethernet: Loopback. c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.2/32. Digi Connect EZ Mini User Guide...
  • Page 284 Configure the Connect EZ-1 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 285 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add an IPsec tunnel named ipsec_gre1: (config)> add vpn ipsec tunnel ipsec_gre1 (config vpn ipsec tunnel ipsec_gre1)> Digi Connect EZ Mini User Guide...
  • Page 286 (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change: (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > Digi Connect EZ Mini User Guide...
  • Page 287 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 288 Task three: Create a GRE tunnel    Web 1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint1). Digi Connect EZ Mini User Guide...
  • Page 289 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect EZ-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change: (config vpn iptunnel gre_tunnel1)> save Configuration saved. > Digi Connect EZ Mini User Guide...
  • Page 290 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 291 Configure the Connect EZ-2 device Task one: Create an IPsec tunnel    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 292 12. For Type, select Custom network. 13. For Address, type the IP address and subnet of the local GRE tunnel, 172.30.0.2/32. 14. For Remote network, type the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32. Digi Connect EZ Mini User Guide...
  • Page 293 9. Set the remote network address to the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32: (config vpn ipsec tunnel ipsec_gre2 policy 0)> remote network 172.30.0.1/32 (config vpn ipsec tunnel ipsec_gre2 policy 0)> Digi Connect EZ Mini User Guide...
  • Page 294 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 295 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on Connect EZ-1, 172.30.0.1. Digi Connect EZ Mini User Guide...
  • Page 296 Configuration saved. > Task four: Create an interface for the GRE tunnel device    Web 1. Click Network > Interfaces. 2. For Add Interface, type gre_interface2 and click . 3. For Zone, select Internal. Digi Connect EZ Mini User Guide...
  • Page 297 (/vpn/iptunnel/gre_tunnel2): (config network interface gre_interface2)> device /vpn/iptunnel/gre_tunnel2 (config network interface gre_interface2)> 5. Set 172.31.0.2/30 as the virtual IP address on the GRE tunnel: (config network interface gre_interface2)> ipv4 address 172.31.0.2/30 (config network interface gre_interface2)> Digi Connect EZ Mini User Guide...

  • Page 298: Dynamic Multipoint Vpn (Dmvpn)

    GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke Digi Connect EZ Mini User Guide...

  • Page 299: Configure A Dmvpn Spoke

    Configure a DMVPN spoke To configure a DMVPN spoke:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 300 For Address, type the IP address and netmask of the tunnel. The netmask must be set to /32. 5. Configure NHRP: a. Click Network > Routing Services. b. Enable routing services. c. Click to expand NHRP. d. Enable NHRP. e. Click to expand Network. Digi Connect EZ Mini User Guide...
  • Page 301 For AS number, type the autonomous system number for this device. d. For Best path criteria, select Multipath. e. Click to expand Neighbours. f. Click  to add a neighbour. g. For IP address, type the IP address of the hub. Digi Connect EZ Mini User Guide...
  • Page 302 (config vpn iptunnel dmvpn_tunnel)> type multipoint (config vpn iptunnel dmvpn_tunnel)> c. Set the local interface: i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config vpn iptunnel dmvpn_tunnel)> local /network/interface/eth1 (config vpn iptunnel dmvpn_tunnel)> Digi Connect EZ Mini User Guide...
  • Page 303 IP address to 10.20.1.4/32: (config network interface dmvpn_tunnel_interface)> ipv4 address 10.20.1.4/32 (config network interface dmvpn_tunnel_interface)> 5. Configure NHRP: a. Type ... to return to the top level of the configuration schema: (config network interface dmvpn_tunnel_interface)> ... (config)> Digi Connect EZ Mini User Guide...
  • Page 304 (config network interface dmvpn_tunnel_interface)> ... (config)> b. Enable BGP: (config)> network route service bgp enable true (config)> c. Set the autonomous system number for this device. For example, to set the autonomous system number to 66007: Digi Connect EZ Mini User Guide...

  • Page 305: L2Tp

    L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session. Required configuration items For L2TP access concentrators: The hostname or IP address of the L2TP network server. The firewall zone for the tunnel. Digi Connect EZ Mini User Guide...
  • Page 306 Optional configuration data in the format of a pppd options file.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 307 For Add L2TP access concentrator, type a name for the LAC and click . c. LACs are enabled by default. To disable, toggle off Enable. d. For L2TP network server, type the hostname or IP address of the L2TP network server. Digi Connect EZ Mini User Guide...
  • Page 308 None: No authentication is required. Automatic: The device will attempt to connect using CHAP first, and then PAP. CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. Digi Connect EZ Mini User Guide...
  • Page 309 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...
  • Page 310 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ Mini User Guide...
  • Page 311 0 and 65535. The default is 1. g. Set the firewall zone for the tunnel. This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel. Digi Connect EZ Mini User Guide...
  • Page 312 6. To add an L2TP network server: a. Add an LNS: (config)> add vpn l2tp lns name (config add vpn l2tp lac name)> where name is the name of the LNS. For example, to add an LNS named lns_server: Digi Connect EZ Mini User Guide...
  • Page 313 If auto, chap, pap or mschapv2 is selected, enter the Username and Password required to authenticate: (config vpn l2tp lns lns_server)> username username (config vpn l2tp lns lns_server)> password password (config vpn l2tp lns lns_server)> The default is none. Digi Connect EZ Mini User Guide...
  • Page 314 (config vpn l2tp lns lns_server)> custom override true (config vpn l2tp lns lns_server)> iii. Paste or type the configuration data in the format of a pppd options file: (config vpn l2tp lns lns_server)> custom config_file data (config vpn l2tp lns lns_server)> Digi Connect EZ Mini User Guide...

  • Page 315: L2Tp With Ipsec

    2. On the menu, select Status. Under VPN, select L2TP > Network Servers. The L2TP Network Servers page appears. 3. To view configuration details about an L2TP network server, click the  (configuration) icon in the upper right of the tunnel's status pane.    Command line Digi Connect EZ Mini User Guide...
  • Page 316 2. To display details about all configured L2TP access connectors, type the following at the prompt: > show l2tp lns Name Enabled Status Device --------- ------- ------ ----------- lns_test1 true test_device0 lns_test2 true pending > Digi Connect EZ Mini User Guide...

  • Page 317: L2Tpv3 Ethernet

    Encapsulation type. If UDP is selected: The ID for the tunnel. The ID of the peer's tunnel. Determine whether to enable UDP checksum. The session cookie. The peer session cookie. The Layer2SpecificHeader type. The Sequence numbering control.    Web Digi Connect EZ Mini User Guide...
  • Page 318 Virtual Private Networks (VPN) L2TPv3 Ethernet 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 319 (config vpn l2tpeth L2TPv3_example)> 6. Set the tunnel identifier for this tunnel. This must match the value for peer tunnel ID on the remote peer. (config vpn l2tpeth L2TPv3_example)> tunnel_id value (config vpn l2tpeth L2TPv3_example)> Digi Connect EZ Mini User Guide...
  • Page 320 (config vpn l2tpeth L2TPv3_example session_example)> where value is any integer between 1 and 4294967295. 12. (Optional) Set the cookie value to be assigned to the session. (config vpn l2tpeth L2TPv3_example session_example)> cookie value (config vpn l2tpeth L2TPv3_example session_example)> Digi Connect EZ Mini User Guide...

  • Page 321: Show L2Tpv3 Tunnel Status

    2. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears. 3. To view configuration details about an L2TPV3 tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.    Command line Digi Connect EZ Mini User Guide...
  • Page 322 TX Byptes : 3,120 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...
  • Page 323 Configure telnet access Configure DNS Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi Connect EZ Mini User Guide...

  • Page 324: Allow Remote Access For Web Administration And Ssh

    Add the External firewall zone to the web administration service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 325 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Add the External firewall zone to the SSH service Digi Connect EZ Mini User Guide...
  • Page 326 Services Allow remote access for web administration and SSH    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 327: Configure The Web Administration Service

    An SSL certificate to use for communications with the service. Support for legacy encryption protocols. Set the idle timeout for Connect EZ users for information about setting the inactivity timeout for the web administration services. Digi Connect EZ Mini User Guide...
  • Page 328 Services Configure the web administration service Digi Connect EZ Mini User Guide...
  • Page 329 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 330 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 331 If SSL certificate is blank, the device will use an automatically-generated, self- signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA ECDH Note Password-protected certificate keys are not supported. Example: Digi Connect EZ Mini User Guide...
  • Page 332 2. At the command line, type config to enter configuration mode: > config (config)> 3. Configure access control: To limit access to specified IPv4 addresses and networks: (config)> add service web_admin acl address end value (config)> Where value can be: Digi Connect EZ Mini User Guide...
  • Page 333 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge Digi Connect EZ Mini User Guide...
  • Page 334 Paste the contents of certificate.pem and key.pem into the service web_admin cert command. Enclose the contents of certificate.pem and key.pem in quotes. For example: (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ Digi Connect EZ Mini User Guide...
  • Page 335 DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service web_admin mdns enable true (config> Digi Connect EZ Mini User Guide...
  • Page 336 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 337: Configure Ssh Access

    The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 338 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 339 To limit access based on firewall zones: a. Click Zones. b. For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. Digi Connect EZ Mini User Guide...
  • Page 340 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...
  • Page 341 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ Mini User Guide...
  • Page 342 SSH configuration. If override is set to false, entries in Configuration file will be added to the standard SSH configuration. The default is false. c. Set the configuration settings: (config)> service ssh custom config_file value (config)> Digi Connect EZ Mini User Guide...
  • Page 343 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 344: Use Ssh With Key Authentication

    SSH service to allow SSH access for the External firewall zone.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 345 SSH key, which you can enter by pasting or typing a public encryption key that this user can use for passwordless SSH login 4. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...
  • Page 346 Use SSH with key authentication 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 347: Configure Telnet Access

    The telnet service is disabled by default. To enable the service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 348 Type quit to disconnect from the device. Configure the service    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 349 For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. Digi Connect EZ Mini User Guide...
  • Page 350 (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: Repeat this step to list additional interfaces. Digi Connect EZ Mini User Guide...
  • Page 351 5. (Optional) Set the port number for this service. The default setting of 23 normally should not be changed. (config)> service telnet port 25 (config)> 6. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...

  • Page 352: Configure Dns

    192.168.210.1 IP address. To configure the DNS server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 353 To disable, click to toggle off Query all servers. 7. (Optional) Rebind protection, if enabled, prevents upstream DNS servers from returning private IP addresses. To enable, click Rebind protection. Digi Connect EZ Mini User Guide...
  • Page 354 No limit to IPv4 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add service dns acl address6 end value (config)> Where value can be: Digi Connect EZ Mini User Guide...
  • Page 355 Repeat this step to include additional firewall zones. 4. (Optional) Cache negative responses By default, the device's DNS server caches negative responses. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers Digi Connect EZ Mini User Guide...
  • Page 356 (Optional) Set a label for this DNS server: (config service dns server 0)> label label (config service dns server 0)> 9. (Optional) Add host names and their IP addresses that the device's DNS server will resolve Digi Connect EZ Mini User Guide...

  • Page 357: Show Dns Server

    Type admin to access the Admin CLI. 2. Use the show dns command at the system prompt: > show dns Interface Label Server Domain --------- ----- ------------------------ ------ eth1 192.168.3.1 eth1 fd00:2704::1 eth1 fe80::227:4ff:fe2b:ae12 eth1 fe80::227:4ff:fe44:105b eth1 fe80::240:ffff:fe80:23b0 > Digi Connect EZ Mini User Guide...
  • Page 358 Services Configure DNS 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 359: Simple Network Management Protocol (Snmp)

    To configure the SNMP agent on your Connect EZ device:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 360 For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. Digi Connect EZ Mini User Guide...
  • Page 361 (config)> add service snmp acl address6 end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 2001:db8::/48. any: No limit to IPv6 addresses that can access the SNMP service. Digi Connect EZ Mini User Guide...
  • Page 362 (config)> Repeat this step to include additional firewall zones. 5. Set the name of the user that will be used to connect to the SNMP agent. (config)> service snmp username name (config)> Digi Connect EZ Mini User Guide...

  • Page 363: Download Mibs

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Download MIBs This procedure is available from the WebUI only. Required configuration items Enable SNMP. Digi Connect EZ Mini User Guide...
  • Page 364 3. On the main menu, click Status. Under Services, click SNMP. Note If you have recently enabled SNMP and the SNMP option is not visible, refresh your browser. The SNMP page is displayed. 4. Click Download. Digi Connect EZ Mini User Guide...

  • Page 365: Location Information

    Configure the location service Configure the device to use a user-defined static location Configure the device to accept location messages from external sources Forward location information to a remote host Configure geofencing Show location information Digi Connect EZ Mini User Guide...

  • Page 366: Configure The Location Service

    The location service is enabled by default. You can disable it, or you can enable it if it has been disabled.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 367 For example, to set interval to ten minutes, enter either 10m or 600s: (config)> service location interval 600s (config)> The default is 10 seconds. 5. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...

  • Page 368: Configure The Device To Use A User-Defined Static Location

    You can configured your Connect EZ device to use a user-defined static location.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 369 (config service location source 0 coordinates altitude alt (config service location source 0)> Where alt is an integer followed by m or km, for example, 100m or 1km. 9. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...

  • Page 370: Configure The Device To Accept Location Messages From External Sources

    To configure the device to accept location messages from external sources:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 371 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...
  • Page 372 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ Mini User Guide...
  • Page 373 (config)> save Configuration saved. > 2. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 374: Forward Location Information To A Remote Host

    Configure the Connect EZ device to forward location information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 375 To add a message type: a. For Add NMEA filter or Add TAIP filter, click . b. Select the filter type. Allowed values are: AL: Reports altitude and vertical velocity. CP: Compact position: reports time, latitude, and longitude. Digi Connect EZ Mini User Guide...
  • Page 376 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a remote host to which location messages will be sent: (config)> add service location forward end (config service location forward 0)> Digi Connect EZ Mini User Guide...
  • Page 377 (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Format: Default Default value: Default Digi Connect EZ Mini User Guide...
  • Page 378 Reports time, position, and fix related data. gll: Reports position data: position fix, time of position fix, and status. gsa: Reports GPS DOP and active satellites. gsv: Reports the number of SVs in view, PRN, elevation, azimuth, and SNR. Digi Connect EZ Mini User Guide...
  • Page 379 Position/velocity: reports the latitude, longitude, and heading. To remove a message type: a. Use the show command to determine the index number of the message type to be deleted: (config service location forward 0)> show filter_taip 0 al 1 cp Digi Connect EZ Mini User Guide...
  • Page 380 (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 381: Configure Geofencing

    Whether the script should be executed within a sandbox that will prevent the script from affecting the system itself. Additional configuration items Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.    Web Digi Connect EZ Mini User Guide...
  • Page 382 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 383 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 384 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: Digi Connect EZ Mini User Guide...
  • Page 385 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 386 If boundary is set to circular : a. Set the latitude and longitude of the center point of the circle: (config service location geofence test_geofence)> center latitude (config service location geofence test_geofence)> center longitude Digi Connect EZ Mini User Guide...
  • Page 387 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int (config service location geofence test_geofence coordinates 1)> Digi Connect EZ Mini User Guide...
  • Page 388 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 389 Add the action: (config)> add service location geofence test_geofence on_entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value Digi Connect EZ Mini User Guide...
  • Page 390 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> Digi Connect EZ Mini User Guide...
  • Page 391 (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> Digi Connect EZ Mini User Guide...
  • Page 392 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: Digi Connect EZ Mini User Guide...

  • Page 393: Show Location Information

    > show location Location Status --------------- State : enabled Source : 192.168.2.3 Latitude : 44* 55' 14.809" N (44.92078) Longitude : 93* 24' 47.262" w (-93.413128) Altitude : 279 meters Digi Connect EZ Mini User Guide...

  • Page 394: Modbus Gateway

    Modbus gateway allows for communication between buses and networks that use the Modbus protocol. This section contains the following topics: Configure the Modbus gateway Show Modbus gateway status and statistics Digi Connect EZ Mini User Guide...

  • Page 395: Configure The Modbus Gateway

    Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi Connect EZ Mini User Guide...
  • Page 396 Whether packets should have their Modbus address adjusted downward before to delivery.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 397 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...
  • Page 398 10. Repeat these steps to configure additional servers. Configure clients 1. Click to expand Clients. 2. For Add Modbus client, type a name for the client and click . The new Modbus gateway client configuration is displayed. Digi Connect EZ Mini User Guide...
  • Page 399 To limit access to specified IPv4 addresses and networks: a. Click IPv4 Addresses. b. For Add Address, click . c. For Address, enter the IPv4 address or network that can access the device's web administration service. Allowed values are: Digi Connect EZ Mini User Guide...
  • Page 400 For example, to have this client filter for incoming messages that contain the Modbus address of 10, type 10. To filter for all messages with addresses in the range of 20 to 30, type 20-30. To add additional address filters for this client, click . Digi Connect EZ Mini User Guide...
  • Page 401 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable the Modbus gateway: (config)> service modbus_gateway enable true (config)> Digi Connect EZ Mini User Guide...
  • Page 402 The default is rtu. iv. Set the maximum allowable time between bytes in a packet: (config service modbus_gateway server test_modbus_server)> socket idle_gap value (config service modbus_gateway server test_modbus_server)> Digi Connect EZ Mini User Guide...
  • Page 403 (config service modbus_gateway server test_modbus_server)> ii. Set the packet mode: (config service modbus_gateway server test_modbus_server)> serial packet_mode value (config service modbus_gateway server test_modbus_server)> where value is either rtu or ascii. The default is rtu. Digi Connect EZ Mini User Guide...
  • Page 404 The default is socket. If connection_type is set to socket: i. Set the IP protocol: (config service modbus_gateway client test_modbus_client)> socket protocol value (config service modbus_gateway client test_modbus_client)> where value is either tcp or udp. Digi Connect EZ Mini User Guide...
  • Page 405 (config service modbus_gateway client test_modbus_client)> vi. Set the hostname or IP address of the remote host on which the Modbus server is running: (config service modbus_gateway client test_modbus_client)> remote_host ip_address|hostname (config service modbus_gateway client test_modbus_client)> Digi Connect EZ Mini User Guide...
  • Page 406 (config service modbus_gateway client test_modbus_client)> serial half_duplex true (config service modbus_gateway client test_modbus_client)> d. (Optional) Enable the gateway to send broadcast messages to this client: (config service modbus_gateway client test_modbus_client)> broadcast true (config service modbus_gateway client test_modbus_client)> Digi Connect EZ Mini User Guide...
  • Page 407 (config service modbus_gateway client test_modbus_client)> Leave at the default setting of 0 to allow messages that match the Modbus address filter to be forwarded to devices based on the Modbuss address in the message. Digi Connect EZ Mini User Guide...

  • Page 408: Show Modbus Gateway Status And Statistics

    2. On the menu, select Status > Modbus Gateway. The Modbus Gateway page appears. Statistics related to the Modbus gateway server are displayed. If the message Server connections not available is displayed, this indicates that there are no connected clients. Digi Connect EZ Mini User Guide...
  • Page 409 > show modbus-gateway verbose Client Uptime -------------------- ------ modbus_socket_41 modbus_socket_21 modbus_serial_client Common Statistics ----------------- Configuration Updates Client Configuration Failure Server Configuration Failure Configuration Load Failure Incoming Connections Internal Error Digi Connect EZ Mini User Guide...
  • Page 410 ---------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests modbus_serial_client -------------------- Address Translation Errors Connection Errors Packet Errors RX Responses RX Timeouts TX Broadcasts TX Requests > Digi Connect EZ Mini User Guide...
  • Page 411 Services Modbus gateway 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 412: System Time

    Additional Configuration Options Additional upstream NTP servers.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 413 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your Connect EZ device. The default is UTC. Digi Connect EZ Mini User Guide...
  • Page 414 See Configure the device as an NTP server for more information about NTP server configuration. 5. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...
  • Page 415 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Synchronize the device's local date and time: > system time synch 24 Aug 22:03:55 ntpdate[2520]: step time server 52.2.40.158 offset - Digi Connect EZ Mini User Guide...

  • Page 416: Manually Set The System Date And Time

    NTP clock filter and selection algorithms are applied to select the best of these. Configure the device as an NTP server for information about configuring your device as an NTP server. Digi Connect EZ Mini User Guide...

  • Page 417: Configure The Device As An Ntp Server

    The time zone setting, if the default setting of UTC is not appropriate. To configure the Connect EZ device's NTP service:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 418 For Server, type a new server name. To add an NTP server: a. Click NTP servers. b. For Add Server, click . c. For Server, enter the hostname of the upstream NTP server that the device will use to synchronize its time. Digi Connect EZ Mini User Guide...
  • Page 419 (config)> add service ntp server end time.server.com (config)> To add the NTP server in another location in the list, use an index value to indicate the appropriate position. For example: (config)> add service ntp server 1 time.server.com (config)> Digi Connect EZ Mini User Guide...
  • Page 420 Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)> add service ntp acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Digi Connect EZ Mini User Guide...
  • Page 421 Timezone: The timezone for the location of this device. This is used to adjust the time for log messages. It also affects actions that occur at a specific time of day. Format: Africa/Abidjan Africa/Accra Africa/Addis_Ababa (config)> Digi Connect EZ Mini User Guide...

  • Page 422: Show Status And Statistics Of The Ntp Server

    : Up Sync Status : Up Remote Refid When Poll Reach Delay Offset Jitter ---------------- ------------- ---- ---- ----- ------ ------ ------ *ec2-52-2-40-158 129.6.15.32 1024 33.570 +1.561 0.991 128.136.167.120 128.227.205.3 1024 43.583 -1.895 0.382 > Digi Connect EZ Mini User Guide...

  • Page 423: Configure A Multicast Route

    To configure a multicast route:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 424 Set the interface. For example: (config service multicast test)> add interface end /network/interface/eth1 (config service multicast test)> c. Repeat for each additional destination interface. 8. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...
  • Page 425 Services Configure a multicast route 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 426: Enable Service Discovery (Mdns)

    Note This feature is enabled by default.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 427 (config)> add service mdns acl address end value (config)> Where value can be: A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the mDNS service. Digi Connect EZ Mini User Guide...
  • Page 428 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback Digi Connect EZ Mini User Guide...

  • Page 429: Use The Iperf Service

    To enable the iPerf3 server:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. Digi Connect EZ Mini User Guide...
  • Page 430 Use the iPerf service 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 431 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...
  • Page 432 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ Mini User Guide...

  • Page 433: Example Performance Test Using Iperf3

    You can disable the service, or you can configure the service to use an access control list to limit the service to specified IP address, interfaces, and/or zones. To enable the iPerf3 server:    Web Digi Connect EZ Mini User Guide...
  • Page 434 Services Configure the ping responder service 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 435 A single IP address or host name. A network designation in CIDR notation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ Mini User Guide...
  • Page 436 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------- ---------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ Mini User Guide...

  • Page 437: Example Performance Test Using Iperf3

    - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. Digi Connect EZ Mini User Guide...
  • Page 438 Develop Python applications Set up the Connect EZ to automatically run your applications Start an interactive Python session Run a Python application at the shell prompt Configure scripts to run manually Start a manual script Digi Connect EZ Mini User Guide...

  • Page 439: Develop Python Applications

    The Connect EZ features a standard Python 3.6 distribution. Python is a dynamic, object-oriented language for developing software applications, from simple programs to complex embedded applications. Digi offers the Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. See Create and test a Python application.

  • Page 440: Set Up The Connect Ez For Python Development

    2. Create and test your application with: PyCharm. You can create, build, and remotely launch your application in the Connect EZ. Your preferred editor and manually transfer the application, install dependencies, and launch the Connect EZ. Digi Connect EZ Mini User Guide...
  • Page 441 Develop Python applications Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.
  • Page 442 """ def handle(self): # self.request is the TCP socket connected to the client self.data = self.request.recv(1024).strip() print("{} wrote:".format(self.client_address[0])) print(self.data) # just send back the same data, but upper-cased self.request.sendall(self.data.upper()) Digi Connect EZ Mini User Guide...
  • Page 443 Create a custom firewall rule    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 444: Python Modules

    The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: LEDs: digidevice.led SMS: digidevice.sms GPS: digidevice.location Digi Remote Manager: digidevice.datapoint digidevice.device_request digidevice.name Device configuration: digidevice.config Command line interface: digidevice.cli Digi Connect EZ Mini User Guide...
  • Page 445 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi Connect EZ Mini User Guide...
  • Page 446 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C >>> 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ Mini User Guide...
  • Page 447 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use the datapoint Python module to upload custom datapoints to Digi Remote Manager. The following characteristics can be defined for a datapoint:...
  • Page 448 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> Digi Connect EZ Mini User Guide...
  • Page 449 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload and datapoint.upload_multiple: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions >...
  • Page 450 4. Use config.load() and the get() method to return the device's configuration: a. Return the entire configuration: >>> from pprint import pprint # use pprint vs. print to make the output easier to read >>> cfg = config.load() >>> pprint(cfg.dump().splitlines()) This returns the device configuration: Digi Connect EZ Mini User Guide...
  • Page 451 # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the config submodule: >>> from digidevice import config >>> Digi Connect EZ Mini User Guide...
  • Page 452 >>> help(config) Help on module acl.config in acl: NAME acl.config - Python interface to ACL configuration (libconfig). 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ Mini User Guide...
  • Page 453 Develop Python applications Use Python to respond to Digi Remote Manager SCI requests The device_request Python module allows you to interact with Digi Remote Manager by using Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices.
  • Page 454 >>> In Remote Manager, you will receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="myTarget" status="0">OK</device_ request> </requests> </device> </data_service> </sci_request> Example: Use digidevice.cli with digidevice.device_request Digi Connect EZ Mini User Guide...
  • Page 455 This can be done from either the WebUI or the command line:    Web i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. ii. Access the device configuration: Remote Manager: i.
  • Page 456 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. ii. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ Mini User Guide...
  • Page 457 Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect EZ local command line as a user with shell access. Digi Connect EZ Mini User Guide...
  • Page 458 <device_request target_name="showSystem"> 8. Click Send. You should receive a response similar to the following: <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model Digi Connect EZ Mini User Guide...
  • Page 459 : Tues, July 18, 2023 10:25:00 : 1.1 Uptime : 4 day, 13 hours, 43 minutes, 22 seconds (395002s) Temperature : 37C Contact : Omar Ahmad Disk ---- Load Average : 0.10, 0.05, 0.00 RAM Usage : 85.176MB/250.484MB(34%) Digi Connect EZ Mini User Guide...
  • Page 460 </sci_request> Help for using Python to respond to Digi Remote Manager  SCI  requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions >...
  • Page 461 5. Use the keys() method to display available keys in the runtime database, and use the get() method to print information from the runtime database: a. Print available keys: >>> print(runt.keys("")) This returns available keys: ['advanced', 'drm', 'firmware', 'location', 'manufacture', 'metrics', 'mm', 'network', 'pam', 'serial', 'system'] Digi Connect EZ Mini User Guide...
  • Page 462 >>> from digidevice import runt >>> 4. Use start() method to open the runtime database: >>> runt.start() >>> 5. Use the set() method to make changes to the runtime database: >>> runt.set("my-variable", "my-value") >>> Digi Connect EZ Mini User Guide...
  • Page 463 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
  • Page 464 As a result, support for this functionality is disabled by default on Remote Manager. Enable support on Digi Remote Manager for uploading custom device names 1. In Remote Manager, click API Explorer. 2. For the HTTP method, select PUT.
  • Page 465 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for uploading the device name to Digi Remote Manager Get help for uploading the device name to Digi Remote Managerby accessing help for digidevice.name: 1.
  • Page 466 7. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Update the location data The location submodule takes a snapshot of the current location and stores it in the runtime database. You can update this snapsot: Digi Connect EZ Mini User Guide...
  • Page 467 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the json submodule: >>> import json Digi Connect EZ Mini User Guide...
  • Page 468 "vertical_velocity": "0.0" >>> 6. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for the digidevice location module Get help for the digidevice location module: Digi Connect EZ Mini User Guide...
  • Page 469 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> Digi Connect EZ Mini User Guide...
  • Page 470 # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the maintenance submodule: >>> from digidevice import maintenance >>> Digi Connect EZ Mini User Guide...
  • Page 471 SMS scripting. Enable the ability to schedule SMS scripting    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 472 Example digidevice.sms script The following example script receives an SMS message and sends a response: #!/usr/bin/python3.10.1 import os import threading import sys from digidevice.sms import Callback, send COND = threading.Condition() Digi Connect EZ Mini User Guide...
  • Page 473 # a CLI command. Send a reponse SMS to the sender before running the command import os import threading import sys from digidevice import cli from digidevice.sms import Callback, send COND = threading.Condition() allowed_incoming_phone_number = '2223334444' def sms_test_callback(sms, info): if info['content.number'] == allowed_incoming_phone_number: print(f"SMS message from {info['content.number']} received") Digi Connect EZ Mini User Guide...
  • Page 474 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect EZ local command line as a user with shell access. Digi Connect EZ Mini User Guide...
  • Page 475 - Firmware update feature (simple implementation, read TODO in cmd_fwupdate) """ import sys import time import paho.mqtt.client as mqtt import json from acl import runt, config from http import HTTPStatus import urllib.request import tempfile Digi Connect EZ Mini User Guide...
  • Page 476 HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): Digi Connect EZ Mini User Guide...
  • Page 477 {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) Digi Connect EZ Mini User Guide...
  • Page 478 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Digi Connect EZ Mini User Guide...

  • Page 479: Set Up The Connect Ez To Automatically Run Your Applications

    The memory available to be used by the script . Whether the script should run one time only. Task one: Upload the application    Web Digi Connect EZ Mini User Guide...
  • Page 480 Connect EZ device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the Connect EZ device, issue the following command: Digi Connect EZ Mini User Guide...
  • Page 481 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 482 If Set Time is selected, specify the time that the script should run in Run time, using the format HH:MM. During system maintenance: The script will run during the system maintenance time window. 7. For Commands, type the commands that will execute the script. Digi Connect EZ Mini User Guide...
  • Page 483 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)> Digi Connect EZ Mini User Guide...
  • Page 484 If set_time is set, set the time that the script should run, using the format HH:MM: (config system schedule script 0)> run_time HH:MM (config system schedule script 0)> maintenance_time: The script will run during the system maintenance time window. Digi Connect EZ Mini User Guide...
  • Page 485 Remove the script from the device and add it again. Make a change to the script. Disable once. 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. Digi Connect EZ Mini User Guide...

  • Page 486: Show Script Information

    Type admin to access the Admin CLI. 2. Use the show scripts command at the system prompt: > show scripts Index Label Enabled Status Run time ----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > Digi Connect EZ Mini User Guide...

  • Page 487: Stop A Script That Is Currently Running

    ----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > Scripts that are currently running have the status of active. 3. Stop the appropriate script: )> system script stop script1 > Digi Connect EZ Mini User Guide...

  • Page 488: Start An Interactive Python Session

    This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ Mini User Guide...

  • Page 489: Run A Python Application At The Shell Prompt

    Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. b. At the command line, use the command to upload the Python application script to the Connect EZ device: Digi Connect EZ Mini User Guide...

  • Page 490: Configure Scripts To Run Manually

    # python /etc/config/scripts/test.py 120 ports storage Configure scripts to run manually You can configure an scripts to be manually run. Required configuration items Upload or create the script. Enable the script. Set the script to run manually. Digi Connect EZ Mini User Guide...

  • Page 491: Task One: Upload The Application

    Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, use the command to upload the Python application script to the Connect EZ device: Digi Connect EZ Mini User Guide...

  • Page 492: Task Two: Configure The Application To Run Automatically

    This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 493 10. Sandbox is enabled by default, which restricts access to the file system and available commands that can be used by the script. This option protects the script from accidentally destroying the system it is running on. Digi Connect EZ Mini User Guide...
  • Page 494 If a Python script is being used, include the full path to the Python script and enclose in quotation marks. For example: Digi Connect EZ Mini User Guide...
  • Page 495 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. (config system schedule script 0)> sandbox true (config system schedule script 0)> 11. Save the configuration and apply the change: (config)> save Configuration saved. > Digi Connect EZ Mini User Guide...

  • Page 496: Start A Manual Script

    2. Determine the name of scripts that are currently running: > show scripts Index Label Enabled Status Run time ----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > 3. Start the script: )> system script start script1 > Digi Connect EZ Mini User Guide...
  • Page 497 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...
  • Page 498 Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for Connect EZ users Example user configuration Digi Connect EZ Mini User Guide...

  • Page 499: User Authentication

    Configures support for LDAP (Lightweight Directory Access Protocol) servers and users. Serial Configures authentication for serial TCP and autoconnect services. configured. User authentication methods Authentication methods determine how users of the Connect EZ device are authenticated. Available authentication methods are: Digi Connect EZ Mini User Guide...
  • Page 500 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect EZ Mini User Guide...

  • Page 501: Add A New Authentication Method

    The types of authentication method to be used: To add an authentication method:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 502 (config)> add auth method 0 auth_type (config)> where auth_type is one of local, radius, tacacs+, or ldap. To add the new authentication method to the end of the list, use the index keyword end: Digi Connect EZ Mini User Guide...

  • Page 503: Delete An Authentication Method

    Type quit to disconnect from the device. Delete an authentication method    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 504: Rearrange The Position Of Authentication Methods

    6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Rearrange the position of authentication methods Digi Connect EZ Mini User Guide...
  • Page 505 For example, the following configuration has Local users as the first method, and RADIUS as the second. To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 506: Authentication Groups

    Connect EZ via ssh, telnet, or the serial console. Shell access is not available if the Allow shell parameter has been disabled. See Disable shell access for more information about the Allow shell parameter. Digi Connect EZ Mini User Guide...
  • Page 507 The preconfigured authentication groups cannot be deleted, but the access rights defined for the group are configurable. This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group Digi Connect EZ Mini User Guide...

  • Page 508: Change The Access Rights For A Predefined Group

    By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 509 WebUI and Admin CLI. The default is full. To disable Admin access for the admin group: (config)> auth group admin acl admin enable false (config)> Shell access: Digi Connect EZ Mini User Guide...

  • Page 510: Add An Authentication Group

    Access rights to query the device for Nagios monitoring. To add an authentication group:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 511 Full access full: provides users of this group with the ability to manage the Connect EZ device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI. The default is Full access full. Digi Connect EZ Mini User Guide...
  • Page 512 (config)> auth group admin acl admin level value (config)> where value is either: full: provides users of this group with the ability to manage the Connect EZ device by using the WebUI or the Admin CLI. Digi Connect EZ Mini User Guide...
  • Page 513 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: (config)> auth group test acl nagios enable true (config)> Digi Connect EZ Mini User Guide...

  • Page 514: Delete An Authentication Group

    These groups cannot be deleted. To delete an authentication group that you have created:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 515 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 516: Local Users

    The default admin user is preconfigured with both Admin and Serial access. You can configure the admin user account to fit with the needs of your environment. This section contains the following topics: Change a local user's password Configure a local user Delete a local user Digi Connect EZ Mini User Guide...

  • Page 517: Change A Local User's Password

    Change a local user's password To change a user's password:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 518 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...

  • Page 519: Configure A Local User

    (-) or periods (.), an alias allows the user to log in using a name that contains special characters. The number of unsuccessful login attempts before the user is locked out of the system. Digi Connect EZ Mini User Guide...
  • Page 520 One-time use eight-digit emergency scratch codes. To configure a local user:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 521 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. a. Click to expand Groups. b. For Add Group, click . Digi Connect EZ Mini User Guide...
  • Page 522 For Login limit, type the number of times that the user is allowed to attempt to log in during the Login limit period. Set Login limit to 0 to allow an unlimited number of login attempts during the Login limit period. Digi Connect EZ Mini User Guide...
  • Page 523 5. Set the user's password. The password must be at least eight characters long and must contain at least one uppercase letter, one lowercase letter, one number, and one special character. (config auth user new_user> password pwd (config auth user new_user)> Digi Connect EZ Mini User Guide...
  • Page 524 (config auth user new_user)> del group n (config auth user new_user)> Where n is index number of the authentication method to be deleted. For example, to delete the serial group as displayed by the example show command, above: Digi Connect EZ Mini User Guide...
  • Page 525 (config auth user new_user 2fa)> disallow_reuse true (config auth user new_user 2fa)> f. For time-based verification only, configure the code refresh interval. This is the amount of time that a code will remain valid. Digi Connect EZ Mini User Guide...
  • Page 526 Change to the user's scratch code node: (config auth user new_user 2fa)> scratch_code (config auth user new_user 2fa scratch_code)> ii. Add a scratch code: (config auth user new_user 2fa scratch_code)> add end code (config auth user new_user 2fa scratch_code)> Digi Connect EZ Mini User Guide...

  • Page 527: Delete A Local User

    Delete a local user To delete a user from your Connect EZ:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 528 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 529: Terminal Access Controller Access-Control System Plus (Tacacs+)

    Connect EZ device prior to configuration. The process of setting up a TACACS+ server varies by the server environment. This section contains the following topics: TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your Connect EZ device to use a TACACS+ server Digi Connect EZ Mini User Guide...

  • Page 530: Tacacs+ User Configuration

    4. Verify that your changes did not introduce any syntax errors: $ sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P If successful, this command will echo the configuration file to standard out. If the command encounters any syntax errors, a message similar to this will display: Digi Connect EZ Mini User Guide...

  • Page 531: Tacacs+ Server Failover And Fallback To Local Authentication

    Enable command authorization, so that the device will communicate with the TACACS+ server to determine if the user is authorized to execute a specific command. Enable command accounting, so that the device will communicate with the TACACS+ server to log commands that the user executes. Digi Connect EZ Mini User Guide...
  • Page 532 Add additional TACACS+ servers in case the first TACACS+ server is unavailable.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 533 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ Mini User Guide...
  • Page 534 (config auth tacacs+ server 0)> hostname hostname|ip-address (config auth tacacs+ server 0)> c. (Optional) Change the default port setting to the appropriate port: (config auth tacacs+ server 0)> port port (config auth tacacs+ server 0)> Digi Connect EZ Mini User Guide...
  • Page 535 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 536: Remote Authentication Dial-In User Service (Radius)

    An example of a RADIUS server is FreeRADIUS. This section contains the following topics: RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your Connect EZ device to use a RADIUS server Digi Connect EZ Mini User Guide...

  • Page 537: Radius User Configuration

    With user authentication methods, you can configure your Connect EZ device to use multiple types of authentication. For example, you can configure both RADIUS authentication and local authentication, so that local authentication can be used as a fallback mechanism if the primary and backup RADIUS Digi Connect EZ Mini User Guide...

  • Page 538: Configure Your Connect Ez Device To Use A Radius Server

    60 seconds. Enable additional debug messages from the RADIUS client.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 539 If you are accessing the Connect EZ device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the Connect EZ device by using ssh, the default value is sshd. Digi Connect EZ Mini User Guide...
  • Page 540 If you are accessing the Connect EZ device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the Connect EZ device by using ssh, the default value is sshd. Digi Connect EZ Mini User Guide...

  • Page 541: Ldap

    LDAP support, the Connect EZ device acts as an LDAP client, which sends user credentials and connection parameters to an LDAP server. The LDAP server then authenticates the LDAP client requests and sends back a response message to the device. Digi Connect EZ Mini User Guide...
  • Page 542 Connect EZ device prior to configuration. The process of setting up a LDAP server varies by the server environment. This section contains the following topics: LDAP user configuration LDAP server failover and fallback to local configuration Configure your Connect EZ device to use an LDAP server Digi Connect EZ Mini User Guide...

  • Page 543: Ldap User Configuration

    $ ldapadd -x -H 'ldap:///' -D 'cn=admin,dc=example,dc=com' -W -f add_ user.ldif adding new entry "uid=john,dc=example,dc=com" 5. Verify that the user has been added by performing an LDAP search: $ ldapsearch -x -LLL -H 'ldap:///' -b 'dc=example,dc=com' uid=john dn: uid=john,dc=example,dc=com objectClass: inetOrgPerson Digi Connect EZ Mini User Guide...

  • Page 544: Ldap Server Failover And Fallback To Local Configuration

    The distinguished name used to search to user base. The group attribute. The number of seconds to wait to receive a message from the server. Add additional LDAP servers in case the first LDAP server is unavailable.    Web Digi Connect EZ Mini User Guide...
  • Page 545 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 546 See Rearrange the position of authentication methods for information about rearranging the position of the methods in the list. 15. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 547 6. Set the distinguished name (DN) that is used to bind to the LDAP server and search for users. Leave this option unset if the server allows anonymous connections. (config)> auth ldap bind_dn dn_value (config)> For example: (config)> auth ldap bind_dn cn=user,dc=example,dc=com (config)> Digi Connect EZ Mini User Guide...
  • Page 548 Add the server: (config)> add auth ldap server end (config auth ldap server 0)> b. Enter the LDAP server's IP address or hostname: (config auth ldap server 0)> hostname hostname|ip-address (config auth ldap server 0)> Digi Connect EZ Mini User Guide...

  • Page 549: Configure Serial Authentication

    This section describes how to configure authentication for serial access.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 550 Uses the remote peer's public certificate to verify. 5. By default, peers with certificates that have been signed by standard Certificate Authorities (CAs) are allowed to authenticate. To disable: (config)> auth serial ca_standard false (config)> Digi Connect EZ Mini User Guide...

  • Page 551: Disable Shell Access

    If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 552 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 553: Set The Idle Timeout For Connect Ez Users

    By default, the Idle timeout is set to 10 minutes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 554 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 555: Example User Configuration

    Goal: To create a user with administrator rights who is authenticated locally on the device.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 556 2. At the command line, type config to enter configuration mode: > config (config)> 3. Verify that the admin group has full administrator rights: (config)> show auth group admin acl admin enable true level full (config)> Digi Connect EZ Mini User Guide...

  • Page 557: Example 2: Radius, Tacacs+, And Local Authentication For One User

    Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the Connect EZ device, user authentication will occur in the following order: Digi Connect EZ Mini User Guide...
  • Page 558 3. The user is authenticated by the Connect EZ device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. Digi Connect EZ Mini User Guide...
  • Page 559 The authentication group on the Connect EZ device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
  • Page 560 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 561 Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a. On the ubuntu machine hosting the TACACS+ server, open the /etc/tacacs+/tac_plus.conf file: $ sudo gedit /etc/tacacs+/tac_plus.conf Digi Connect EZ Mini User Guide...
  • Page 562 (config)> c. Add TACACS+ authentication second place in the list: (config)> add auth method 1 tacacs+(config)> d. Verify that authentication will occur in the correct order: (config)> show auth method 0 radius 1 tacacs+ Digi Connect EZ Mini User Guide...
  • Page 563 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 564: Firewall

    Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure Quality of Service options Web filtering Digi Connect EZ Mini User Guide...

  • Page 565: Firewall Configuration

    To create a zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 566 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add the new zone. For example, to add a zone named my_zone: (config)> add firewall zone my_zone (config firewall zone my_zone)> Digi Connect EZ Mini User Guide...

  • Page 567: Configure The Firewall Zone For A Network Interface

    This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone, Internal, to External.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 568: Delete A Custom Firewall Zone

    You cannot delete preconfigured firewall zones. To delete a custom firewall zone:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 569 The Configuration window is displayed. 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...

  • Page 570: Port Forwarding Rules

    The port or range of ports to which traffic should be forwarded. Additional configuration items A label for the port forwarding rule. The IP version (either IPv4 or IPv6) that incoming network connections must match. The protocols that incoming network connections must match. Digi Connect EZ Mini User Guide...
  • Page 571 To configure a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 572 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type: (config)> add firewall dnat end (config firewall dnat 0)> Digi Connect EZ Mini User Guide...
  • Page 573 (config firewall dnat 0)> For IPv6 addresses: (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)> 9. Set the public-facing port number(s) that network connections must use for their traffic to be forwarded. Digi Connect EZ Mini User Guide...
  • Page 574 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration --------------------------------------------------------------------- --------- dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> Digi Connect EZ Mini User Guide...

  • Page 575: Delete A Port Forwarding Rule

    Delete a port forwarding rule To delete a port forwarding rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 576 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 577: Packet Filtering

    ICMP6 To configure a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 578 Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 579 Packet filtering rules are enabled by default. To disable the rule: (config firewall filter 1)> enable false (config firewall filter 1)> 3. (Optional) Set the label for the rule. (config firewall filter 1)> label "My filter rule" (config firewall filter 1)> Digi Connect EZ Mini User Guide...
  • Page 580 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. Digi Connect EZ Mini User Guide...

  • Page 581: Enable Or Disable A Packet Filtering Rule

    Enable or disable a packet filtering rule To enable or disable a packet filtering rule:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 582: Delete A Packet Filtering Rule

    7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a packet filtering rule To delete a packet filtering rule: Digi Connect EZ Mini User Guide...
  • Page 583 Firewall Packet filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 584: Configure Custom Firewall Rules

    To configure custom firewall rules:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 585 4. (Optional) Instruct the device to override all preconfigured firewall behavior and rely solely on the custom firewall rules: (config)> firewall custom override true (config)> 5. Set the shell command that will execute the custom firewall rules script: (config)> firewall custom rules "shell-command" (config)> Digi Connect EZ Mini User Guide...

  • Page 586: Configure Quality Of Service Options

    These example bindings are disabled by default. Enable the preconfigured bindings    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 587 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...
  • Page 588 Configure Quality of Service options Create a new binding    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 589 If Default is disabled, you must configure at least one rule: i. Click to expand Rule. ii. For Add Rule, click . The QoS binding policy rule configuration window is displayed. Digi Connect EZ Mini User Guide...
  • Page 590 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect EZ Mini User Guide...
  • Page 591 At least one policy is required for each binding. Each policy can contain up to 30 rules. a. Change to the policy node of the configuration: (config firewall qos 2)> policy (config firewall qos 2 policy)> Digi Connect EZ Mini User Guide...
  • Page 592 (config firewall qos 2 policy 0 rule)> ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)> New QoS binding policy rules are enabled by default. To disable: Digi Connect EZ Mini User Guide...
  • Page 593 Source traffic from any address will be matched. Firewall configuration for more information about firewall zones. interface: Only traffic from the selected interface will be matched. Set the interface: Digi Connect EZ Mini User Guide...
  • Page 594 (config network qos 2 policy 0 rule 0)> dst interface /network/interface/eth1 (config network qos 2 policy 0 rule 0)> address: Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: Digi Connect EZ Mini User Guide...

  • Page 595: Web Filtering

    Configure web filtering with Cisco Umbrella Required configuration items Enable web filtering. A Cisco Umbrella account. https://umbrella.cisco.com for information about how to create a Cisco Umbrella account. A 14 day trial account is available. A customer-specific API token. Digi Connect EZ Mini User Guide...
  • Page 596 6. Copy the token. Task two: Configure web filtering    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 597 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, use the command to delete the web-filter-id file, and confirm the deletion: Digi Connect EZ Mini User Guide...

  • Page 598: Configure Web Filtering With Manual Dns Servers

    To configure web filtering with manual DNS servers:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 599 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable web filtering: (config)> firewall web-filter enable true (config)> Digi Connect EZ Mini User Guide...
  • Page 600 Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> Digi Connect EZ Mini User Guide...

  • Page 601: Verify Your Web Filtering Configuration

    Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 602 Linux shell: $ curl -I http://www.internetbadguys.com HTTP/1.1 200 OK Server: Apache Content-Type: text/html; charset=UTF-8 Accept-Ranges: bytes Date: Tues, July 18, 2023 10:25:00 Digi Connect EZ Mini User Guide...

  • Page 603: Show Web Filter Service Information

    ID is a unique ID assigned to the device by Cisco Umbrella. If there is a problem with the device ID, you can clear the ID. See Clear the Cisco Umbrella device ID for instructions. Digi Connect EZ Mini User Guide...
  • Page 604 Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet port Configure the system watchdog Digi Connect EZ Mini User Guide...

  • Page 605: System Administration

    Alt. Firmware Build Date : Tues, July 18, 2023 10:25:00 Bootloader Version : 19.7.23.0-15f936e0ed Current Time : Tues, July 18, 2023 10:25:00 +0000 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C Digi Connect EZ Mini User Guide...

  • Page 606: Configure System Information

    Disk /tmp Usage : 0.007MB/256.0MB(0%) Disk /var Usage : 1.765MB/256.0MB(1%) > Configure system information You can configure information related to your Connect EZ device, such as providing a name and location for the device. Digi Connect EZ Mini User Guide...
  • Page 607 A banner that will be displayed when users access terminal services on the device. To enter system information:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 608: Update System Firmware

    For example, Connect EZ-23.6.1.105.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.

  • Page 609: Certificate Management For Firmware Images

    Update system firmware Certificate management for firmware images The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The Connect EZ device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 610 Newest firmware version available to download is '23.6.1.105' Device firmware update from '23.3.31.129' to '23.6.1.105' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 23.3.31.129...
  • Page 611 Update firmware from a local file    Web 1. Download the Connect EZ operating system firmware from the Digi Support FTP site to your local machine. 2. Log into the Connect EZ WebUI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update.
  • Page 612 Rebooting system > 7. Once the device has rebooted, log into the Connect EZ's command line as a user with Admin access and verify the running firmware version by entering the show system command. Digi Connect EZ Mini User Guide...

  • Page 613: Dual Boot Behavior

      Web 1. Log into the Connect EZ WebUI as a user with Admin access. 2. On the main menu, click System. Under Administration, click Firmware Update. 3. Click Duplicate firmware. 4. Click Duplicate Firmware. Digi Connect EZ Mini User Guide...

  • Page 614: Reboot Your Connect Ez Device

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the prompt, type: > reboot Digi Connect EZ Mini User Guide...

  • Page 615: Schedule Reboots Of Your Device

    Reboot your Connect EZ device Schedule reboots of your device    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 616: Erase Device Configuration And Reset To Factory Defaults

    Deletes all user files including Python scripts. Clears event and system log files. Additionally, if the RESET button is used to erase the configuration, pressing the RESET button a second time immediately after the device has rebooted: Digi Connect EZ Mini User Guide...
  • Page 617 With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
  • Page 618 Password: Use the unique password printed on the bottom label of the device (or the printed label included in the package). c. (Optional) Reset the default password for the admin account. See Change the default password for the admin user for further information. Digi Connect EZ Mini User Guide...

  • Page 619: Custom Factory Default Settings

    Configure the Connect EZ device to use custom factory default settings    Web 1. Log into the Connect EZ WebUI as a user with Admin access. 2. Configure your Connect EZ device to match the desired custom factory default configuration. Digi Connect EZ Mini User Guide...
  • Page 620 5. After the configuration backup file has been downloaded, rename the file to: custom-default-config.bin 6. Upload the file to the device: a. From the main menu, select System > Filesystem. b. Under Default device configuration, click . c. Select the file from your local file system. Digi Connect EZ Mini User Guide...
  • Page 621 2. Wait for the device to reboot. 3. Press the RESET button a second time. You must press the RESET the second time within five minutes of the first in order to clear the custom default configuration. Digi Connect EZ Mini User Guide...

  • Page 622: Locate The Device By Using The Find Me Feature

    3. To deactivate the Find Me feature, type the following at the command prompt: > system find-me off > 4. To determine the status of the Find Me feature, type the following at the command prompt: > system find-me status > Digi Connect EZ Mini User Guide...

  • Page 623: Configuration Files

    You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 624: Save Configuration To A File

    2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 3. In the Configuration backup section: a. (Optional) To encrypt the configuration using a passphrase, for Passphrase (save/restore), enter the passphrase. b. Click SAVE. Digi Connect EZ Mini User Guide...

  • Page 625: Restore The Device Configuration

    /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your Connect EZ device by using a backup from the device, or a backup from a similar device.    Web Digi Connect EZ Mini User Guide...
  • Page 626 IP address of the remote host. username is the name of the user on the remote host. remote-path is the path and filename of the file on the remote host that will be copied to Digi Connect EZ Mini User Guide...
  • Page 627 Connect EZ's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created. For example: > system restore /opt/backup-archive-0040FF800120-23.6.1.105- 19.23.42.bin Digi Connect EZ Mini User Guide...

  • Page 628: Schedule System Maintenance Tasks

    The frequency (daily, weekly, or monthly) that checks for firmware updates will run.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 629 If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. Digi Connect EZ Mini User Guide...
  • Page 630 3. Configure a system maintenance trigger: a. Add a trigger: (config)> add system schedule maintenance trigger end (config)> b. Set the type of trigger: (config add system schedule maintenance trigger)> type value (config)> where value is one of: Digi Connect EZ Mini User Guide...
  • Page 631 If 0 is used, all scheduled tasks will begin at the start time, defined in the previous step. (config system schedule maintenance trigger 0)> length num (config system schedule maintenance trigger 0)> where num is any whole number between 0 and 24. Digi Connect EZ Mini User Guide...
  • Page 632 Type quit to disconnect from the device. 7. (Optional) Configure automated checking for device and modem firmware updates: a. Device firmware update check is enabled by default. This enables to automated checking for device firmware updates. To disable: Digi Connect EZ Mini User Guide...

  • Page 633: Disable Device Encryption

    Disabling device encryption is not available in the WebUI. It can only be performed from the Admin CLI.    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ Mini User Guide...

  • Page 634: Re-Enable Cryptography After It Has Been Disabled

    Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: Digi Connect EZ Mini User Guide...

  • Page 635: Configure The Speed Of Your Ethernet Port

    This will re-enable encryption and leave the device at its factory default setting. Configure the speed of your Ethernet port You can configure the speed of your Connect EZ device's Ethernet port.    Web Digi Connect EZ Mini User Guide...
  • Page 636 System administration Configure the speed of your Ethernet port 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.

  • Page 637: Configure The System Watchdog

    You can configure your Connect EZ device's advanced watchdog to test the system for problems, and to reboot the device when problems are encountered.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 638 (config)> system watchdog interval 600s (config)> The maximum is two days (2d), and the default is five minutes (5m). 5. Set the number of test failures before the system reboots: (config)> system watchdog num_failures int (config)> Digi Connect EZ Mini User Guide...
  • Page 639 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 640: Monitoring

    Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect EZ Mini User Guide...

  • Page 641: Intelliflow

    Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.

  • Page 642: Enable Intelliflow

    The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 643 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 644: Configure Service Types

    For example, to define a service type called "MyService" using ports 9000 and 9001:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 645 4. Set the port number: (config monitoring intelliflow ports 20)> port 9000 (config monitoring intelliflow ports 20)> 5. Set the service type: (config monitoring intelliflow ports 20)> service MyService (config monitoring intelliflow ports 20)> Digi Connect EZ Mini User Guide...

  • Page 646: Configure Domain Name Groups

    Digi.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 647 (config)> add monitoring intelliflow groups end (config monitoring intelliflow groups 1)> 4. Set the domain name: (config monitoring intelliflow groups 1)> domian digi.com (config monitoring intelliflow groups 1)> 5. Set the group name: (config monitoring intelliflow groups 1)> group Digi (config monitoring intelliflow groups 1)>...
  • Page 648 7. Set the port number: (config monitoring intelliflow groups 2)> domain devicecloud.com (config monitoring intelliflow groups 2)> 8. Set the service type: (config monitoring intelliflow groups 2)> group Digi (config monitoring intelliflow groups 2)> 9. Save the configuration and apply the change: (config)> save Configuration saved.

  • Page 649: Use Intelliflow To Display Average Cpu And Ram Usage

    Display more granular information: 1. Click and drag over an area in the chart to zoom into that area and provide more granular information. 2. Release to display the selected portion of the chart: Digi Connect EZ Mini User Guide...

  • Page 650: Use Intelliflow To Display Top Data Usage Information

    1. Log into the Connect EZ WebUI as a user with Admin access. 2. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 3. From the menu, click Status > intelliFlow. Digi Connect EZ Mini User Guide...
  • Page 651 5. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 6. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect EZ Mini User Guide...

  • Page 652: Use Intelliflow To Display Data Usage By Host Over Time

    3. From the menu, click Status > intelliFlow. 4. Click Host Data Usage Over Time. Display more granular information: a. Click and drag over an area in the chart to zoom into that area and provide more granular information. Digi Connect EZ Mini User Guide...

  • Page 653: Configure Netflow Probe

    The number of seconds that a flow is active before it is exported to the NetFlow collectors. The maximum number of simultaneous flows. A label for the NetFlow collector. The port of the NetFlow collector. Additional NetFlow collectors. To probe network traffic and export statistics to NetFlow collectors: Digi Connect EZ Mini User Guide...
  • Page 654 Monitoring Configure NetFlow Probe    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 655 (config)> monitoring netflow protocol version (config)> where version is one of: v5—NetFlow v5 supports IPv4 only. v9—NetFlow v9 supports IPv4 and IPv6. v10—NetFlow v10 (IPFIX) supports both IPv4 and IPv6 and includes IP Flow Information Export (IPFIX). Digi Connect EZ Mini User Guide...
  • Page 656 Add a collector: (config)> add monitoring netflow collector end (config monitoring netflow collector 0)> b. Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> Digi Connect EZ Mini User Guide...
  • Page 657 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...
  • Page 658 Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Digi Remote Manager Configure multiple Connect EZ devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...

  • Page 659: Central Management

    This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 660 HTTP proxy server support. To configure your device's Digi Remote Manager support:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 661 Configure your device for Digi Remote Manager support 3. Click Central management. The Central management configuration window is displayed. Digi Remote Manager support is enabled by default. To disable, toggle off Enable central management. 4. For Service, select Digi Remote Manager.
  • Page 662 Central management Configure your device for Digi Remote Manager support 11. (Optional) For Allowed keep-alive misses, type the number of allowed keep-alive misses. The default is 3. 12. Enable watchdog is used to monitor the connection to remote cloud services. If the connection is down, you can configure the device to restart the connection, or to reboot.
  • Page 663 2. At the command line, type config to enter configuration mode: > config (config)> 3. Digi Remote Manager support is enabled by default. To disable Remote Manager support: (config)> cloud enable false (config)> 4. (Optional) Set the URL for the central management server.
  • Page 664 Central management Configure your device for Digi Remote Manager support Note The Cellular keep-alive interval is not used by the Connect EZ. Any entry is ignored. 7. Set the number of allowed keep-alive misses. Allowed values are any integer between 2 and 64.
  • Page 665 13. (Optional) Configure the Connect EZ device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)> cloud drm sms enable true (config)> b. Set the phone number for Digi Remote Manager: (config)> cloud drm sms destination value (config)> where value is either: Within the US: 12029823370 International: 447537431797 c.

  • Page 666: Collect Device Health Data And Set The Sample Interval

    To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 667 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.

  • Page 668: Enable Event Log Upload To Digi Remote Manager

    Type quit to disconnect from the device. Enable event log upload to Digi Remote Manager You can configure your device to upload the event log to Digi Remote Manager, and configure the interval between event log uploads. To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:...
  • Page 669 Central management Configure your device for Digi Remote Manager support    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.

  • Page 670: Log Into Digi Remote Manager

    1. If you have not already done so, click here to sign up for a Digi Remote Manager account. 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Log into your Digi Remote Manager account.

  • Page 671: Use Digi Remote Manager To View And Manage Your Device

    Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.

  • Page 672: Configure Multiple Connect Ez Devices By Using Digi Remote Manager Configurations

    Configure multiple Connect EZ devices by using Digi Remote Manager configurations Digi recommends you take advantage of Remote Manager configurations to manage multiple Connect EZ devices. A Remote Manager configuration is a named set of device firmware, settings, and file system options.

  • Page 673: View Digi Remote Manager Connection Status

    Central management View Digi Remote Manager connection status Digi Remote Manager provides multiple methods for applying configurations to registered devices. You can also include site-specific settings with a profile to override settings on a device-by-device basis. View Digi Remote Manager connection status To view the current Digi Remote Manager connection status from the local device: ...
  • Page 674 The Connect EZ local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect EZ Mini User Guide...

  • Page 675: File System

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 676: Create A Directory

    160 Aug 25 17:49 temp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 677: Display File Contents

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 678: Move Or Rename A File Or Directory

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type: > mv /etc/config/scripts/test.py /opt/ > Digi Connect EZ Mini User Guide...

  • Page 679: Delete A File Or Directory

    '/etc/config/scripts/test.py'? yes > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 680: Upload And Download Files

    2. On the menu, click System. Under Administration, click File System. The File System page appears. 3. Highlight the directory to which the file will be uploaded and click  to open the directory. 4. Click  (upload). Digi Connect EZ Mini User Guide...

  • Page 681: Upload And Download Files By Using The Secure Copy Command

    To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the Connect EZ device, issue the following command: > scp host 192.168.4.1 user admin remote /home/admin/bin/Connect EZ- 23.6.1.105.bin local /etc/config/scripts to local Digi Connect EZ Mini User Guide...

  • Page 682: Upload And Download Files Using Sftp

    This example uploads firmware from a remote host to the Connect EZ device with an IP address of 192.168.2.1, using the username ahmed: $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> put Connect EZ-23.6.1.105 Uploading Connect EZ-23.6.1.105 to Connect EZ-23.6.1.105 Connect EZ-23.6.1.105 100% 830.4KB/s 00:00 sftp> exit Digi Connect EZ Mini User Guide...
  • Page 683 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit Digi Connect EZ Mini User Guide...
  • Page 684 View system and event logs Configure syslog servers Configure options for the event and system logs Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect EZ Mini User Guide...

  • Page 685: Perform A Speedtest

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Generate a support report To generate and download a support report:    Web Digi Connect EZ Mini User Guide...

  • Page 686: Support Report Overview

    The relevant log files are packaged into a .bin file that can be downloaded from the local (web) UI. For more information about generating support reports, see Generate a support report. Digi Connect EZ Mini User Guide...
  • Page 687 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system Digi Connect EZ Mini User Guide...
  • Page 688 Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report Digi Connect EZ Mini User Guide...
  • Page 689 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) Digi Connect EZ Mini User Guide...

  • Page 690: View System And Event Logs

    2. On the main menu, click System > Logs. The system log displays: 3. Limit the display in the system log by using the Find search tool. 4. Use filters to configure the types of information displayed in the system logs. Digi Connect EZ Mini User Guide...
  • Page 691 Allowed values are critical, warning, info, and debug. For example, to limit the event list to only info messages: > show log filter info Timestamp Type Category Message ---------------- ------- --------- ---------------------------------------- Nov 26 22:01:26 info user name=admin~service=cli~state=opened~remote=192.168.1.2 Digi Connect EZ Mini User Guide...

  • Page 692: View Event Logs

    4. Click  Events to expand the event viewer. 5. Limit the display in the event log by using the Find search tool. 6. Click  to download the event log.    Command line Digi Connect EZ Mini User Guide...
  • Page 693 Allowed values are error, info, and status. For example, to limit the event list to only info messages: > show event table info Timestamp Type Category Message ---------------- ------- --------- ---------------------------------------- Nov 26 22:01:26 info user name=admin~service=cli~state=opened~remote=192.168.1.2 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > Digi Connect EZ Mini User Guide...
  • Page 694 View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 695: Configure Syslog Servers

    You can configure remote syslog servers for storing event and system logs.    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 696 Set the host name or IP address of the server: (config system log remote 0)> server hostname (config system log remote 0)> d. The event categories that will be sent to the server are automatically enabled when the server is enabled. Digi Connect EZ Mini User Guide...

  • Page 697: Configure Options For The Event And System Logs

    30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:    Web Digi Connect EZ Mini User Guide...
  • Page 698 Diagnostics Configure options for the event and system logs 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 699 You should only enable Preserve system logs temporarily to debug issues. Once you are finished debugging, immediately disable Preserve system logs to avoid unnecessary wear to the flash memory. (config)> system log persistent true (config)> Digi Connect EZ Mini User Guide...
  • Page 700 DHCP server: Settings for DHCP server events. Informational events are generated when a lease is obtained or released. Status events report the current list of leases. Parameters Current Value ------------------------------------------------------------------- ------------ info true Enable informational events status true Enable status events Digi Connect EZ Mini User Guide...
  • Page 701 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 702: Analyze Network Traffic

    Example filters for capturing data traffic Capture packets from the command line Stop capturing packets Show captured traffic data Save captured data traffic to a file Download captured data to your PC Clear captured data Digi Connect EZ Mini User Guide...

  • Page 703: Configure Packet Capture For The Network Analyzer

    The frequency with which captured events will be saved. To configure a packet capture configuration:    Web 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 704 Click Ignore this IP address or network if the filter should ignore packets from this IP address/network. By default, is option is disabled, which means that the filter will capture packets from this IP address/network. vi. Click  to add additional IP address/network filters. Digi Connect EZ Mini User Guide...
  • Page 705 Click Ignore this VLAN if the filter should ignore packets that use this port. By default, is option is disabled, which means that the filter will capture packets that use this port. v. Click  to add additional VLAN filters. Digi Connect EZ Mini User Guide...
  • Page 706 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change.    Command line Digi Connect EZ Mini User Guide...
  • Page 707 (config network analyzer name filter address 0)> where value is one of: source: The filter will apply to packets when the IP address/network is the source. destination: The filter will apply to packets when the IP address/network is the destination. Digi Connect EZ Mini User Guide...
  • Page 708 If other is set for the protocol, set the number of the protocol: (config network analyzer name filter protocol 0)> protocol_other value (config network analyzer name filter protocol 0)> where value is an integer between 1 and 255 and represents the the number of the protocol. Digi Connect EZ Mini User Guide...
  • Page 709 To create a filter that either captures or ignores packets from one or more specified MAC addresses: i. Add a new MAC address filter: (config network analyzer name)> add filter mac_address end (config network analyzer name filter mac_address 0)> Digi Connect EZ Mini User Guide...
  • Page 710 By default, is option is set to false, which means that the filter will capture packets from this MAC address. iv. Repeat these steps to add additional VLANs. f. To create a filter using Berkeley Packet Filter (BPF) syntax: Digi Connect EZ Mini User Guide...
  • Page 711 (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set duration to ten minutes, enter either 10m or 600s: Digi Connect EZ Mini User Guide...

  • Page 712: Example Filters For Capturing Data Traffic

    Capture traffic for a particular IP protocol: ip proto protocol where protocol is a number in the range of 1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp. Digi Connect EZ Mini User Guide...

  • Page 713: Capture Packets From The Command Line

    To start packet capture from the command line:    Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ Mini User Guide...

  • Page 714: Stop Capturing Packets

    Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > analyzer stop name ? name: Name of the capture filter to use. Format: test_capture Digi Connect EZ Mini User Guide...

  • Page 715: Show Captured Traffic Data

    Destination MAC Addr : 00:40:D0:13:35:36 Source MAC Addr : fb:03:53:05:11:2f Ethernet Type : IP (0x0800) IP Header IP Version Header Length : 20 bytes : 0x00 Total Length : 40 bytes : 15670 (0x3d36) Digi Connect EZ Mini User Guide...

  • Page 716: Save Captured Data Traffic To A File

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ Mini User Guide...

  • Page 717: Download Captured Data To Your Pc

    The File System page appears. 3. Highlight the analyzer directory and click  to open the directory. 4. Select the saved analyzer report you want to download and click  (download).    Command line Digi Connect EZ Mini User Guide...

  • Page 718: Clear Captured Data

    Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture Digi Connect EZ Mini User Guide...
  • Page 719 Diagnostics Analyze network traffic capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. Digi Connect EZ Mini User Guide...

  • Page 720: Use The Ping Command To Troubleshoot Network Connections

    Enable socket level debugging. dontfragment: Do not fragment probe packets. first_ttl: Specifies with what TTL to start. (Default: 1) gateway: Route the packet through a specified gateway. icmp: Use ICMP ECHO for probes. interface: Specifies the interface. Digi Connect EZ Mini User Guide...
  • Page 721 1. 192/8: The local network of the Connect EZ device. 2. 192.168.8.1: The local network gateway to the Internet. 3. 96/8: Charter Communications, the network provider. 4. 216/8: Google Inc. Stop the traceroute process To stop the traceroute process, enter Ctrl-C. Digi Connect EZ Mini User Guide...

  • Page 722: Digi Connect Ez Regulatory And Safety Statements

    European Community - CE Mark Declaration of Conformity (DoC) Digi has issued Declarations of Conformity for the Connect EZ concerning emissions, EMC, and safety. For more information, see www.digi.com/resources/certifications. Important note Digi customers assume full responsibility for learning and meeting the required guidelines for each country in their distribution market.

  • Page 723: Uk Conformity Assessed (Ukca) Labeling Requirements

    Digi Connect EZ regulatory and safety statements CE and UKCA OEM labeling requirements The CE mark shall consist of the initials “CE” taking the following form: If the CE marking is reduced or enlarged, the proportions given in the above graduated drawing must be respected.

  • Page 724: Rohs Compliance Statement

    RoHS compliance statement RoHS compliance statement All Digi International Inc. products that are compliant with the RoHS Directive (EU Directive 2002/95/EC and subsequent amendments) are marked as RoHS COMPLIANT. RoHS COMPLIANT means that the substances restricted by the EU Directive 2002/95/EC and subsequent amendments...
  • Page 725 At the end of its life this product MUST NOT be mixed with other commercial waste for disposal. Check with the terms and conditions of your supplier for disposal information. Digi International Ltd WEEE Registration number: WEE/HF1515VU Digi Connect EZ Mini User Guide...
  • Page 726 Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference Digi Connect EZ Mini User Guide...

  • Page 727: Command Line Interface

    You can use an open-source terminal software, such as PuTTY or TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.

  • Page 728: Exit The Command Line Interface

    Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. The Admin CLI prompt appears. > Digi Connect EZ Mini User Guide...

  • Page 729: Display Help For Commands And Parameters

    Ping a host. reboot Reboot the system. Remove a file or directory. Copy a file or directory over SSH. show Show instance statistics. SSH login to a remote server system System commands. tail Tail a file. Digi Connect EZ Mini User Guide...

  • Page 730: Display Help For Individual Commands

    Show NTP information. openvpn Show OpenVPN statistics. route Show IP routing information. scep-client Show SCEP client statistics. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. > show Digi Connect EZ Mini User Guide...

  • Page 731: Use The Tab Key Or The Space Bar To Display Abbreviated Help

    (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect EZ Mini User Guide...

  • Page 732: Available Commands

    Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the Connect EZ device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the Connect EZ device and a remote host. Digi Connect EZ Mini User Guide...

  • Page 733: Use The Scp Command

    Copy a file from a remote host to the Connect EZ device To copy a file from a remote host to the Connect EZ device, use the command as follows: > scp host hostname-or-ip user username remote remote-path local local-path to local where: Digi Connect EZ Mini User Guide...

  • Page 734: Display Status And Statistics Using The Show Command

    > scp host 192.168.4.1 user admin remote /home/admin/temp/ local /var/log/support-report-00:40:D0:13:35:36-23-07-18-10:25:00.bin to remote admin@192.168.4.1's password: adminpwd support-report-0040D0133536-23-07-18-10:25:00.bin > Display status and statistics using the show command The Connect EZ show command display status and statistics for various features. Digi Connect EZ Mini User Guide...

  • Page 735: Show Config

    Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C > show network show network command displays status and statistics for network interfaces. > show network Interface Proto Status Address Digi Connect EZ Mini User Guide...

  • Page 736: Device Configuration Using The Command Line Interface

    Display help for the config command from the root Admin CLI prompt Display additional configuration commands, as well as available parameters and values, by entering the question mark (?) character after the config command. 1. For example: > config ? Digi Connect EZ Mini User Guide...
  • Page 737 > config service 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. Parameters Current Value -------------------------------------------------------------------------- enable true Enable [private] Private key Digi Connect EZ Mini User Guide...

  • Page 738: Configuration Mode

    (config)> service ssh enable false (config)> Execute commands by moving through the configuration schema. For example, to disable the ssh service by moving through the configuration and then executing the enable false command: Digi Connect EZ Mini User Guide...

  • Page 739: Save Changes And Exit Configuration Mode

    The commands can be listed by entering a question mark (?) at the config prompt. The following actions are available: Configuration actions Description cancel Discards unsaved configuration Digi Connect EZ Mini User Guide...

  • Page 740: Display Command Line Help In Configuration Mode

    (config)> ? This will display the following help information: (config)> ? Additional Configuration -------------------------------------------------------------------------- application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services system System Digi Connect EZ Mini User Guide...
  • Page 741 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)> service ssh ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> Digi Connect EZ Mini User Guide...
  • Page 742 Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter enable ? to display help for the enable parameter: (config service ssh)> enable ? (config service ssh)> Digi Connect EZ Mini User Guide...

  • Page 743: Move Within The Configuration Schema

    (config service ssh acl zone)> .. (config service ssh acl)> You can also move back multiples nodes in the configuration by typing multiple sets of two periods: (config service ssh acl zone)> ..(config service)> Digi Connect EZ Mini User Guide...

  • Page 744: Manage Elements In Lists

    For example, to add an authentication group to a user that has just been created: 1. Use the show command to verify that the user is not currently a member of any groups: (config)> show auth user new-user group (config)> Digi Connect EZ Mini User Guide...
  • Page 745 Use the move command to reorder elements in a list. For example, to reorder the authentication methods: 1. Use the show command to display current authentication method configuration: (config)> show auth method 0 local 1 tacacs+ 2 radius (config)> Digi Connect EZ Mini User Guide...

  • Page 746: The Revert Command

    Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Revert a subset of configuration changes to the default settings There are two methods to revert a subset of configuration changes to the default settings. Digi Connect EZ Mini User Guide...
  • Page 747 You can also use a combination of both of these methods: 1. Change to the auth node: (config)> auth (config auth)> 2. Enter the revert command with the path set to method: (config auth)> revert method (config auth)> Digi Connect EZ Mini User Guide...

  • Page 748: Enter Strings In Configuration Commands

    (config auth)> b. Enter user to move to the user node: (config auth)> user (config auth user)> c. Create a new user with the username user1: (config auth user)> add user1 (config auth user user1)> Digi Connect EZ Mini User Guide...
  • Page 749 0 port1 shell enable false (config auth user user1)> 6. Add the user to the admin group: (config auth user user1)> add group end admin (config auth user user1)> Digi Connect EZ Mini User Guide...
  • Page 750 (config auth user user1)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ Mini User Guide...

  • Page 751: Command Line Reference

    Digi Connect EZ Mini User Guide...

  • Page 752: Analyzer Clear

    Name of the capture filter to use. path: The path and filename to save captured traffic to. If a relative path is provided, /etc/config/analyzer will be used as the root directory for the path and file. Digi Connect EZ Mini User Guide...

  • Page 753: Analyzer Start

    Clear the DHCP lease for the specified MAC address. Syntax clear dhcp-lease mac ADDRESS Parameters address: 12-digit, colon-delimited MAC address [00:11:22:AA:BB:CC] Copy a file or directory. Syntax cp <source> <destination> [force] Digi Connect EZ Mini User Guide...

  • Page 754: Grep

    Grep the contents of a file. Syntax grep <match> <path> Parameters match: Output all lines in file matching string. path: The file to grep. help Show CLI editing and navigation commands. Syntax help Parameters None Digi Connect EZ Mini User Guide...
  • Page 755 Command line interface Command line reference List a directory. Syntax ls <path> [show-hidden] Parameters path: List files and directories under this path. show-hidden: Show hidden files and directories. Hidden filenames begin with '.'. Digi Connect EZ Mini User Guide...

  • Page 756: Mkdir

    Immediately upload current device health metrics. Functions as if a scheduled upload was triggered. Syntax monitoring metrics upload Parameters None more View a file. Syntax more <path> Parameters path: The file to view. Move a file or directory. Digi Connect EZ Mini User Guide...

  • Page 757: Ping

    The number of ICMP ping requests to send before terminating. (Minimum: 1, Default: 100) broadcast: Enable broadcast ping functionality. poweroff Power off the system. Syntax poweroff Parameters None reboot Reboot the system. Parameters None Digi Connect EZ Mini User Guide...
  • Page 758 Command line interface Command line reference Remove a file or directory. Syntax rm <path> [force] Parameters path: The path to remove. force: Force the file to be removed without asking. Digi Connect EZ Mini User Guide...

  • Page 759: Scp

    Display IPv6 routes. If no IP version is specified IPv4 & IPV6 will be displayed. verbose: Display more information (less concise, more detail). show cloud Show drm status & statistics. Syntax show cloud Parameters None Digi Connect EZ Mini User Guide...

  • Page 760: Show Config

    Parameters None show eth Show ethernet status & statistics. Syntax show eth [name STRING] Parameters name: Display more details and configuration data for a specific ethernet instance. show event Show event list (high level). Digi Connect EZ Mini User Guide...

  • Page 761: Show Hotspot

    Show L2TP access concentrator status & statistics. Syntax show l2tp lac [name STRING] Parameters name: Display more details for a specific L2TP access concentrator. show l2tp lns Show L2TP network server status & statistics. Syntax show l2tp lns [name STRING] Digi Connect EZ Mini User Guide...

  • Page 762: Show L2Tpeth

    'number'. show manufacture Show manufacturer information. Syntax show manufacture [verbose] Parameters verbose: Display more information (less concise, more detail). show modbus-gateway Digi Connect EZ Mini User Guide...

  • Page 763: Show Mqtt

    Display more details and config data for a specific network interface. all: Display all interfaces including disabled interfaces. verbose: Display more information (less concise, more detail). show ntp Show NTP status & statistics. Syntax show ntp Digi Connect EZ Mini User Guide...

  • Page 764: Show Openvpn Client

    Display more information (less concise, more detail). show scep-client Show SCEP client status and statistics. Syntax show scep-client [name STRING] Parameters name: Display more details and configuration data for a specific SCEP client instance. Digi Connect EZ Mini User Guide...

  • Page 765: Show Scripts

    Show SureLink status & statistics for IPsec tunnels. Syntax show surelink ipsec [tunnel STRING] [all] Parameters tunnel: The name of a specific IPsec tunnel. all: Show all IPsec tunnels. show surelink openvpn Show SureLink status & statistics for OpenVPN clients. Digi Connect EZ Mini User Guide...

  • Page 766: Show Surelink State

    Parameters verbose: Display more information (disk usage, etc). show usb Show USB information. Syntax show usb Parameters None show version Show firmware version. Syntax show version [verbose] Parameters verbose: Display more information (build date). Digi Connect EZ Mini User Guide...

  • Page 767: Show Vrrp

    The hostname or IP address of the remote host. user: The username to use when connecting to the remote host. port: The SSH port to use to connect to the remote host. (Minimum: 1, Maximum: 65535, Default: 22) Digi Connect EZ Mini User Guide...

  • Page 768: System Backup

    Duplicate the running firmware to the alternate partition so that the device will always boot the same firmware version. Syntax system duplicate-firmware Parameters None system factory-erase Erase the device to restore to factory defaults. All configuration and automatically generated keys will be erased. Digi Connect EZ Mini User Guide...

  • Page 769: System Find-Me

    Query the Digi firmware server for the latest device firmware version. Syntax system firmware ota check Parameters None system firmware ota list Query the Digi firmware server for a list of device firmware versions. Syntax system firmware ota list Parameters None system firmware ota update Perform FOTA (firmware-over-the-air) update.

  • Page 770: System Firmware Update

    <script> Parameters script: Script to start. system script stop Stop an active running script. Scripts scheduled to run again will still run again (disable a script to prevent it from running again). Digi Connect EZ Mini User Guide...

  • Page 771: System Serial Restart

    Displays the serial log on the screen. Syntax system serial show <port> Parameters port: Serial port. system support-report Save a support report to a file and include with support requests. Syntax system support-report [path STRING] Digi Connect EZ Mini User Guide...

  • Page 772: System Time Set

    The file to tail. timeout: The amount of time in seconds to tail the file. (Default: 10) filter: Only see output that contains this string. match: Stop tail when this string is detected in output. Digi Connect EZ Mini User Guide...

  • Page 773: Telnet

    Total size of the probing packet. Default 60 bytes for IPv4 and 80 for Ipv6. A value of -1 specifies that the default value will be used. (Minimum: -1, Default: -1) debug: Enable socket level debugging. dontfragment: Do not fragment probe packets. icmp: Use ICMP ECHO for probes. Digi Connect EZ Mini User Guide...
  • Page 774 Command line interface Command line reference nomap: Do not try to map IP addresses to host names when displaying them. bypass: Bypass the normal routing tables and send directly to a host on an attached network. Digi Connect EZ Mini User Guide...

Table of Contents