Download Print this page

Digi Connect EZ 4i User Manual

Digi Connect EZ 4i User Manual

Hide thumbs Also See for Connect EZ 4i:

User manual (932 pages)

Table Of Contents

page of 1045

/ 1045
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Connect EZ 4/4i

User Guide

Firmware version 24.3

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the Connect EZ 4i and is the answer not in the manual?

Questions and answers

Summary of Contents for Digi Connect EZ 4i

Page 1 Connect EZ 4/4i User Guide Firmware version 24.3...
Page 2 - Display information about the serial ports on the Dashboard. For more information about this release, see the blog post called, "Announcing the Latest Digi Software Solutions for DAL OS 24.3 Firmware" on digi.com. Additional changes Added a step for device registration.
Page 3 EZ cellular modem. Configure the system watchdog. For more information about this release, see Announcing the Latest Digi Software Solutions for DAL OS 23.12 Firmware and Digi Remote Manager on digi.com. Release of DigiConnect EZ firmware version 23.9: October 2023...
Page 4 RealPort mode. Trademarks and copyright Digi, Digi International, and the Digi logo are trademarks or registered trademarks in the United States and other countries worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 5 Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (Digi Connect EZ 4/4i User Guide, 90002459 A) in the subject line of your email. Digi Connect EZ 4/4i User Guide...
Page 6: Table Of Contents
Digi Connect EZ 4/4i User Guide Get started with Connect EZ 4/4i Before you begin: Register your Connect EZ Connect EZ 4i ONLY: Review installation instructions for hazardous locations Step 1: Verify product components Included equipment for Connect EZ 4/4i...
Page 7 Local Area Networks (LANs) About Local Area Networks (LANs) Configure a Local Area Network (LAN) Configure the ETH1 port as a LAN or in a bridge Change the default LAN subnet Example: Configure two LANs Digi Connect EZ 4/4i User Guide...
Page 8 Installation and configuration process Digi Navigator features Install the Digi Navigator Configure RealPort on a Digi device from the Digi Navigator Digi Navigator device discovery process Services used to discover a device when connected to a network Digi Navigator application features...
Page 9 IPsec data protection IPsec mode IPsec modes Internet Key Exchange (IKE) settings Authentication Configure an IPsec tunnel Configure IPsec failover Configure SureLink active recovery for IPsec Show IPsec status and statistics Debug an IPsec configuration Digi Connect EZ 4/4i User Guide...
Page 10 Configure the device to use a user-defined static location Configure the device to accept location messages from external sources Forward location information to a remote host Configure geofencing Show location information Modbus gateway Configure the Modbus gateway Digi Connect EZ 4/4i User Guide...
Page 11 TACACS+ server failover and fallback to local authentication Configure your Connect EZ device to use a TACACS+ server Remote Authentication Dial-In User Service (RADIUS) RADIUS user configuration RADIUS server failover and fallback to local configuration Digi Connect EZ 4/4i User Guide...
Page 12 Show web filter service information System administration Review device status Configure system information Update system firmware Manage firmware updates using Digi Remote Manager Certificate management for firmware images Downgrading Dual boot behavior Update cellular module firmware Update modem firmware over the air (OTA)
Page 13 Add a device to Remote Manager using information from the label Add a device to Remote Manager using your Remote Manager login credentials Configure multiple Connect EZ devices by using Digi Remote Manager configurations View Digi Remote Manager connection status...
Page 14 Display help for the config command from the root Admin CLI prompt Configuration mode Enable configuration mode Enter configuration commands in configuration mode Save changes and exit configuration mode Exit configuration mode without saving changes Configuration actions Display command line help in configuration mode Digi Connect EZ 4/4i User Guide...
Page 15 1013 monitoring metrics upload 1013 more 1013 1013 ping 1013 poweroff 1014 reboot 1014 1014 1015 show analyzer 1015 show arp 1015 show cloud 1015 show config 1016 show dhcp-lease 1016 show dns 1016 Digi Connect EZ 4/4i User Guide...
Page 16 1027 system power ignition off_delay 1028 system restore 1028 system script start 1028 system script stop 1028 system serial clear 1028 system serial restart 1029 system serial save 1029 system serial show 1029 Digi Connect EZ 4/4i User Guide...
Page 17 UK Conformity Assessed (UKCA) labeling requirements 1042 IFETEL 1042 RoHS compliance statement 1044 Cautionary statements for Connect EZ 1044 Residential environment warnings 1044 Safety statements for Connect EZ 4i only 1044 Product disposal instructions 1045 Digi Connect EZ 4/4i User Guide...
Page 18: Digi Connect Ez 4/4I User Guide
Digi Connect EZ is Digi’s next generation Device Server product line, providing connectivity for existing critical assets in business, commercial, and industrial automation applications. This product line builds on and extends the capabilities of our previous PortServer and Digi One products along with enhanced manageability, security, intelligence, and performance, while offering seamless connectivity for existing applications.
Page 19: Get Started With Connect Ez 4/4I
This section explains what comes with each Connect EZ model, how to install the necessary software, and how to connect the hardware. Before you begin: Register your Connect EZ Connect EZ 4i ONLY: Review installation instructions for hazardous locations Step 1: Verify product components Step 2: Connect the power supply...
Page 20: Before You Begin: Register Your Connect Ez
Before you begin: Register your Connect EZ Before you begin: Register your Connect EZ Welcome to the Digi family! Register your new Connect EZ today and start enjoying a suite of exclusive benefits, including centralized management and 24/7 technical support.
Page 21 For information about connecting the power supply, see Step 2: Connect the power supply. Power Connect EZ 4i is intended to be powered by a certified extended temperature power supply supply pigtail DCcable with output rated at 100-240 VACto 12 VDC3 A, -40 Cto +74 (Connect EZ Use the included power supply (part number 24000141).
Page 22: Optional Additional Cellular Equipment
100-240 VACto 12 VDC, and with a 3 A output. Connect EZ 4i: Connect EZ 4i is intended to be powered by a certified extended temperature power supply pigtail DCcable with output rated at 100-240 VACto 12 VDC3 A, -40 Cto +74 C.
Page 23: Step 3: Connect To Site Network Using An Ethernet Lan
UI and configure it. NEXT STEP: If you are performing the initial device set-up, after you have configure Wi-Fi you can proceed to the next step: Step 5: Discover the IP address using the Digi Navigator. Connect the Wi-Fi antenna This section explains how to connect the Wi-Fi antenna to the Connect EZ hardware.
Page 24: Configure Wi-Fi On The Device
Digi Navigator to quickly discover the IP address for the Connect EZ. Note If you don't have access to the Digi Navigator, you can use a manual method to discover the IP address. See Discover the device's IP address: Additional methods.
Page 25: Step 6: Configure Realport From The Digi Navigator
Ethernet cable. 3. Launch the Digi Navigator. 4. A list of the devices discovered by the Digi Navigator displays. Click on the device that you want to configure. For information about how devices are discovered and how to add a device...
Page 26: Step 7: Connect To The Web Ui And Update The Connect Ez Firmware
4. After logging in, the local web admin dashboard is displayed. 5. On the main menu, click System. Under Administration, click Firmware Update. 6. Click Download from server. Digi Connect EZ 4/4i User Guide...
Page 27: Step 8: Connect To Digi Remote Manager
Manager. Step 8: Connect to Digi Remote Manager Connect your device to Digi Remote Manager to ensure that you receive automatic notification of firmware updates and security notices. From Remote Manager, you can also easily update firmware, ensure consistent configuration across a large group of devices, and manage and monitor cellular connectivity.
Page 28: Hardware
ETH1 network, using an Ethernet cable. The ETH1 LED shows the status of the connection. Yellow (left): There is activity on the port. Green (right): The port is in use. Digi Connect EZ 4/4i User Guide...
Page 29: Wi-Fi Led Descriptions
The SIM button is used to manually toggle between SIM button the two SIM slots included in the DIGI Core Module. Note This feature is useful only if you have connected the Digi CORE module. See Create a cellular connection using the CORE module.
Page 30: Cell Service And Signal Led Descriptions
Modem signal strength: 1 bars Fast flash red Modem signal strength: 0 bars Modem signal strength: * Solid amber Cell service: 2G Solid green Cell service: 3G Solid blue Cell service: 4G Cell service: None Digi Connect EZ 4/4i User Guide...
Page 31: Back Panel
Back panel Back panel Name Description Digi Core Modem Insert a Digi Core Modem to complete a cellular connection. Create a cellular connection using the CORE module. Antennas can be attached if the module is used to complete a WWAN-1 cellular connection.
Page 32: Change The Password On The Connect Ez
LAN. Prerequisites Activated SIM card from your cellular network provider. Digi CORE module. This may be included with your device. If it is not, you must purchase one separately. To connect the hardware and connect to the cellular network: Digi Connect EZ 4/4i User Guide...
Page 33 5. Plug the power supply cord into at least one of the power supplies on the back of the device. 6. Plug the power supply unit into an ACpower outlet to power up the Connect EZ. Digi Connect EZ 4/4i User Guide...
Page 34: Connect Equipment To The Connect Ez Serial Port
The serial port is enabled by default. The network devices connected to the serial port may be accessed using RealPort, Digi Remote Manager, the local web user interface, TCP, telnet, or SSH connections. TCP, telnet and SSH connections to serial ports are disabled by default and must be enabled by a device-specific configuration.
Page 35: Mount The Connect Ez Device
14 mm in length. The length should clear the mounting tab thickness and leave at least 1 cm of screw shank to bite into the mounting material. Mounting onto thicker metals Examples: Aluminum or steel. Use a screw that meets these requirements: Digi Connect EZ 4/4i User Guide...
Page 36: Attach To Din Rail With Clip
3. Using a pinhole tool, press and briefly hold the Erase button. 4. The device resets to factory defaults and then reboots automatically. Discover the IP address using the Digi Navigator You can use the Digi Navigator to quickly discover the IP address for the Connect EZ.
Page 37: Discover The Device's Ip Address: Additional Methods
Discover the device's IP address: Additional methods Note If you don't have access to the Digi Navigator, you can use a manual method to discover the IP address. See Discover the device's IP address: Additional methods. 1. To ensure that your computer and device are connected to each other and your local network, make the following connections: Connect the device to your computer with an Ethernet cable.
Page 38: Manually Configure The Pc And Assign An Ip Address To The Device
IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process. 5. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 Digi Connect EZ 4/4i User Guide...
Page 39: Connect To The Local Web Ui On The Connect Ez
Connect to the local Web UI on the Connect EZ Once you are connected to the local Web UI, you can configure your device. Note You can also use the Digi Navigator to access the web UI and configure the device. See Access the web UI from the Digi Navigator.
Page 40: Device Label Sticker Sample
Summarizes network statistics: the total number of bytes sent and received over all Network configured bridges and Ethernet devices. activity Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager.
Page 41 The unique serial number assigned to the device. The SN is needed when submitting a Digi support ticket. Device kit part The part number and revision level of the device kit. number and revision level Digi Connect EZ 4/4i User Guide...
Page 42 Using Digi Remote Manager Access Digi Remote Manager Using the local web interface Use the local REST API to configure the Connect EZ device Access the terminal screen from the web UI Using the command line Digi Connect EZ 4/4i User Guide...
Page 43: Firmware Configuration
Firmware configuration Review Connect EZ default settings Review Connect EZ default settings You can review the default settings for your Connect EZ device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the Connect EZ WebUI as a user with Admin access.
Page 44: Other Default Configuration Settings
To change the default password for the admin user:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 45: Change The Default Ssid And Pre-Shared Key For The Preconfigured Wi-Fi Access Point
Type quit to disconnect from the device. Change the default SSID and pre-shared key for the preconfigured Wi-Fi access point By default, the SSID and pre-shared key for the preconfigured Wi-Fi access point are: Enabled SSID: Digi-Connect EZ-serial_number Digi Connect EZ 4/4i User Guide...
Page 46 Pre-shared key: The unique password printed on the bottom label of the device.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 47: Configuration Methods
Note Changes made to the device's configuration by using the local web interface will not be automatically reflected in Digi Remote Manager. You must manually refresh Remote Manager for the changes to be displayed. Web-based instructions in this guide are applicable to both the Remote Manager and the local web interface.
Page 48: Using Digi Remote Manager
Shows how to perform a task by using the command line interface. Using Digi Remote Manager By default, your Connect EZ device is configured to use Digi Remote Manager as its central management server. Devices must be registered with Remote Manager using one of the following options: As part of the getting started process.
Page 49: Log Out Of The Web Interface
Provides information about the signal strength and technology of the cellular modem(s). Digi Remote Displays the device connection status for Digi Remote Manager, the amount of time Manager the connection has been up, and the Digi Remote Manager device ID.
Page 50: Use The Get Method To Return Device Configuration Information
The allowed values for path are listed in the first (left) column. 4. To determine further allowed path location values by using the ? (question mark) with the path name: (config> service ? Services Additional Configuration Digi Connect EZ 4/4i User Guide...
Page 51 "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" "mdns.name": "" "mdns.type": "_ssh._tcp." "port": "22" "protocol.0": "tcp" You can also use the GET method to return the configuration parameters associated with an item: Digi Connect EZ 4/4i User Guide...
Page 52: Use The Post Method To Modify Device Configuration Parameters And List Arrays
WAN interface for the 1.2.4.0/24 destination network: $ curl -g -k -u admin "https://192.168.210.1/cgi- bin/config.cgi/value?path=network.route.static&append=true&collapsed [dst]=1.2.4.0/24&collapsed[interface]=/network/interface/wan" -X POST Enter host password for user 'admin': Digi Connect EZ 4/4i User Guide...
Page 53: Use The Delete Method To Remove Items From A List Array
Access the terminal screen from the web UI A user can log into a terminal screen and use CLI commands to access features. Note You can also access the terminal screen from a port listed in the Serial Status page. Digi Connect EZ 4/4i User Guide...
Page 54 6. Enter ~b? to display additional commands. Command Description Disconnect from the port. Send a BREAK sequence. Clear the history buffer. Send a DTRreset sequence. Display a list of commands. 7. Enter ~b. to disconnect from the port. Digi Connect EZ 4/4i User Guide...
Page 55: Using The Command Line
You can use an open-source terminal software, such as PuTTYor TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 56: Exit The Command Line Interface
2. Depending on the device configuration, you may be presented with another menu, for example: Access selection menu: a: Admin CLI q: Quit Select access or quit [admin] : Type q or quit to exit. Digi Connect EZ 4/4i User Guide...
Page 57: Interfaces
Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Define a static IP address Wide Area Networks (WANs) Local Area Networks (LANs) Virtual LANs (VLANs) Bridging Show SureLink status and statistics Configure a TCP connection timeout Digi Connect EZ 4/4i User Guide...
Page 58: Define A Static Ip Address
IP address and netmask The netmask is the length of the subnet mask in bits. For example, for a class Caddress with a subnet mask of 255.255.255.0, the length in bits would be 24. NETMASK Netmask length Digi Connect EZ 4/4i User Guide...
Page 59: Wide Area Networks (Wans)
Using cellular modems in a Wireless WAN (WWAN) Configure a Wide Area Network (WAN) Configure a Wireless Wide Area Network (WWAN) Show WAN and WWAN status and statistics Delete a WAN or WWAN Default outbound WAN/WWAN ports Digi Connect EZ 4/4i User Guide...
Page 60: Wide Area Networks (Wans) And Wireless Wide Area Networks (Wwans)
Configured WAN and WWAN interfaces. This example uses the preconfigured ETH1 and Modem interfaces. The metric for each WAN.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 61 Set the IPv4 metric for Modem to 1. For example: (config)> network interface modem ipv4 metric 1 (config)> b. Set the IPv6 metric for Modem to 1: (config)> network interface modem ipv6 metric 1 (config)> Digi Connect EZ 4/4i User Guide...
Page 62: Wan/Wwan Failover
DNS query to the DNS servers for interface's the network connection. DNS servers are typically received as part of the interface's DHCP client connection, although you can manually configure the DNS servers that will be used by SureLink. Digi Connect EZ 4/4i User Guide...
Page 63: Configure Surelink Active Recovery To Detect Wan/Wwan Failures
WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network. Using Digi SureLink, you can configure the Connect EZ device to regularly probe connections through the WAN to determine if the WAN has failed, and to perform recovery actions, such as changing the interface metric to use a new default gateway.
Page 64 Otherwise, the device will reboot and all recovery actions listed after the Reboot Device action will be ignored.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 65 Interfaces Wide Area Networks (WANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 66 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect EZ 4/4i User Guide...
Page 67 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect EZ 4/4i User Guide...
Page 68 Reset modem: This recovery action is available for WWAN interfaces only. If Reset modem is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. Digi Connect EZ 4/4i User Guide...
Page 69 For Delayed Start, type the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 70 5. By default, the Test DNS servers configured for this interface test is automatically configured and enabled. This tests communication with DNS servers that are either provided by DHCP, or statically configured for this interface. Digi Connect EZ 4/4i User Guide...
Page 71 If set, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. interface_address. interface_dns: The interface's DNS server. Digi Connect EZ 4/4i User Guide...
Page 72 Set the amount of time to wait for the interface to connect for the first time before the test is considered to have failed. (config network interface my_wan surelink tests 1)> interface_timeout value (config network interface my_wan surelink tests 1)> Digi Connect EZ 4/4i User Guide...
Page 73 (config network interface my_wan surelink tests 1)> Set the type of IP connection: (config network interface my_wan surelink tests 1)> other_ip_ version value (config network interface my_wan surelink tests 1)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 74 The command varies depending on whether the interface is a WAN or WWAN: WAN interfaces: (config network interface my_wan surelink actions 0)> action value (config network interface my_wan surelink actions 0)> Digi Connect EZ 4/4i User Guide...
Page 75 (config network interface my_wan surelink actions 0)> The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect EZ 4/4i User Guide...
Page 76 Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config network interface my_wan surelink actions 0)> test_ failures int (config network interface my_wan surelink actions 0)> The default is 3. Digi Connect EZ 4/4i User Guide...
Page 77 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config network interface my_wan surelink actions 0)> override_interval int (config network interface my_wan surelink actions 0)> f. Repeat for each additional recovery action. 7. Optional SureLink configuration parameters: Digi Connect EZ 4/4i User Guide...
Page 78 (config)> The default is 15s. f. Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. Digi Connect EZ 4/4i User Guide...
Page 79: Configure The Device To Reboot When A Failure Is Detected
Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the Connect EZ device to reboot when it has determined that an interface has failed. Digi Connect EZ 4/4i User Guide...
Page 80 To configure the Connect EZ device to reboot when an interface has failed:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 81 9. (Optional) For Response timeout, type the amount of time that the device should wait for a response to a test failure before considering it to have failed. Digi Connect EZ 4/4i User Guide...
Page 82 DHCP, or statically configured for this interface. Test the interface status: Tests the current status of the interface. The test fails if the interface is down. Failing this test infers that all other tests fail. Digi Connect EZ 4/4i User Guide...
Page 83 Click to expand Recovery actions. By default, there are two preconfigured recovery actions: Update routing: Uses the Change default gateway action, which increases the interface's metric by 100 to change the default gateway. Restart interface. Digi Connect EZ 4/4i User Guide...
Page 84 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Digi Connect EZ 4/4i User Guide...
Page 85 Test interface gateway by pinging is used by the Interface gateway Ping test as the endpoint for traceroute to use to determine the interface gateway. The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. Digi Connect EZ 4/4i User Guide...
Page 86 (config network interface my_wan)> add surelink tests end (config network interface my_wan surelink tests 1)> b. New tests are enabled by default. To disable: (config network interface my_wan surelink tests 1)> enable false (config network interface my_wan surelink tests 1)> Digi Connect EZ 4/4i User Guide...
Page 87 Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: (config network interface my_wan surelink tests 1)> dns_server IP_address (config network interface my_wan surelink tests 1)> Digi Connect EZ 4/4i User Guide...
Page 88 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: Digi Connect EZ 4/4i User Guide...
Page 89 The IPv6 connection must be up. The status required for the test to past. (config network interface my_wan surelink tests 1)> other_ status value (config network interface my_wan surelink tests 1)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 90 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config network interface my_wan surelink actions 0)> override_ interval int (config network interface my_wan surelink actions 0)> 7. Optional SureLink configuration parameters: Digi Connect EZ 4/4i User Guide...
Page 91 (config)> The default is 15s. f. Set the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be up. Digi Connect EZ 4/4i User Guide...
Page 92: Disable Surelink
Disable SureLink If your device uses a private APN with no Internet access or has a restricted WAN connection that doesn't allow DNS resolution, you can disable SureLink connectivity tests. You can also reconfigure Digi Connect EZ 4/4i User Guide...
Page 93 SureLink to disable the DNS test and use one or more other tests.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 94 WAN connections that do not allow DNS resolution, and configure alternate test.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 95 If Ping test is selected, complete the following: Ping target: The type of target for the ping, one of: Hostname or IP address of an external server. Ping host: hostname or IP address of the server. Digi Connect EZ 4/4i User Guide...
Page 96 TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi Connect EZ 4/4i User Guide...
Page 97 (config network interface my_wan)> add surelink tests end (config network interface my_wan surelink tests 1)> b. Create a label for the test: (config network interface my_wan surelink tests 1)> label string (config network interface my_wan surelink tests 1)> Digi Connect EZ 4/4i User Guide...
Page 98 (config network interface my_wan surelink tests 1)> dns_server IP_address (config network interface my_wan surelink tests 1)> http: Uses HTTP(s) GET requests to determine connectivity to the configured web server. If http is set, set the URL of the web server. Digi Connect EZ 4/4i User Guide...
Page 99 Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: (config network interface my_wan surelink tests 1)> custom_ test_commands "string" (config network interface my_wan surelink tests 1)> Digi Connect EZ 4/4i User Guide...
Page 100 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). Digi Connect EZ 4/4i User Guide...
Page 101: Example: Use A Ping Test For Wan Failover From Ethernet To Cellular
To achieve this WAN failover from the ETH1 to the Modem interface, the WAN failover configuration is:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 102 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 103: Using Ethernet Devices In A Wan
The Connect EZ device has two Ethernet devices, named ETH1 and ETH2. You can use these Ethernet interfaces as a WAN when connecting to the Internet, through a device such as a cable modem: Digi Connect EZ 4/4i User Guide...
Page 104: Using Cellular Modems In A Wireless Wan (Wwan)
SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 105 Interfaces Wide Area Networks (WANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 106 3. Modem configurations are enabled by default. To disable: (config)> network modem modem enable false (config)> 4. Set the SIM slot that should be used by the modem: (config)> network modem modem sim_slot value (config)> Digi Connect EZ 4/4i User Guide...
Page 107 (config)> network modem modem query_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set query_interval to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 108 11. Set whether the modem should use the main antenna, the auxiliary antenna, or both the main and auxiliary antennas: (config)> network modem modem antenna value (config)> where value is one of the following: main both Digi Connect EZ 4/4i User Guide...
Page 109 APN. To configure the APN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 110 4. (Optional) To add additional APNs: a. Use the add command to add a new APN entry. For example: (config)> add network interface modem modem apn end (config network interface modem modem apn 1)> Digi Connect EZ 4/4i User Guide...
Page 111 8. Disable Lightweight M2M support if you are using an AT&T SIM that does not support AT&T lightweight M2M: (config)> network interface modem modem apn 0 attm2mglobal false (config)> 9. (Optional) To configure the device to bypass its preconfigured APN list and only use the configured APNs: Digi Connect EZ 4/4i User Guide...
Page 112 Using an AT&T SIM with the Telit LE910-NAv2 module is supported. The Telit LE910-NAv2 module is used in the 1002-CM04 CORE modem.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 113 This should be the same modem selected for the WWAN_Public WWAN. k. Enable APN list only. l. Click to expand APN list > APN. m. For APN, type the private APN provided to you by your cellular carrier. Digi Connect EZ 4/4i User Guide...
Page 114 Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. k. Configure the destination address: i. Click to expand Destination address. ii. For Type, select Interface. Digi Connect EZ 4/4i User Guide...
Page 115 Set the modem device: (config network interface WWANPublic)> modem device modem (config network interface WWANPublic)> d. (Optional): Set the public APN. If the public APN is not configured, the Connect EZ will attempt to determine the APN. Digi Connect EZ 4/4i User Guide...
Page 116 Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through public apn" (config network route policy 0)> c. Set the interface: (config network route policy 0)> interface /network/interface/WWANPublic (config network route policy 0)> Digi Connect EZ 4/4i User Guide...
Page 117 (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> j. Configure the source address: i. Set the source type to interface: (config network route policy 1)> src type interface (config network route policy 1)> Digi Connect EZ 4/4i User Guide...
Page 118 Select Manual or Manual/Automatic carrier selection mode. The Network PLMN ID.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 119 3. At the config prompt, type: (config)> network interface modem modem operator_mode value (config)> where value is one of: automatic— The device automatically selects the carrier based on your SIM and cellular network status. Digi Connect EZ 4/4i User Guide...
Page 120 Highlight the appropriate carrier and click SELECT. The Carrier selection dialog opens. b. For Carrier selection mode, select one of the following: Manual/Automatic: The device will use automatic carrier selection if this carrier is not available. Digi Connect EZ 4/4i User Guide...
Page 121 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 122 : 245.144.162.207, 245.144.162.208 IPv6 surelink : passing IPv6 address : 11f6:4680:0d67:59d2:552b:3429:81a8:f1ea IPv6 gateway : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) Digi Connect EZ 4/4i User Guide...
Page 123 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Note If the SIM remains in a locked state after using the unlock command, contact your cellular carrier. Digi Connect EZ 4/4i User Guide...
Page 124 Move the Connect EZ device to another location. Try connecting a different set of antennas, if available. Purchase a Digi Antenna Extender Kit: Antenna Extender Kit, 1m AT command access To run AT commands from the Connect EZ command line: ...
Page 125 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 126: Configure A Wide Area Network (Wan)
Additional IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the WAN. The relative weight for IPv4 routes associated with the WAN.
Page 127 MACaddress denylist and allowlist. To create a new WAN or edit an existing WAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 128 Configure system information for information about setting the Connect EZ device's system name. d. Enable Force link to keep the network interface active even when the device link is down. 10. (Optional) Configure IPv6 settings: Digi Connect EZ 4/4i User Guide...
Page 129 For Add MAC address, click . c. Type the MAC address. 12. (Optional) Click to expand MAC address allowlist. If allowlist entries are specified, incoming packets will only be accepted from the listed MAC addresses. Digi Connect EZ 4/4i User Guide...
Page 130 5. Select an Ethernet device, a Wi-Fi device, or a bridge. See Bridging for more information about bridging. a. Enter device ? to view available devices and the proper syntax. (config network interface my_wan)> device ? Current value: (config network interface my_wan)> device Digi Connect EZ 4/4i User Guide...
Page 131 DNS will always be used for this WAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. Digi Connect EZ 4/4i User Guide...
Page 132 Parameters Current Value --------------------------------------------------------------------- ---------- dhcp_hostname false DHCP Hostname enable true Enable metric Metric mgmt Management priority 1500 type dhcpv6 Type use_dns always Use DNS weight Weight Additional Configuration --------------------------------------------------------------------- ---------- connection_monitor Active recovery Digi Connect EZ 4/4i User Guide...
Page 133 Add a MAC address to the allowlist: (config network interface my_wan)> add mac_allowlist end mac_address (config network interface my_wan)> where mac_address is a hyphen-separated MACaddress, for example, 32-A6-84-2E-81-58. b. Repeat for each additional MAC address. Digi Connect EZ 4/4i User Guide...
Page 134: Configure A Wireless Wide Area Network (Wwan)
APN configuration. The custom gateway/netmask. IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the WAN. The relative weight for IPv4 routes associated with the WAN.
Page 135 Configure SureLink active recovery to detect WAN/WWAN failures for further information.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 136 SIM before failing over to the next available SIM. b. For SIM failover alternative, configure how SIM failover will function if automatic SIM switching is unavailable: None: The device will perform no alternative action if automatic SIM switching is unavailable. Digi Connect EZ 4/4i User Guide...
Page 137 IPv4 support is Enabled by default. Click to disable. c. Set the Type. Static IP address - Digi device obtains the static IP address from the cellular network. DHCP address - Digi device obtains IP address through a DHCP server on the cellular network.
Page 138 Interfaces Wide Area Networks (WANs) Static IP address - Digi device obtains the static IP address from the cellular network. DHCP address - Digi device obtains IP address through a DHCP server on the cellular network. a. Set the Metric.
Page 139 Match SIM carrier: The SIM carrier match criteria. This interface is applied when the SIM card is provisioned from the carrier. Format: AT&T Rogers Sprint T-Mobile Telstra Verizon Vodafone other Default value: AT&T Current value: AT&T Digi Connect EZ 4/4i User Guide...
Page 140 Normally, this should be left blank. It is only necessary to complete this field if the SIM does not have a phone number or if the phone number is incorrect. 9. Roaming is enabled by default. To disable: (config network interface my_wwan)> modem roaming false (config network interface my_wwan)> Digi Connect EZ 4/4i User Guide...
Page 141 (config network interface my_wwan)> modem sim_failover false (config network interface my_wwan)> If enabled: a. Set the number of times that the device should attempt to connect to the active SIM before failing over to the next available SIM: Digi Connect EZ 4/4i User Guide...
Page 142 (config network interface my_wwan)> Where value is one of: static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. Digi Connect EZ 4/4i User Guide...
Page 143 Set the type, which determines how the modem in the device obtains an IP address from the cellular network. (config network interface my_wwan)> ipv4 modem_type value (config network interface my_wwan)> Where value is one of: Digi Connect EZ 4/4i User Guide...
Page 144 Wide Area Networks (WANs) static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. c. Set the metric: (config network interface my_wwan)> ipv4 metric num (config network interface my_wwan)>...
Page 145: Show Wan And Wwan Status And Statistics
Weight ---------------- ----- ------- ------ -------- -------- ------ ---- defaultip IPv4 static setup eth2 defaultlinklocal IPv4 static setup eth2 eth2 IPv4 static internal eth2 eth2 IPv6 static internal eth2 loopback IPv4 static loopback loopback Digi Connect EZ 4/4i User Guide...
Page 146: Delete A Wan Or Wwan
Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1, or the preconfigured WWAN, Modem.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 147 Interfaces Wide Area Networks (WANs) Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
Page 148: Default Outbound Wan/Wwan Ports
The following table lists the default outbound network communications for Connect EZ WAN/WWAN interfaces: Port Description TCP/UDP number Digi Remote Manager connection to edp12.devicecloud.com . 3199 NTP date/time sync to time.devicecloud.com . DNS resolution using WAN-provided DNS servers. HTTPS for modem firmware downloads from firmware.devicecloud.com .
Page 149: Local Area Networks (Lans)
Configure the ETH1 port as a LAN or in a bridge Change the default LAN subnet Example: Configure two LANs Show LAN status and statistics Delete a LAN DHCP servers Default services listening on LAN ports Configure an interface to operate in passthrough mode. Digi Connect EZ 4/4i User Guide...
Page 150: About Local Area Networks (Lans)
IP address. Additional configuration items Additional IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the LAN.
Page 151 MACaddress denylist and allowlist. To create a new LAN or edit an existing LAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 152 DHCP server. f. Enable Force link to keep the network interface active even when the device link is down. 10. See Configure DHCP relay for information about configuring DHCP relay. 11. (Optional) Configure IPv6 settings: Digi Connect EZ 4/4i User Guide...
Page 153 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create a new LAN or edit an existing one: To create a new LAN named my_lan: (config)> add network interface my_lan (config network interface my_lan)> Digi Connect EZ 4/4i User Guide...
Page 154 Set the IPv4 address and subnet of the LAN interface. Use the format IPv4_ address/netmask, for example, 192.168.2.1/24. (config network interface my_lan)> ipv4 address ip_address/netmask (config network interface my_lan)> b. Optional IPv4 configuration items: Digi Connect EZ 4/4i User Guide...
Page 155 Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): (config network interface my_lan)> ipv6 ? IPv6 Parameters Current Value --------------------------------------------------------------------- ---------- enable true Enable metric Metric mgmt Management priority Digi Connect EZ 4/4i User Guide...
Page 156 The Connect EZ can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the Connect EZ device: (config network interface my_lan)> 802_1x authentication enable true (config network interface my_lan)> b. Set the frequency period for reauthorization: Digi Connect EZ 4/4i User Guide...
Page 157: Configure The Eth1 Port As A Lan Or In A Bridge
This procedure reconfigures the ETH1 port to serve as port for a LAN, which will result in the device having two separate LANs: the default ETH2 LAN, and the LAN created in this procedure. To utilize Digi Connect EZ 4/4i User Guide...
Page 158 ETH1 port. To configure the ETH1 Ethernet port as a LAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 159 (config)> network interface eth1 ipv4 address 192.168.3.1/24 (config)> c. Enable the DHCP server: (config)> network interface eth1 ipv4 dhcp_server enable true (config)> d. Disable SureLink: (config)> network interface eth1 ipv4 surelink enable false (config)> Digi Connect EZ 4/4i User Guide...
Page 160 To bridge the Connect EZ device's ETH1 Ethernet port with the ETH2 port or Wi-Fi access points:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 161 For Add Interface, type a name for the interface and click . c. For Zone, select Internal. d. For Device, select the new bridge. e. Click to expand IPv4. f. For Address, type the IPv4 address and netmask, using the format IPv4_address/netmask, for example, 192.168.3.1/24. Digi Connect EZ 4/4i User Guide...
Page 162 For example, to create a bridge named LAN_bridge: (config)> add network bridge LAN_bridge (config network bridge LAN_bridge)> b. Add the eth1 device: (config network bridge LAN_bridge)> add device end /network/device/eth1 (config network bridge LAN_bridge)> Digi Connect EZ 4/4i User Guide...
Page 163 (config network bridge LAN_bridge)> ii. Use the device's index number to delete the device. For example, to delete eth1, use the 0 index number: (config network bridge LAN_bridge)> del .. lan1 device 0 (config network bridge LAN_bridge)> Digi Connect EZ 4/4i User Guide...
Page 164 (config network interface LAN_bridge_interface)> 5. Disable the eth1 interface: (config)> network interface eth1 enable false (config)> 6. Save the configuration and apply the change (config network interface LAN_bridge_interface)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 165: Change The Default Lan Subnet
DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 166: Example: Configure Two Lans
LAN2 will be configured to use the ETH2 device. Task one: Create a new access point (Connect EZW models only)  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 167 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create a new access point: (config)> add network wifi ap Example_AP (config network wifi ap Example_AP)> New access points are enabled by default. Digi Connect EZ 4/4i User Guide...
Page 168 Type quit to disconnect from the device. Task two: Create a new bridge (Connect EZW )  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 169 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 170 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Task three: Create the LANs  Digi Connect EZ 4/4i User Guide...
Page 171 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 172 (config network interface LAN1)> device ? Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/bridge/LAN /network/bridge/Example_bridge /network/wireless/ap/digi_ap /network/wireless/ap/Example_AP Current value: (config network interface LAN1)> device ii. Set the device for the LAN1 interface: Digi Connect EZ 4/4i User Guide...
Page 173 Enter device ? to view available devices and the proper syntax. (config network interface LAN2)> device ? Device: The network device used by this network interface. Format: /network/device/eth1 /network/device/eth2 /network/bridge/LAN /network/bridge/Example_bridge /network/wireless/ap/digi_ap /network/wireless/ap/Example_AP Current value: (config network interface LAN2)> device Digi Connect EZ 4/4i User Guide...
Page 174: Show Lan Status And Statistics
Verify that the device has been provided an IP address from the LAN2 DHCP server in the 192.168.4.* subnet. Show LAN status and statistics  Log into the Connect EZ WebUI as a user with full Admin access rights. 1. From the menu, click Status. 2. Under Networking, click Interfaces. Digi Connect EZ 4/4i User Guide...
Page 175 4. Enter show network interface name at the Admin CLI prompt to display additional information about a specific LAN. For example, to display information about ETH2, enter show network interface eth2: > show network interface eth2 lan1 Interface Status --------------------- Device : eth2 Zone : internal Digi Connect EZ 4/4i User Guide...
Page 176: Delete A Lan
Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 177 3. Click Network > Interfaces. 4. Click the menu icon (...) next to the name of the LAN to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 178: Dhcp Servers
These instructions assume you are configuring the device to use its local DHCP server. For instructions about configuring the device to use a DHCP relay server, see Configure DHCP relay. Required configuration items Enable the DHCP server. Digi Connect EZ 4/4i User Guide...
Page 179 Map static IP addresses to hosts for information about static leases.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 180 Automatic: Broadcasts the Connect EZ device's server. Custom: Allows you to identify the IP address of the server. f. Enable BOOTP dynamic allocation to automatically assign an IP address to a device on the server. Digi Connect EZ 4/4i User Guide...
Page 181 (the final triplet in an IPv4 address, for example, 192.168.2.xxx). The remainder of the IP address will be based on the LAN's static IP address as Digi Connect EZ 4/4i User Guide...
Page 182 (config)> network interface my_lan ipv4 dhcp_server advanced mtu value (config)> where value is one of: none: An MTU of length 0 is broadcast. This is not recommended. auto: No MTU is broadcast and clients will determine their own MTU. Digi Connect EZ 4/4i User Guide...
Page 183 Set the IP address or host name of the TFTP server: (config)> network interface my_lan ipv4 dhcp_server advanced nftp_ server ip_address (config)> g. Set the relative path and file name of the bootfile on the TFTP server: Digi Connect EZ 4/4i User Guide...
Page 184 A label for this instance of the static lease. To map static IP addresses:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 185 Interfaces Local Area Networks (LANs) a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 186 To view your current static IP mapping:  Log into the Connect EZ WebUI as a user with full Admin access rights. 1. On the main menu, click Status 2. Under Networking, click DHCP Leases.  Command line Digi Connect EZ 4/4i User Guide...
Page 187 Delete static IP mapping entries To delete a static IP entry:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 188 4. Use the del index_number command to delete a static lease. For example, to delete the static lease for the device listed in the above output with a mac address of BF:C3:46:24:0E:D9 (index number 0): Digi Connect EZ 4/4i User Guide...
Page 189 Required configuration items DHCP option number. Value for the DHCP option. Additional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. Digi Connect EZ 4/4i User Guide...
Page 190 Interfaces Local Area Networks (LANs)  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 191 (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. Digi Connect EZ 4/4i User Guide...
Page 192 Disable the DHCP server, if it is enabled. IP address of the primary DHCP relay server, to define the relay server that will respond to DHCP requests. Additional configuration items IP address of additional DHCP relay servers.  Digi Connect EZ 4/4i User Guide...
Page 193 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 194 Type quit to disconnect from the device. Show DHCP server status and settings View DHCP status to monitor which devices have been given IP configuration by the Connect EZ device and to diagnose DHCP issues.  Digi Connect EZ 4/4i User Guide...
Page 195: Default Services Listening On Lan Ports
Default services listening on LAN ports The following table lists the default services listening on the specified ports on the Connect EZ LAN interfaces: Description TCP/UDP Port numbers DNS server DHCP server 67 and 68 Digi Connect EZ 4/4i User Guide...
Page 196: Configure An Interface To Operate In Passthrough Mode
IP address assigned to it on a WAN or cellular modem interface, to a client connected to a LAN interface.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 197 For Access concentrator name, type the name of the access concentrator to report to the client. If no name is provided, the host name is used. d. For Authentication method, select the authentication method used to connect to the remote peer. Digi Connect EZ 4/4i User Guide...
Page 198 Weight is used to load balance traffic to the interfaces. e. Set the Management priority. This determines which interface will have priority for central management activity. The interface with the highest number will be used. Digi Connect EZ 4/4i User Guide...
Page 199 (config network interface ip_passthrough_interface)> 6. Select an Ethernet device or a Wi-Fi access point for this interface: a. Enter device ? to view available devices and the proper syntax. (config network interface my_wan)> device ? Digi Connect EZ 4/4i User Guide...
Page 200 DNS will always be used for this WAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. primary: Only use the DNS servers provided for this interface when the interface is Digi Connect EZ 4/4i User Guide...
Page 201 (config network interface ip_passthrough_interface)> b. Set the frequency period for reauthorization: (config network interface ip_passthrough_interface)> 802_1x authentication reauth_period value (config network interface ip_passthrough_interface)> where value is an integer between 0 and 86400. The default is 3600. Digi Connect EZ 4/4i User Guide...
Page 202: Virtual Lans (Vlans)
VLAN ID for that switchport. This allows devices on the network that aren’t configured with a VLAN to act as if they are directly connected to the VLAN. This section contains the following topics: Create a trunked VLAN route Create a VLAN using switchport mode Digi Connect EZ 4/4i User Guide...
Page 203: Create A Trunked Vlan Route
The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 204: Create A Vlan Using Switchport Mode
Required configuration items Device to be assigned to the VLAN. The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode:  Digi Connect EZ 4/4i User Guide...
Page 205 Interfaces Virtual LANs (VLANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 206 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 207: Bridging
You can also use bridging to create a Vitural LAN switchport bridge. See Create a VLAN using switchport mode for more information about switchport bridging for VLANs. This section contains the following topics: Configure a bridge Digi Connect EZ 4/4i User Guide...
Page 208: Configure A Bridge
Additional configuration items Enable Spanning Tree Protocol (STP). To create a bridge:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 209 > config (config)> 3. Create the bridge: (config)> add network bridge my_bridge (config network bridge my_bridge)> 4. Bridges are enabled by default. To disable: (config network bridge my_bridge)> enable false (config network bridge my_bridge)> Digi Connect EZ 4/4i User Guide...
Page 210 (config network bridge my_bridge)> ..interface lan device ? Default value: /network/lan Current value: /network/lan (config network bridge my_bridge)> b. Add the appropriate device. For example, to add the Digi AP Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap (config)>...
Page 211: Show Surelink Status And Statistics
00/01 [FAILED] update_routing_table 00/01 Test on network.interface.modem.ipv4 with condition: all dns_configured (n); network.interface.modem.ipv4; -> restart_interface ACTION ATTEMPTS STATUS update_routing_table 00/03 [ BUSY ] restart_interface 00/03 reset_modem 00/03 switch_sim 00/03 modem_power_cycle 00/03 restart_interface 00/03 Digi Connect EZ 4/4i User Guide...
Page 212: Show Surelink Status For All Interfaces
Surelink status of a specific interface, for example: > show surelink interface name eth1 wan1 Surelink Status -------------------- IPv4 Status : Passing IPv6 Status : Failed Test Proto Last Response Status Digi Connect EZ 4/4i User Guide...
Page 213: Show Surelink Status For All Ipsec Tunnels
Type admin to access the Admin CLI. 2. Use the show surelink ipsec tunnel name command to show the Surelink status of a specific tunnel, for example: > show surelink ipsec tunnel test IPsec Test Last Response Status Digi Connect EZ 4/4i User Guide...
Page 214: Show Surelink Status For All Openvpn Clients
Type admin to access the Admin CLI. 2. Use the show surelink openvpn client name command to show the Surelink status of a specific OpenVPN client, for example: > show surelink openvpn client test_client1 Digi Connect EZ 4/4i User Guide...
Page 215: Configure A Tcp Connection Timeout
A low number of retries will end a "stale" connection more quickly that a larger number. The default is 15 retries.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 216 Interfaces Configure a TCP connection timeout Maximum: 255 Default: 15 4. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 217: Serial Port
Application: Provides access to the serial device from Python applications. dial-in: Allows the device to answer Point-to-Point Protocol (PPP) connections over serial ports. RealPort: Used in conjunction with the Digi RealPort driver. RealPort can also be configured using the Digi Navigator. For more information about configuring RealPort, see Configure RealPort mode using the Digi Navigator.
Page 218: Baud Rate Options
The Serial Configuration page is displayed. Note You can also configure the serial port by using Device Configuration > Serial. Changes made by using either Device Configuration or Serial Configuration will be reflected in both. Digi Connect EZ 4/4i User Guide...
Page 219 For a complete list, see Baud rate options. b. Data bits: For Data bits, select the number of data bits used by the device to which you want to connect. The default is 8. Digi Connect EZ 4/4i User Guide...
Page 220 2. At the command line, type config to enter configuration mode: > config (config)> 3. The serial port is enabled by default. To disable: (config)> serial port1 enable false (config)> 4. Set the mode: (config)> serial port1 mode login (config)> Digi Connect EZ 4/4i User Guide...
Page 221 Enable full_duplex if you want to enable full duplex communication on this serial port: (config)> serial port1 full_duplex true (config)> The default is rs-232. 7. (Optional) Set a label that will be used when referring to this port. (config)>path-paramlabel label (config)> Digi Connect EZ 4/4i User Guide...
Page 222 (config)> serial port1 flow value (config)> where value is one of: none rts/cts xon/xoff 13. Configure serial port logging: a. Enable serial port logging: (config)>serial port1 logging enable true (config)> b. Set the file name: Digi Connect EZ 4/4i User Guide...
Page 223: Configure Remote Access Mode For A Serial Port
Remote Access mode allows for remote access to another device that is connected to the serial port. To change the configuration to match the serial configuration of the device to which you want to connect:  Digi Connect EZ 4/4i User Guide...
Page 224 For RTS Post-delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms. RS-422 Enable Termination if you want to enable electrical termination on this serial port. Digi Connect EZ 4/4i User Guide...
Page 225 IP ports as appropriate. Note If the Telnet service is enabled for the serial port, note that the Telnet Login option, when enabled, prompts the user to enter Telnet login credentials when accessing the serial Digi Connect EZ 4/4i User Guide...
Page 226 To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv4 address or network that can access the device's service-type. Allowed values are: Digi Connect EZ 4/4i User Guide...
Page 227 For Destination, enter the host name or IP address of the remote server. When using SSH, this should be prefixed with the user name and followed by @, for example, admin@192.168.1.1. Digi Connect EZ 4/4i User Guide...
Page 228 Note You can review the message log in the Serial Port Log page. See Review the serial port message log. 15. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 229 For rts_post_delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms: (config)> serial port1 rts_post_delay value (config)> rs-422 Enable Termination if you want to enable electrical termination on this serial port. Digi Connect EZ 4/4i User Guide...
Page 230 (config)> serial port1 parity parity (config)> Allowed values are: even none The default is none. 11. Set the stop bits used by the device to which you want to connect: (config)> serial port1 stopbits bits (config)> Digi Connect EZ 4/4i User Guide...
Page 231 For example, to set idle_timeout to ten minutes, enter either 10m or 600s: (config)>serial port1 idle_timeout 600s (config) The default is 15m. 14. Configure monitor settings. a. (Optional) Enable monitoring of CTS (Clear to Send) changes on this port: (config)>serial port1 monitor cts true (config) Digi Connect EZ 4/4i User Guide...
Page 232 (config)>serial port1 autoconnect flush_string false (config)> The default is always. c. Set the option that initiates the connection: (config)>serial port1 autoconnect conn_type value (config)> where value is one of: telnet tls_auth The default is tls. Digi Connect EZ 4/4i User Guide...
Page 233 Set the length of time the device should wait before sending the packet: (config)>serial port1 framing idle_time value (config) where value is in milliseconds (ms) or seconds (s). The maximum value is 60s. Digi Connect EZ 4/4i User Guide...
Page 234 Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add serial port1 service ssh acl address6 end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 235 Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vi. (Optional) Enable Multicast DNS (mDNS): Digi Connect EZ 4/4i User Guide...
Page 236 A single IP address or host name. A network designation in CIDRnotation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 237 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback Digi Connect EZ 4/4i User Guide...
Page 238 Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add serial port1 service telnet acl address6 end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 239 Additional Configuration ------------------------------------------------- ------------------------------ dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. vi. (Optional) Enable Multicast DNS (mDNS): Digi Connect EZ 4/4i User Guide...
Page 240 (config)> save Configuration saved. > 20. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 241: Configure Application Mode For A Serial Port
If enabled, this setting overrides RTS\CTS flow control. For RTS Pre-delay, enter the amount of time RTS is asserted before starting data transmission. The time is measured in milliseconds. The default is 0ms. Digi Connect EZ 4/4i User Guide...
Page 242 If enabled, this setting overrides RTS\CTS flow control: (config)> serial port1 rts_toggle true (config)> For rts_pre_delay, enter the amount of time RTS is asserted before starting data transmission. The time is measured in milliseconds. The default is 0ms: Digi Connect EZ 4/4i User Guide...
Page 243: Configure Ppp Dial-In Mode For A Serial Port
To change the configuration to match the serial configuration of the device to which you want to connect:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 244 Serial port Configure PPP dial-in mode for a serial port Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
Page 245 For Connect script filename, type the name of the script. Scripts are located in the /etc/config/serial directory. An example script, windows_dun.sh is provided. Example windows_dun.sh file: #!/bin/sh # Example connect script for connecting from a PC using a Windows Digi Connect EZ 4/4i User Guide...
Page 246 (config)> serial port1 enable false (config)> 4. Set the mode: (config)> serial port1 mode ppp_dialin (config)> 5. (Optional) Set a label that will be used when referring to this port. (config)> serial port1 label label (config)> Digi Connect EZ 4/4i User Guide...
Page 247 10. Set the local IP address assigned to this interface: (config)> serial port1 ppp_dialin local_address IPv4_address (config)> 11. Set the IP address assigned to the remote peer: (config)> serial port1 ppp_dialin remote_address IPv4_address (config)> Digi Connect EZ 4/4i User Guide...
Page 248 Zone: The firewall zone assigned to this interface. This can be used by packet filtering rules and access control lists to restrict network traffic on this interface. Format: dynamic_routes edge external internal ipsec loopback Digi Connect EZ 4/4i User Guide...
Page 249 (config)> serial port1 ppp_dialin connect enable true (config)> b. Set the name of the script: (config)> serial port1 ppp_dialin connect script filename (config)> Scripts are located in the /etc/config/serial directory. An example script, windows_dun.sh is provided. Digi Connect EZ 4/4i User Guide...
Page 250: Configure Udp Serial Mode For A Serial Port
The UDP serial mode option in the serial port configuration provides access to the serial port using UDP. To change the configuration to match the serial configuration of the device to which you want to connect:  Digi Connect EZ 4/4i User Guide...
Page 251 For RTS Post-delay, enter the amount of time RTS is deasserted before completing data transmission. The time is measured in milliseconds. The default is 0ms. RS-422 Enable Termination if you want to enable electrical termination on this serial port. Digi Connect EZ 4/4i User Guide...
Page 252 For End Pattern, enter the end pattern. The packet is sent when this pattern is received from the serial port. v. Click Strip End Pattern if you want to remove the end pattern from the packet before it is sent. Digi Connect EZ 4/4i User Guide...
Page 253 Access the configuration for the appropriate type of service: i. Click to expand Serial. ii. Click to expand the appropriate serial port. iii. Click to expand UDP serial. iv. Click to expand Access Control List. Digi Connect EZ 4/4i User Guide...
Page 254 To limit access to specified IPv6 addresses and networks: i. Click IPv6 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv6 address or network that can access the device's service-type. Allowed values are: Digi Connect EZ 4/4i User Guide...
Page 255 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 256 Enable Termination if you want to enable electrical termination on this serial port. rs-485 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Digi Connect EZ 4/4i User Guide...
Page 257 11. Set the stop bits used by the device to which you want to connect: (config)>serial port1 label stopbits bits (config)> 12. Set the type of flow control used by the device to which you want to connect: (config)>serial port1 label flow type (config) Allowed values are: Digi Connect EZ 4/4i User Guide...
Page 258 16. Configure the remote sites to which you want to send data. If you do not specify any destinations, the Connect EZ send new data to the last hostname and port from which data was received. To add a destination: Digi Connect EZ 4/4i User Guide...
Page 259 No limit to IPv6 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 260 A single IP address or host name. A network designation in CIDRnotation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 261 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ 4/4i User Guide...
Page 262 (config)> save Configuration saved. > 20. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 263: Configure Modem Emulator Mode For A Serial Port
To change the configuration to match the serial configuration of the device to which you want to connect:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 264 To limit access to specified IPv4 addresses and networks: i. Click IPv4 Addresses. ii. For Add Address, click . iii. For Address, enter the IPv4 address or network that can access the device's service-type. Allowed values are: Digi Connect EZ 4/4i User Guide...
Page 265 If you want to log the time at which date was received or transmitted, click the Timestamps toggle to Enable. f. If you want to log the data as hexadecimal values, click the Hexadecimal toggle to Enable. Digi Connect EZ 4/4i User Guide...
Page 266: Configure Modbus Mode For A Serial Port
Altpin has no impact on 422 or 485 mode. For more information, see Serial connector pinout. 6. (Optional) For Label, enter a label that will be used when referring to this port. 7. For Signalling, select the electrical signaling interface type used on this serial port: Digi Connect EZ 4/4i User Guide...
Page 267 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 268 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Enable full_duplex if you want to enable full duplex communication on this serial port: (config)> serial port1 full_duplex true (config)> Digi Connect EZ 4/4i User Guide...
Page 269 (config)> serial port1 stopbits bits (config)> 12. Set the type of flow control used by the device to which you want to connect: (config)> serial port1 flow value (config)> where value is one of: none rts/cts xon/xoff Digi Connect EZ 4/4i User Guide...
Page 270: Configure Realport Mode Using The Digi Navigator
These processes ensure that RealPort is configured on the device and on your computer. Operating system The Digi Navigator can only be installed on a computer with a Windows OS. If you are using Linux, you can manually install and configure RealPort without Digi Navigator. For the Linux installation...
Page 271 The Digi Navigator application can also be downloaded from your device's product support page. 2. Scroll down to the Product Resources tab, and in the Drivers & Patches section, click Digi Navigator. 3. From the list box, select the appropriate Microsoft Windows option from the list of driver options.
Page 272: Configure Realport On A Digi Device From The Digi Navigator
Ethernet cable. 3. Launch the Digi Navigator. 4. A list of the devices discovered by the Digi Navigator displays. Click on the device that you want to configure. For information about how devices are discovered and how to add a device...
Page 273: Digi Navigator Device Discovery Process
Digi Navigator. If a Digi device is not on the same network as your computer or the device is undiscoverable, the device is not displayed in the Digi Navigator. You can add the device using that device's IP address, and after it has been added, it also displays in the Digi Navigator.
Page 274: Services Used To Discover A Device When Connected To A Network
Services used to discover a device when connected to a network To discover the IP address for a Digi device connected to your network, the Digi Navigator uses the HTTPS service by default. Other services can be used, if needed.
Page 275 Use the autodiscovery protocol to discover a device If a Digi device is directly connected to a computer or connected to a network with no DHCP server, you can assign an IP address to the Digi device so that the device is automatically discovered.
Page 276 Serial port Configure RealPort mode using the Digi Navigator 4. In the Default IP Filters section, click the enable button for the 192.168.210.1 option. 5. Click Filters at the bottom of the expanded toolbar to minimize the toolbar and hide the filters.
Page 277 Click OK. Specify the IP address to discover a Digi device If a Digi device is not on the same network as your computer or the device is undiscoverable, you can manually add the device using that device's IP address.
Page 278: Digi Navigator Application Features
6. Enter the user name and password for the device in the User name and Password fields. 7. Click Submit. 8. The device you just added displays at the bottom of the Digi Navigator screen. You can click Refresh to update the screen until the device appears.
Page 279 Click Digi Remote Manager to launch Digi Remote Manager. See Manager Access Digi Remote Manager from the Digi Navigator. Specify a Expand the Specify a device section to enter the IP address of a Digi device device. See Specify the IP address to discover a Digi device.
Page 280 Click Login. Filter devices for display in the Digi Navigator You can use the Digi Navigator filters to determine the types of Digi devices you want to display. Only the devices that are powered on and are discoverable are included.
Page 281 3. Click Filters from the green toolbar to expand the toolbar and display the filter options. 4. In the Device Filters section, a list of the Digi device types display. All types are disabled by default, and when all are disabled, all types are displayed.
Page 282: Advanced Realport Configuration Without Using The Digi Navigator
Serial port Advanced RealPort configuration without using the Digi Navigator Advanced RealPort configuration without using the Digi Navigator You can configure the Connect EZ to communicate with your computer using RealPort. Windows Operating System This method can be used if your computer has a Windows OS installed and you choose not to use the Digi Navigator to discover devices and configure RealPort.
Page 283 1. Navigate to the downloaded Realport .zip file. 2. Open the .zip file. 3. Click on setup.exe to launch the RealPort wizard. The Welcome to the Digi RealPort Setup Wizard screen displays. 4. If this is not the first time you have run the wizard, select the Add a New Device option. If this is the first time running the wizard, no options are available on the screen.
Page 284: Configure The Serial Port For Realport Mode
Serial port Advanced RealPort configuration without using the Digi Navigator 7. Select the Encrypt Network Traffic check box to enable encrypted network traffic. When you select this option, the TCP Port for Encrypted Traffic field becomes available. 8. The TCP Port for Encrypted Traffic field has a default value of 1027. The entry must match the device's TCP port setting.
Page 285 Serial port Advanced RealPort configuration without using the Digi Navigator Log into the Connect EZ WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Configuration, click Serial Configuration. The Serial Configuration page is displayed.
Page 286 Serial port Advanced RealPort configuration without using the Digi Navigator For RTS Pre-delay, enter the amount of time RTS is asserted before starting data transmission. The time is measured in milliseconds. The default is 0ms. For RTS Post-delay, enter the amount of time RTS is deasserted before completing data transmission.
Page 287 Serial port Advanced RealPort configuration without using the Digi Navigator 3. The serial port is enabled by default. To disable: (config)> serial port1 enable false (config)> 4. Set the mode: (config)> serial port1 mode realport (config)> 5. Set the sharing mode: (config)>...
Page 288 Serial port Advanced RealPort configuration without using the Digi Navigator rs-485 Enable termination if you want to enable electrical termination on this serial port: (config)> serial port1 termination true (config)> Enable full_duplex if you want to enable full duplex communication on this serial port: (config)>...
Page 289: Configure The Realport Service
Serial port Advanced RealPort configuration without using the Digi Navigator where value is one of: received transmitted both arrows. This is the default. e. Log the time at which date was received or transmitted: (config)>serial port1 logging hex true (config)>...
Page 290 Serial port Advanced RealPort configuration without using the Digi Navigator 10. Enable Exclusive Mode to ensure that any connection from an IP address is closed when opening a new connection from the same IP address. This disabled by default. 11. Enable RealPort Keepalive to send RealPort keepalive packets. This is enabled by default.
Page 291: Disconnect A User From A Serial Port
Dial-in, or Modem Emulator.  1. Log into the Connect EZ WebUI as a user with full Admin access rights. 2. On the menu, click Status > Connections> Serial. The Serial Status page displays. Digi Connect EZ 4/4i User Guide...
Page 292 Where port is the port number you want to review, such as "port2"; a string, such as "console"; or the name of a user-configured serial port, such as USB. Enter one or both of the following: Digi Connect EZ 4/4i User Guide...
Page 293: Show Serial Port Status And Statistics
The Serial Status page contains status information about all of the serial ports available on the device. To navigate to the Serial Status page, log into the device's web UI and click Status > Connection> Serial. Digi Connect EZ 4/4i User Guide...
Page 294 Green Log button: The serial port mode selected for the port supports serial port logging, and logging is enabled. Click the Log button to open the Serial Port Log page for that port. See Review the serial port message log for information about that page. Digi Connect EZ 4/4i User Guide...
Page 295: Review The Serial Port Message Log
/opt/serial directory. Because this is being save to the device's memory, you should use serial logging for diagnostic purposes, rather than having it permanently enabled. Click Restart to clear and restart the serial port log. Digi Connect EZ 4/4i User Guide...
Page 296 > system serial clear port-number > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 297 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics Digi Connect EZ 4/4i User Guide...
Page 298: Wi-Fi Configuration
Digi AP Enabled or disabled Enabled SSID Digi-Connect EZ-serial_number SSID broadcast Enabled Encyrption WAP2 Personal (PSK) Pre-shared key The unique password printed on the bottom label of the device. Group rekey interval 10 minutes Digi Connect EZ 4/4i User Guide...
Page 299 Wi-Fi Wi-Fi configuration Client mode connections None. Digi Connect EZ 4/4i User Guide...
Page 300: Configure The Wi-Fi Radio's Channel
Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 301 (config)> network wifi radio phy0 band 2400mhz (config)> b. Set the channel for the Wi-Fi radio: (config)> network wifi radio phy0 2400mhz channel value (config)> where value is: For 2.4 GHz: 1 through 11 auto For 5 GHz: auto Digi Connect EZ 4/4i User Guide...
Page 302: Configure The Wi-Fi Radio To Support Dfs Channels In Client Mode
Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 303 (config)> network wifi radio phy0 5000mhz dfs_client true (config)> Note When DFS client support is enabled, any enabled access points that use this radio will not be started and cannot be used as access points. Digi Connect EZ 4/4i User Guide...
Page 304: Configure The Wi-Fi Radio's Band And Protocol
Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 305 If the Wi-Fi radio has a band of 5000mhz: (config)> network wifi radio phy0 5000mhz mode value (config)> where value is one of ac, acn, or n. 4. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 306: Configure The Wi-Fi Radio's Transmit Power
100 percent. You can configure the Wi-Fi radio to transmit at a lower power.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 307: Configure An Open Wi-Fi Access Point
This procedure configures a Wi-Fi access point that does not require a password for client connections. By default, the Connect EZ device comes with one preconfigured access point, Digi AP. You cannot delete default access points, but you can modify them or you can create your own access points.
Page 308 Wi-Fi Configure an open Wi-Fi access point  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 309 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create a new access point: (config)> add network wifi ap new_AP (config network wifi ap new_AP)> New access points are enabled by default. Digi Connect EZ 4/4i User Guide...
Page 310 Wi-Fi radio is restarted. The default is 10 minutes. 1. Assign the Wi-Fi access point to a LAN interface or to a bridge. See Configure a Local Area Network (LAN) Configure a bridge for more information. Digi Connect EZ 4/4i User Guide...
Page 311 (config)> network wifi ap digi_ap ssid_broadcast true (config)> 6. Set the security for the access point to an open security method: (config network wifi ap new_AP)> encryption type value (config network wifi ap new_AP)> where value is either: Digi Connect EZ 4/4i User Guide...
Page 312 (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 313: Configure A Wi-Fi Access Point With Personal Security
The amount of time to wait before changing the group key. To configure a Wi-Fi access point to use personal security:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 314 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre-shared key. The wpa_ passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
Page 315 SSID broadcasting is enabled by default for new access points. 5. Set the security for the access point to a personal security option: (config network wifi ap new_AP)> encryption type value (config network wifi ap new_AP)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 316 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
Page 317 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Show available access points: (config)> network wifi ap ? Additional Configuration ------------------------------------------------------------------------ Digi Connect EZ 4/4i User Guide...
Page 318 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
Page 319: Configure A Wi-Fi Access Point With Enterprise Security
RADIUS server, rather than using preshared key on the Connect EZ device. By default, the Connect EZ device comes with one preconfigured access point, Digi AP. You cannot delete default access points, but you can modify them or you can create your own access points.
Page 320 The amount of time to wait before changing the group key. To configure a Wi-Fi access point with WPA2 enterprise security:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 321 For RADIUS IP/hostname, type the IP address or hostname of the RADIUS server. d. (Optional) Change the RADIUS port. The default port is 1812. e. For RADIUS secret key, type the secret key as configured on the RADIUS server. Digi Connect EZ 4/4i User Guide...
Page 322 4. Set the SSID for the Wi-Fi access point. Up to 32 characters are allowed. (config network wifi ap new_AP)> ssid my_SSID (config network wifi ap new_AP)> SSID broadcasting is enabled by default for new access points. Digi Connect EZ 4/4i User Guide...
Page 323 The group key is shared by all in clients of the access point, and after a client has disconnected, it will be able to use the group key to decrypt broadcast packets until the key is changed. (config network wifi ap new_AP)> encryption group_rekey value (config network wifi ap new_AP)> Digi Connect EZ 4/4i User Guide...
Page 324 3. Show available access points: (config)> network wifi ap ? Additional Configuration ------------------------------------------------------------------------ ------- digi_ap Digi AP (config)> 4. Set the SSID for the appropriate access point: (config)> network wifi ap digi_ap ssid my_SSID (config)> Digi Connect EZ 4/4i User Guide...
Page 325 0. This will allow any client that has previously connected to see all broadcast traffic on the wireless network until the Wi-Fi radio is restarted. The default is 10 minutes. Digi Connect EZ 4/4i User Guide...
Page 326 (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 327: Isolate Wi-Fi Clients
This section provides instructions for both mechanisms. Isolate clients connected to the same access point  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 328: Isolate Clients Connected To Different Access Points
2. Assign those LAN interfaces to separate firewall zones. 3. Create firewall filters to prevent traffic between the two firewall zones.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 329 For Add packet filter, click . iii. For Label, type Drop traffic from Internal to LAN2_isolation_zone. iv. For Action, select Drop. v. For Source zone, select Internal. vi. For Destination zone, select LAN2_isolation_zone. Digi Connect EZ 4/4i User Guide...
Page 330 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 331 Create a firewall filter to provide internet access for the LAN2_isolation_zone. i. Return to the root config prompt by typing three periods (...): (config firewall zone LAN2_isolation_zone)> ... (config)> ii. Add the new packet filter: (config)> add firewall filter end (config firewall filter 1)> Digi Connect EZ 4/4i User Guide...
Page 332 By default, the Connect EZ device comes with one preconfigured LAN, which includes the default access point. We will use that LAN for the access point, and create a new LAN for the access point. Digi Connect EZ 4/4i User Guide...
Page 333: Configure A Wi-Fi Client And Add Client Networks
Configure a Wi-Fi client and add client networks Required configuration items Create the Wi-Fi client. The Connect EZ device's Wi-Fi radio that the Wi-Fi client will use. SSID of the access point that the client will log into. Digi Connect EZ 4/4i User Guide...
Page 334 To configure a Wi-Fi client:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 335 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
Page 336 For Short interval, type the number of seconds to wait between scans for access points, when the signal strength from the access point to which the client is currently connected is below the Scan threshold. Digi Connect EZ 4/4i User Guide...
Page 337 (config network wifi client new_client)> where value is the SSID of the access point. b. Set the encryption type for the access point: (config network wifi client new_client)> ssid 0 encryption type value (config network wifi client new_client)> Digi Connect EZ 4/4i User Guide...
Page 338 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
Page 339 PEM format: (config network wifi client new_client)> ssid 0 encryption ca_cert certificate (config network wifi client new_client)> iii. Set the client certificate by using the client_cert paramater and pasting the certificte in PEM format: Digi Connect EZ 4/4i User Guide...
Page 340 Set the number of seconds to wait between scans for access points, when the signal strength from the access point to which the client is currently connected is below the Digi Connect EZ 4/4i User Guide...
Page 341 Use the ? with an existing index number to determine the allowed values for frequencies: (config network wifi client new_client)> background_scanning scan_ freq 1 Scan frequency: Enable this frequency in the background scan. Format: 2412 2417 Digi Connect EZ 4/4i User Guide...
Page 342: Show Wi-Fi Access Point Status And Statistics
1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ 4/4i User Guide...
Page 343 > show wifi ap name my_AP my_AP Access Point Status ------------------------- Enabled : true Status : up SSID : my_AP Security : none Channel Channel Width Radio : wifi BSSID : 01:41:D1:14:36:37 Client Signal RX Bytes TX Bytes Uptime Digi Connect EZ 4/4i User Guide...
Page 344: Show Wi-Fi Client Status And Statistics
SSID2 down > Show detailed status and statistics of a specific Wi-Fi client To show a detailed status and statistics of a Wi-Fi client, use the show wifi client name name command. Digi Connect EZ 4/4i User Guide...
Page 345 Enabled : true SSID : my_SSID Status : up Signal : -43 MAC Address : 91:fe:86:d1:0e:81 Channel : 48 Radio : wifi1 TX Power : 23 Link Quality : 67/70 BSSID : 6D:B9:DD:BD:EE:C4 > Digi Connect EZ 4/4i User Guide...
Page 346: Routing
Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) Digi Connect EZ 4/4i User Guide...
Page 347: Ip Routing
5. If there are two or more routes to a destination with the same mask, the device uses the route with the lowest metric. This section contains the following topics: Configure a static route Delete a static route Policy-based routing Configure a routing policy Routing services Configure routing services Digi Connect EZ 4/4i User Guide...
Page 348: Configure A Static Route
The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 349 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a new static route: (config)> add network route static end (config network route static 0)> Digi Connect EZ 4/4i User Guide...
Page 350 9. (Optional) Set the Maximum Transmission Units (MTU) of network packets using this route: (config network route static 0)> mtu integer (config network route static 0)> 10. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 351: Delete A Static Route
Type quit to disconnect from the device. Delete a static route  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 352: Policy-Based Routing
Ethernet (WAN) connection. Policy-based routing for the Connect EZ device uses the following criteria to determine how to route traffic: Firewall zone (for example, internal/outbound traffic, external/inbound traffic, or IPSec tunnel traffic). Digi Connect EZ 4/4i User Guide...
Page 353: Configure A Routing Policy
To configure a routing policy:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 354 Interface: Matches the source IP address to the selected interface's network address. IPv4 address: Matches the source IP address to the specified IP address or network. Use the format IPv4_address[/netmask], or use any to match any IPv4 address. Digi Connect EZ 4/4i User Guide...
Page 355 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a new routing policy: (config)> add network route policy end (config network route policy 0)> Digi Connect EZ 4/4i User Guide...
Page 356 Set the destination port: (config network route policy 0)> dst_port value (config network route policy 0)> where value is the port number, or the keyword any to match any port as the destination port. Digi Connect EZ 4/4i User Guide...
Page 357 (config network route policy 0)> src zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any Current value: any (config network route policy 0)> src zone Digi Connect EZ 4/4i User Guide...
Page 358 Matches the destination IP address to the selected firewall zone. Set the zone: a. Use the ? to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: Digi Connect EZ 4/4i User Guide...
Page 359 (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the destination MACaddress to the specified MACaddress. Set the MAC address to be matched: Digi Connect EZ 4/4i User Guide...
Page 360 (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 361: Routing Services
Enable routing services. Enable and configure the types of routing services that will be used.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 362 (config)> network route service enable true (config)> 4. Configure routing services that will be used: a. Use the ? to display available routing services: (config)> network route service ? Routing services: Settings for dynamic routing services and protocols. Digi Connect EZ 4/4i User Guide...
Page 363 Allow ECMP enable true Enable Additional Configuration --------------------------------------------------------------------- ---------- interface Interfaces neighbour Neighbours redis Route redistribution timer Timers (config)> 5. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 364: Show The Routing Table
Type quit to disconnect from the device. Show the routing table To display the routing table:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 365: Dynamic Dns
The amount of time to wait to force an update of the interface's IP address. The amount of time to wait for an IP address update to succeed before retrying the update. The number of times to retry a failed IP address update. Digi Connect EZ 4/4i User Guide...
Page 366 Routing Dynamic DNS  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 367 3. Add a new Dynamic DNS instance. For example, to add an instance named new_ddns_ instance: (config)> add network ddns new_ddns_instance (config network ddns new_ddns_instance)> New Dynamic DNS instances are enabled by default. To disable: (config network ddns new_ddns_instance)> enable false (config network ddns new_ddns_instance)> Digi Connect EZ 4/4i User Guide...
Page 368 8. Set the username to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> username name (config network ddns new_ddns_instance)> 9. Set the password to authenticate with the Dynamic DNS provider: (config network ddns new_ddns_instance)> password pwd (config network ddns new_ddns_instance)> Digi Connect EZ 4/4i User Guide...
Page 369 13. (Optional) Set the number of times to retry a failed IP address update: (config network ddns new_ddns_instance)> retry_count value (config network ddns new_ddns_instance)> where value is any interger. The default is 5. 14. Save the configuration and apply the change Digi Connect EZ 4/4i User Guide...
Page 370: Virtual Router Redundancy Protocol (Vrrp)
VRRP devices that participate in the same VRRP device pool. The VRRP priority of this device. The shared virtual IP address for the VRRP virtual router. Devices connected to the LAN will use this virtual IP address as their default gateway. Digi Connect EZ 4/4i User Guide...
Page 371 VRRP-enabled devices and dynamically change the VRRP priorty of devices based on the status of their network connectivity.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 372 4. Enable the VRRP instance: (config network vrrp VRRP_test)> enable true (config network vrrp VRRP_test)> 5. Set the interface on which this VRRP instance should run: a. Use the ? to determine available interfaces: Digi Connect EZ 4/4i User Guide...
Page 373: Configure Vrrp
VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a Connect EZ device. Digi Connect EZ 4/4i User Guide...
Page 374 For backup VRRP devices, enable the ability to monitor the VRRP master, so that a backup device can increase its priority when the master device fails SureLink tests.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 375 SureLink fails on the master, it will lower its priority to below 80, and the backup device will assume the master role. 10. Configure the VRRP interface. The VRRP interface is defined in the Interface parameter of the VRRP configuration, and generally should be a LAN interface: Digi Connect EZ 4/4i User Guide...
Page 376 Click to expand IPv4 > SureLink. ii. Click Enable. iii. For Interval, type a the amount of time to wait between connectivity tests. To guarantee seamless internet access for VRRP+ purposes, SureLink tests should occur Digi Connect EZ 4/4i User Guide...
Page 377 Click to expand Test targets > Test target. v. Configure the test target. For example, to configure SureLink to verify internet connectivity on the LAN by pinging https://remotemanager.digi.com: i. For Test Type, select Ping test. ii. For Ping host, type https://remotemanager.digi.com.
Page 378 (config)> network interface eth2 ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> b. For backup devices, set the default gateway to the IP address of the VRRP interface on the master device. For example: (config)> network interface eth2 ipv4 gateway 192.168.3.1 (config)> Digi Connect EZ 4/4i User Guide...
Page 379 (config network interface eth2 ipv4 surelink target 0)> (Optional) Set the size, in bytes, of the ping packet: (config network interface eth2 ipv4 surelink target 0)> ping_size [num] (config network interface eth2 ipv4 surelink target 0)> Digi Connect EZ 4/4i User Guide...
Page 380 (config network interface eth2 ipv4 surelink target 0)> interface_timeout value (config network interface eth2 ipv4 surelink target 0)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 381: Example: Vrrp/Vrrp+ Configuration
Configure device one (master device)  Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 382 Task 2: Configure VRRP+ on device one 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. 4. Click  to add an interface for monitoring. 5. Select Interface: Modem. 6. For Priority modifier, type 30. Digi Connect EZ 4/4i User Guide...
Page 383 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Create the VRRP instance: (config)> add network vrrp VRRP_test (config network vrrp VRRP_test)> Digi Connect EZ 4/4i User Guide...
Page 384 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> 2. Set the IP address for ETH2: (config)> network interface eth2 ipv4 address 192.168.3.1/24 (config)> Digi Connect EZ 4/4i User Guide...
Page 385: Configure Device Two (Backup Device)
Configure device two (backup device)  Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 386 10. Click  to add a virtual IP address. 11. For Virtual IP, type 192.168.3.3. Task 2: Configure VRRP+ on device two 1. Click to expand VRRP+. 2. Click Enable. 3. Click to expand Monitor interfaces. Digi Connect EZ 4/4i User Guide...
Page 387 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. 6. For Ping host, type https://remotemanager.digi.com. Task 5: Configure the DHCP server for ETH2 on device two 1. Click to expand Network > Interfaces > ETH2 > IPv4 > DHCP Server 2.
Page 388 5. Set the VRRP interface to ETH2: (config network vrrp VRRP_test)> interface /network/interface/eth2 (config network vrrp VRRP_test)> 6. Add the virtual IP address associated with this VRRP instance. (config network vrrp VRRP_test)> add virtual_address end 192.168.3.3 (config network vrrp VRRP_test)> Digi Connect EZ 4/4i User Guide...
Page 389 (192.168.3.1). (config)> network interface eth2 ipv4 gateway 192.168.3.1 (config)> Task 4: Configure SureLink for ETH2 on device two 1. Enable SureLink on the ETH2 interface: (config)> network interface eth2 ipv4 surelink enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 390 (config network interface eth2 ipv4 surelink target 0)> test ping (config network interface eth2 ipv4 surelink target 0)> 4. Set https://remotemanager.digi.com as the hostname to ping: (config network interface eth2 ipv4 surelink target 0)> ping_host https://remotemanager.digi.com(config network interface eth2 ipv4 surelink target 0)>...
Page 391: Show Vrrp Status And Statistics
This section describes how to display VRRP status and statistics for a Connect EZ device. VRRP status is available from the Web UI only.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 392 Current State : Master Current Priority : 100 Last Transition : Tue Jan 1 00:00:39 2019 Became Master Released Master Adverts Sent : 71 Adverts Received Priority Zero Sent Priority zero Received : 0 > Digi Connect EZ 4/4i User Guide...
Page 393: Virtual Private Networks (Vpn)
This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet MACsec NEMO WireGuard VPN Digi Connect EZ 4/4i User Guide...
Page 394: Ipsec
Diffie-Hellman key exchange. This creates the IKE SAs that are used to encrypt further IKE communications. For IKEv1, there are two modes for the phase 1 negotiation: Main mode and Aggressive mode. IKEv2 does not use these modes. Digi Connect EZ 4/4i User Guide...
Page 395: Authentication
CA certificate from the signing authority and, if available, a Certificate Revocation List (CRL). Configure an IPsec tunnel Configuring an IPsec tunnel with a remote device involves configuring the following items: Digi Connect EZ 4/4i User Guide...
Page 396 NAT is being used. If using IPsec failover, identify the primary tunnel during configuration of the backup tunnel. The Network Address Translation (NAT) keep alive time. The protocol, either Encapsulating Security Payload (ESP) or Authentication Header (AH). Digi Connect EZ 4/4i User Guide...
Page 397 Configure a static route for information about configuring a static route.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 398 Click to expand Firewall > Packet filtering. b. For Add packet filter, click . c. For Label, type Allow incoming IPsec traffic. d. For Source zone, select IPsec. Leave all other fields at their default settings. Digi Connect EZ 4/4i User Guide...
Page 399 For Local key, type the local pre-shared key. This must be the same as the remote key on the remote host. ii. For Remote key, type the remote pre-shared key. This must be the same as the local key on the remote host. Digi Connect EZ 4/4i User Guide...
Page 400 IP address, from the remote peer. 19. Click to expand Local endpoint. a. For Type, select either: Default route: Uses the same network interface as the default route. Interface: Select the Interface to be used as the local endpoint. Digi Connect EZ 4/4i User Guide...
Page 401 For Hostname, type a hostname or IPv4 address. If your device is not configured to initiate the IPsec connection (see IKE > Initiate connection), you can also use the keyword any, which means that the hostname is dynamic or unknown. iii. Click  again to add additional hostnames. Digi Connect EZ 4/4i User Guide...
Page 402 ID_KEY_ID IKE identity. 21. Click to expand Policies. Policies define the network traffic that will be encapsulated by this tunnel. a. Click  to create a new policy. The new policy configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 403 Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. Other protocol: Matches an unlisted protocol. If Other protocol is selected, type the number of the protocol. Digi Connect EZ 4/4i User Guide...
Page 404 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s. Digi Connect EZ 4/4i User Guide...
Page 405 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 406 Format: dynamic_routes edge external internal ipsec loopback setup Default value: ipsec Current value: ipsec (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ 4/4i User Guide...
Page 407 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> where protocol is either: Digi Connect EZ 4/4i User Guide...
Page 408 (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> c. For the peer_public_key parameter, paste the peer's public RSA key in PEM format: Digi Connect EZ 4/4i User Guide...
Page 409 (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: a. Enable XAUTH client functionality: (config vpn ipsec tunnel ipsec_example)> xauth_client enable true (config vpn ipsec tunnel ipsec_example)> Digi Connect EZ 4/4i User Guide...
Page 410 Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. Set an IPv4 formatted ID. This can be a fully-qualified domain name or an IPv4 address. Digi Connect EZ 4/4i User Guide...
Page 411 Repeat for additional hostnames. b. Set the hostname selection type: (config vpn ipsec tunnel ipsec_example)> remote hostname_selection value (config vpn ipsec tunnel ipsec_example)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 412 (config vpn ipsec tunnel ipsec_example)> remote id type rfc822_ id id (config vpn ipsec tunnel ipsec_example)> fqdn: The ID will be interpreted as FQDN (Fully Qualified Domain Name) and sent as an ID_FQDN IKE identity. Digi Connect EZ 4/4i User Guide...
Page 413 Do not send oversized IKE messages in fragments, but announce support for fragmentation to the peer. The default is always. e. Padding of IKE packets is enabled by default and should normally not be disabled except for compatibility purposes. To disable: Digi Connect EZ 4/4i User Guide...
Page 414 Configure the types of encryption, hash, and Diffie-Hellman group to use during phase 1: i. Add a phase 1 proposal: (config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> Digi Connect EZ 4/4i User Guide...
Page 415 Set the type of Diffie-Hellman group to use for key exchange during phase 1: i. Use the ? to determine available Diffie-Hellman group types: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> dh_group ? curve25519 curve448 ecp192 Digi Connect EZ 4/4i User Guide...
Page 416 Set the type of encryption to use during phase 2: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> cipher value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> where value is one of: 3des aes128 aes128gcm128 Digi Connect EZ 4/4i User Guide...
Page 417 Set the Diffie-Hellman group type: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group value (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> The default is modp2048. vi. (Optional) Add additional phase 2 proposals: Digi Connect EZ 4/4i User Guide...
Page 418 Set the IPv4 address and optional netmask of a destination network that requires source NAT. You can also use any, meaning that any destination network connected to the tunnel will use source NAT. Digi Connect EZ 4/4i User Guide...
Page 419 (config vpn ipsec tunnel ipsec_example policy 0)> where value is the IPv4 address and optional netmask. The keyword any can also be used. request: Requests a network from the remote peer. dynamic: Uses the address of the local endpoint. Digi Connect EZ 4/4i User Guide...
Page 420 (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol value (config vpn ipsec tunnel ipsec_example policy 0)> where value is one of: any: Matches any protocol. tcp: Matches TCP protocol only. udp: Matches UDP protocol only. icmp: Matches ICMP requests only. Digi Connect EZ 4/4i User Guide...
Page 421 Generally, the default settings for these should be sufficient. c. You can also enable debugging for IPsec: (config)> vpn ipsec advanced debug value (config)> where value is one of: none basic_auditing detailed_control generic_control raw_data sensitive_data Digi Connect EZ 4/4i User Guide...
Page 422 (config)> save Configuration saved. > 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 423: Configure Ipsec Failover
For example: Tunnel_1: Metric: 10 Local endpoint > Interface: ETH2 Remote endpoint > Hostname: 192.168.10.1 SureLink configuration: Restart Interface enabled Test target: Test type: Ping test Ping host: 192.168.10.2 Tunnel_2: Digi Connect EZ 4/4i User Guide...
Page 424 Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a value that is higher than the metric of the primary tunnel (for example, 20).  Command line Digi Connect EZ 4/4i User Guide...
Page 425 Use the ? to view a list of available tunnels: (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation Digi Connect EZ 4/4i User Guide...
Page 426: Configure Surelink Active Recovery For Ipsec
To configure the Connect EZ device to regularly probe the IPsec connection:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
Page 427 Virtual Private Networks (VPN) IPsec a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 428 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. Digi Connect EZ 4/4i User Guide...
Page 429 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). Digi Connect EZ 4/4i User Guide...
Page 430 Reset modem: This recovery action is available for WWAN interfaces only. If Reset modem is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. Digi Connect EZ 4/4i User Guide...
Page 431 For Delayed Start, type the amount of time to wait while the device is starting before SureLink testing begins. This setting is bypassed when the interface is determined to be Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 432 To add additional tests: a. Add a test: (config vpn ipsec tunnel ipsec_example)> add surelink tests end (config vpn ipsec tunnel ipsec_example surelink tests 1)> b. New tests are enabled by default. To disable: Digi Connect EZ 4/4i User Guide...
Page 433 1)> ping_size int (config vpn ipsec tunnel ipsec_example surelink tests 1)> dns: Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: Digi Connect EZ 4/4i User Guide...
Page 434 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example surelink tests 1)> interface_timeout 600s (config)> Digi Connect EZ 4/4i User Guide...
Page 435 Either the IPv4 or IPv6 connection must be up. both: Both the IPv4 or IPv6 connection must be up. ipv4 The IPv4 connection must be up. ipv6: The IPv6 connection must be up. Digi Connect EZ 4/4i User Guide...
Page 436 (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect EZ 4/4i User Guide...
Page 437 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> restart_interface. If restart_interface is selected, complete the following: Digi Connect EZ 4/4i User Guide...
Page 438 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> Digi Connect EZ 4/4i User Guide...
Page 439 (config vpn ipsec tunnel ipsec_example surelink actions 0)> test_failures int (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Set the commands to run to attempt to recovery connectivity. Digi Connect EZ 4/4i User Guide...
Page 440 (config)> vpn ipsec tunnel ipsec_example surelink pass_threshold int (config)> The default is 1. e. Set the amount of time that the device should wait for a response to a test attempt before considering it to have failed: Digi Connect EZ 4/4i User Guide...
Page 441 The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. To set to an alternate host: Digi Connect EZ 4/4i User Guide...
Page 442: Show Ipsec Status And Statistics
--------------- ipsec1 true 192.168.2.1 vpn1 false pending 192.168.3.1 > 3. To display details about a specific tunnel: > show ipsec tunnel ipsec1 Tunnel : ipsec1 Enable : true Status : pending Hostname : 192.168.2.1 Digi Connect EZ 4/4i User Guide...
Page 443: Debug An Ipsec Configuration
 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 444: Configure A Simple Certificate Enrollment Protocol Client
You can configure Connect EZ device to function as a SCEP client that will connect to a SCEP server that is used to sign Certificate Signing Requests (CSRs), provide Certificate Revocation Lists (CRLs), and distribute valid certificates from a Certificate Authority (CA). Digi Connect EZ 4/4i User Guide...
Page 445 The number of days that the certificate enrollment can be renewed, prior to the request expiring.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 446 13. (Optional) For CA identity, type a string that will be understood by the certificate authority. For example, it could be a domain name or a user name. If the certificate authority has multiple CA certificates, this field can be used to distinguish which is required. Digi Connect EZ 4/4i User Guide...
Page 447 Use Client Certificate is enabled by default. Click to disable the use of a client certificate for renewal requrests. 22. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 448 (config network scep_client scep_client_name)> server password challenge_ password (config network scep_client scep_client_name)> 9. Set Distinguished Name attributes: a. Set the Domain Component: (config network scep_client scep_client_name)> distinguished_name dc value (config network scep_client scep_client_name)> b. Set the two letter Country Code: Digi Connect EZ 4/4i User Guide...
Page 449 The URL to the file name used to access the certificate revocation list from the crldp: The CRL distribution point. getCRL: A CRL query using the issuer name and serial number from the certificate whose revocation status is being queried. The default is url. Digi Connect EZ 4/4i User Guide...
Page 450 (config network scep_client scep_client_name)> polling_interval 600s (config network scep_client scep_client_name)> The default is 5s. 14. Set the bit size of the private key: (config network scep_client scep_client_name)> key_length int (config network scep_client scep_client_name)> The default is 2048. Digi Connect EZ 4/4i User Guide...
Page 451: Example: Scep Client Configuration With Fortinet Scep Server
Type a Certificate ID for the CA, for example, fortinet_example_ca. d. Complete the Subject Information fields. e. The remaining fields can be left at their defaults or changed as appropriate. f. Click OK. Digi Connect EZ 4/4i User Guide...
Page 452 Click OK. Connect EZ configuration On the Connect EZ device:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 453 9. For FQDN, type the fully qualified domain name or IP address of the Fortinet server. 10. For Password, type the challenge password. This corresponds to the Default enrollment password on the Fortinet server. Digi Connect EZ 4/4i User Guide...
Page 454 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 455 (config network scep_client Fortinet_SCEP_client)> distinguished_name dc value (config network scep_client Fortinet_SCEP_client)> b. Set the two letter Country Code: (config network scep_client Fortinet_SCEP_client)> distinguished_name c value (config network scep_client Fortinet_SCEP_client)> c. Set the State or Province: Digi Connect EZ 4/4i User Guide...
Page 456: Show Scep Client Status And Information
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. Digi Connect EZ 4/4i User Guide...
Page 457 Issuer : CN=TA-SCEP-1-CA Serial : 1100000002A1E755981C0C3F34000000000002 Expiry : Apr 25 13:42:47 2023 GMT Certificate Authority Certificate {2} ------------------------------------- Subject : C=US,CN=TA-SCEP-1-MSCEP-RA Issuer : CN=TA-SCEP-1-CA Serial : 1100000003268AFB5E98BFCA73000000000003 Expiry : Apr 25 13:42:48 2023 GMT Digi Connect EZ 4/4i User Guide...
Page 458 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 459: Openvpn
OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The Connect EZ device supports two mechanisms for configuring an OpenVPN server in TAP mode: Digi Connect EZ 4/4i User Guide...
Page 460: Configure An Openvpn Server
If username and password authentication is used, you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificates and keys: The CA certificate (usually in a ca.crt file). The Public key (for example, server.crt) Digi Connect EZ 4/4i User Guide...
Page 461 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 462 Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, and you must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Digi Connect EZ 4/4i User Guide...
Page 463 Click Enable to enable the use of additional OpenVPN parameters. b. Click Override if the additional OpenVPN parameters should override default options. c. For OpenVPN parameters, type the additional OpenVPN parameters. 12. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 464 (config vpn openvpn server name)> address ip_address/netmask (config vpn openvpn server name)> b. Set the firewall zone for the OpenVPN server. For TUN device types, this should be set to internal to treat clients as LAN devices. Digi Connect EZ 4/4i User Guide...
Page 465 1 and 255. The number entered here will represent the last client IP address. For example, if address is set to 192.168.1.1/24 and server_last_ip is set to 99, the last client IP address will be 192.168.1.80. The default is from 80. Digi Connect EZ 4/4i User Guide...
Page 466 Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> iv. Paste the contents of the private key (for example, server.key) into the value of the server_key parameter: Digi Connect EZ 4/4i User Guide...
Page 467 To limit access based on firewall zones: (config vpn openvpn server name)> add acl zone end value (config vpn openvpn server name)> Where value is a firewall zone defined on your device, or the any keyword. Digi Connect EZ 4/4i User Guide...
Page 468 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 469: Configure An Openvpn Authentication Group And User
Connect EZ user authentication for more information about creating authentication groups and users.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 470 Type a password for the user. This password is used for local authentication of the user. You can also configure the user to use RADIUS or TACACS+ authentication by configuring authentication methods. See User authentication methods for information. Digi Connect EZ 4/4i User Guide...
Page 471 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 472 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 473: Configure An Openvpn Client By Using An .Ovpn File
Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 474 (config vpn openvpn client name)> where name is the name of the OpenVPN server. The OpenVPN client is enabled by default. To disable the client, type: (config vpn openvpn client name)> enable false (config vpn openvpn client name)> Digi Connect EZ 4/4i User Guide...
Page 475 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 476: Configure An Openvpn Client Without Using An .Ovpn File
Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 477 Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. Digi Connect EZ 4/4i User Guide...
Page 478 (config vpn openvpn client name)> zone value (config vpn openvpn client name)> To view a list of available zones: (config vpn openvpn client name)> zone ? Zone: The zone for the openvpn client interface. Digi Connect EZ 4/4i User Guide...
Page 479 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name)> public_cert value (config vpn openvpn client name)> 13. Paste the contents of the private key (for example, client.key) into the value of the private_ key parameter: Digi Connect EZ 4/4i User Guide...
Page 480: Configure Surelink Active Recovery For Openvpn
The number of probe failures before the OpenVPN connection is considered to have failed. The amount of time that the device should wait for a response to a probe failures before considering it to have failed. Digi Connect EZ 4/4i User Guide...
Page 481 OpenVPN To configure the Connect EZ device to regularly probe the OpenVPN connection:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 482 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. Digi Connect EZ 4/4i User Guide...
Page 483 TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: Digi Connect EZ 4/4i User Guide...
Page 484 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: Digi Connect EZ 4/4i User Guide...
Page 485 Powercycle the modem. This recovery action is available for WWAN interfaces only. If Powercycle the modem is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. Digi Connect EZ 4/4i User Guide...
Page 486 To edit an existing OpenVPN client, change to the OpenVPN client's node in the configuration schema. For example, for an OpenVPN client named openvpn_client1, change to the openvpn_client1 node in the configuration schema: (config)> vpn openvpn client openvpn_client1 (config vpn openvpn client openvpn_client1)> Digi Connect EZ 4/4i User Guide...
Page 487 Uses ICMP to determine connectivity. If ping is selected, complete the following: Set the ping_method: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_method value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 488 (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 489 Set the TCP port to create a TCP connection to. (config vpn openvpn client openvpn_client1 surelink tests 1)> tcp_port port (config vpn openvpn client openvpn_client1 surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: Digi Connect EZ 4/4i User Guide...
Page 490 (config vpn openvpn client openvpn_client1 surelink actions 0)> c. New actions are enabled by default. To disable: (config vpn openvpn client openvpn_client1 surelink actions 0)> enable false (config vpn openvpn client openvpn_client1 surelink actions 0)> Digi Connect EZ 4/4i User Guide...
Page 491 Increases the interface's metric to change the default gateway. If update_routing_table is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: Digi Connect EZ 4/4i User Guide...
Page 492 This recovery action is available for WWAN interfaces only. If reset_modem is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: Digi Connect EZ 4/4i User Guide...
Page 493 (config vpn openvpn client openvpn_client1 surelink actions 0)> The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. Digi Connect EZ 4/4i User Guide...
Page 494 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int (config vpn openvpn client openvpn_client1 surelink actions 0)> g. Repeat for each additional recovery action. Digi Connect EZ 4/4i User Guide...
Page 495 For example, to set timeout to ten minutes, enter either 10m or 600s: (config)> vpn openvpn client openvpn_client1 surelink timeout 600s (config)> The default is 15s. Digi Connect EZ 4/4i User Guide...
Page 496 (config vpn openvpn client openvpn_client1 connection_monitor target 0)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 497: Show Openvpn Server Status And Statistics
: OpenVPN_server1 Enable : true Type : tun Zone : internal IP Address : 192.168.30.1/24 Port : 1194 Use File : true Metric Protocol : udp First IP : 80 Last IP : 99 > Digi Connect EZ 4/4i User Guide...
Page 498: Show Openvpn Client Status And Statistics
: OpenVPN_client1 Enable : true Status : up Username : user1 IP address : 123.122.121.120 Remote : 120.121.122.123 : 1492 Zone : internal IP Address : 192.168.30.1/24 Port : 1194 Use File : true Metric Digi Connect EZ 4/4i User Guide...
Page 499 : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 500: Generic Routing Encapsulation (Gre)
Generic Routing Encapsulation (GRE) is an IP packet encapsulation protocol that allow for networks and routes to be advertized from one network device to another. You can use GRE to encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an IP network. Digi Connect EZ 4/4i User Guide...
Page 501: Configuring A Gre Tunnel
Enable the device to respond to keepalive packets. Task One: Create a GRE loopback endpoint interface  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 502 GRE endpoint's IP address and subnet mask to 10.10.1.1/24: (config network interface gre_interface)> ipv4 address 10.10.1.1/24 (config network interface gre_interface)> 7. Save the configuration and apply the change (config network interface gre_interface)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 503 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 504 (config vpn iptunnel gre_example)> remote ip_address (config vpn iptunnel gre_example)> 7. (Optional) Set a key that will be inserted in GRE packets created by this tunnel. The key must match the key set by the remote endpoint. Digi Connect EZ 4/4i User Guide...
Page 505 (config vpn iptunnel gre_example)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 506: Show Gre Tunnels
1. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 2. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane. Digi Connect EZ 4/4i User Guide...
Page 507: Example: Gre Tunnel Over An Ipsec Tunnel
Remote network set to the IP address of the remote GRE tunnel, 172.30.0.1/32. 2. Create an IPsec endpoint interface named ipsec_endpoint2: a. Zone set to Internal. b. Device set to Ethernet: Loopback. c. IPv4 Address set to the IP address of the local GRE tunnel, 172.30.0.2/32. Digi Connect EZ 4/4i User Guide...
Page 508 Configure the Connect EZ-1 device Task one: Create an IPsec tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 509 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add an IPsec tunnel named ipsec_gre1: (config)> add vpn ipsec tunnel ipsec_gre1 (config vpn ipsec tunnel ipsec_gre1)> Digi Connect EZ 4/4i User Guide...
Page 510 (config vpn ipsec tunnel ipsec_gre1 policy 0)> remote network 172.30.0.2/32 (config vpn ipsec tunnel ipsec_gre1 policy 0)> 10. Save the configuration and apply the change (config ipsec tunnel ipsec_gre1 policy 0)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 511 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 512 Task three: Create a GRE tunnel  1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). Digi Connect EZ 4/4i User Guide...
Page 513 4. Set the remote endpoint to the IP address of the GRE tunnel on Connect EZ-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change (config vpn iptunnel gre_tunnel1)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 514 Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 515 Configure the Connect EZ-2 device Task one: Create an IPsec tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 516 12. For Type, select Custom network. 13. For Address, type the IP address and subnet of the local GRE tunnel, 172.30.0.2/32. 14. For Remote network, type the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32. Digi Connect EZ 4/4i User Guide...
Page 517 9. Set the remote network address to the IP address and subnet of the remote GRE tunnel, 172.30.0.1/32: (config vpn ipsec tunnel ipsec_gre2 policy 0)> remote network 172.30.0.1/32 (config vpn ipsec tunnel ipsec_gre2 policy 0)> Digi Connect EZ 4/4i User Guide...
Page 518 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 519 Task three: Create a GRE tunnel  1. Click VPN > IP Tunnels. 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). Digi Connect EZ 4/4i User Guide...
Page 520 (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change (config vpn iptunnel gre_tunnel2)> save Configuration saved. > Task four: Create an interface for the GRE tunnel device  Digi Connect EZ 4/4i User Guide...
Page 521 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> Digi Connect EZ 4/4i User Guide...
Page 522: Dynamic Multipoint Vpn (Dmvpn)
GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke Digi Connect EZ 4/4i User Guide...
Page 523: Configure A Dmvpn Spoke
Dynamic Multipoint VPN (DMVPN) Configure a DMVPN spoke To configure a DMVPN spoke:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 524 For Address, type the IP address and netmask of the tunnel. The netmask must be set to /32. 5. Configure NHRP: a. Click Network > Routing Services. b. Enable routing services. c. Click to expand NHRP. d. Enable NHRP. e. Click to expand Network. Digi Connect EZ 4/4i User Guide...
Page 525 Enable BGP. c. For AS number, type the autonomous system number for this device. d. For Best path criteria, select Multipath. e. Click to expand Neighbours. f. Click  to add a neighbour. Digi Connect EZ 4/4i User Guide...
Page 526 (config vpn iptunnel dmvpn_tunnel)> type multipoint (config vpn iptunnel dmvpn_tunnel)> c. Set the local interface: i. Use the ? to determine available interfaces: ii. Set the interface. For example: (config vpn iptunnel dmvpn_tunnel)> local /network/interface/eth1 (config vpn iptunnel dmvpn_tunnel)> Digi Connect EZ 4/4i User Guide...
Page 527 IP address to 10.20.1.4/32: (config network interface dmvpn_tunnel_interface)> ipv4 address 10.20.1.4/32 (config network interface dmvpn_tunnel_interface)> 5. Configure NHRP: a. Type ... to return to the top level of the configuration schema: (config network interface dmvpn_tunnel_interface)> ... (config)> Digi Connect EZ 4/4i User Guide...
Page 528 8. Configure the overlay connection using BGP: a. Type ... to return to the top level of the configuration schema: (config network interface dmvpn_tunnel_interface)> ... (config)> b. Enable BGP: (config)> network route service bgp enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 529: L2Tp
L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session. Required configuration items For L2TP access concentrators: The hostname or IP address of the L2TP network server. The firewall zone for the tunnel. Digi Connect EZ 4/4i User Guide...
Page 530 Whether to override the default configuration and only use the custom options. Optional configuration data in the format of a pppd options file.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 531 For Add L2TP access concentrator, type a name for the LACand click . c. LACs are enabled by default. To disable, toggle off Enable. d. For L2TP network server, type the hostname or IP address of the L2TP network server. Digi Connect EZ 4/4i User Guide...
Page 532 None: No authentication is required. Automatic: The device will attempt to connect using CHAP first, and then PAP. CHAP: Uses the Challenge Handshake Authentication Profile (CHAP) to authenticate. PAP: Uses the Password Authentication Profile (PAP) to authenticate. Digi Connect EZ 4/4i User Guide...
Page 533 A single IP address or host name. A network designation in CIDRnotation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the service-type. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 534 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ 4/4i User Guide...
Page 535 0 and 65535. The default is 1. g. Set the firewall zone for the tunnel. This is used by packet filtering rules and access control lists to restrict network traffic on the tunnel. Digi Connect EZ 4/4i User Guide...
Page 536 6. To add an L2TP network server: a. Add an LNS: (config)> add vpn l2tp lns name (config add vpn l2tp lac name)> where name is the name of the LNS. For example, to add an LNS named lns_server: Digi Connect EZ 4/4i User Guide...
Page 537 If auto, chap, pap or mschapv2 is selected, enter the Username and Password required to authenticate: (config vpn l2tp lns lns_server)> username username (config vpn l2tp lns lns_server)> password password (config vpn l2tp lns lns_server)> The default is none. Digi Connect EZ 4/4i User Guide...
Page 538 (config vpn l2tp lns lns_server)> custom override true (config vpn l2tp lns lns_server)> iii. Paste or type the configuration data in the format of a pppd options file: (config vpn l2tp lns lns_server)> custom config_file data (config vpn l2tp lns lns_server)> Digi Connect EZ 4/4i User Guide...
Page 539: L2Tp With Ipsec
1. On the menu, select Status. Under VPN, select L2TP > Network Servers. The L2TP Network Servers page appears. 2. To view configuration details about an L2TP network server, click the  (configuration) icon in the upper right of the tunnel's status pane.  Command line Digi Connect EZ 4/4i User Guide...
Page 540 2. To display details about all configured L2TP access connectors, type the following at the prompt: > show l2tp lns Name Enabled Status Device --------- ------- ------ ----------- lns_test1 true test_device0 lns_test2 true pending > Digi Connect EZ 4/4i User Guide...
Page 541: L2Tpv3 Ethernet
Encapsulation type. If UDP is selected: The ID for the tunnel. The ID of the peer's tunnel. Determine whether to enable UDP checksum. The session cookie. The peer session cookie. The Layer2SpecificHeader type. The Sequence numbering control.  Digi Connect EZ 4/4i User Guide...
Page 542 Virtual Private Networks (VPN) L2TPv3 Ethernet 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 543 (config vpn l2tpeth L2TPv3_example)> 6. Set the tunnel identifier for this tunnel. This must match the value for peer tunnel ID on the remote peer. (config vpn l2tpeth L2TPv3_example)> tunnel_id value (config vpn l2tpeth L2TPv3_example)> Digi Connect EZ 4/4i User Guide...
Page 544 1 and 4294967295. 11. Set the session ID of the remote peer: (config vpn l2tpeth L2TPv3_example session_example)> peer_session_id value (config vpn l2tpeth L2TPv3_example session_example)> where value is any integer between 1 and 4294967295. Digi Connect EZ 4/4i User Guide...
Page 545: Show L2Tpv3 Tunnel Status
Show L2TPV3 tunnel status  Log into the Connect EZ WebUI as a user with full Admin access rights. 1. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears. Digi Connect EZ 4/4i User Guide...
Page 546 TX Byptes : 3,120 > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 547: Macsec
The local network device to connect to the peer device. When using Manual mode, the connectivity association key and key name.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 548 (config vpn macsec tunnel1)> where value is one of the available options. 6. Specify the security mode: (config vpn macsec tunnel1) type value (config vpn macsec tunnel1)> where value is one of the following: Digi Connect EZ 4/4i User Guide...
Page 549: Nemo
The firewall zone of the NEMO tunnel. The IP address of the NEMO home agent server. This is provided by your cellular carrier. The home agent's authentication key. This is provided by your cellular carrier. Digi Connect EZ 4/4i User Guide...
Page 550 If the local network is set to Interface, identify the local interface to be used.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 551 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 552 9. Set the Security Parameter Index (SPI) value, which is used in the authentication extension when registering. This should be normally left at the default setting of 256 unless your service provider indicates a different value. Digi Connect EZ 4/4i User Guide...
Page 553 (config vpn nemo nemo_example)> tun_local type value (config vpn nemo nemo_example)> where value is one of: defaultroute: Uses the same network interface as the default route. interface If interface is used, set the interface. Digi Connect EZ 4/4i User Guide...
Page 554: Show Nemo Status
Type admin to access the Admin CLI. 2. To display details about all configured NEMO tunnels, type the following at the prompt: > show nemo NEMO Enable Status Address Agent CoAddress ---- ------ ------ ------- ------- ---------- demo false Digi Connect EZ 4/4i User Guide...
Page 555: Wireguard Vpn
WireGuard VPN tunnel to a remote server. Server mode: Configure the Connect EZ device to act as a server, so one or more remote devices can establish an inbound WireGuard VPN tunnel to the device. virtual private network Digi Connect EZ 4/4i User Guide...
Page 556: Configure The Wireguard Vpn
(optional) Local and remote IP addresses  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 557 Wireguard tunnel. To see the public key, navigate to Status > VPN > WireGuard. Private Type the private key for the Wireguard tunnel, if the Device managed private key setting is disabled. Digi Connect EZ 4/4i User Guide...
Page 558 7. The table below lists the required settings for creating and configuring a client WireGuard tunnel. Configuration Description Add a new WireGuard tunnel. > config vpn wireguard add name (config)> Where name is the name of the new WireGuard tunnel. Digi Connect EZ 4/4i User Guide...
Page 559 [Remote] Allowed addresses: Only traffic destined for an IP address added here will be sent to this peer. (config)> vpn wireguard name peer overlay (config)> [Remote] Endpoint address (config)> vpn wireguard name peer endpoint (config)> [Remote] Endpoint port Digi Connect EZ 4/4i User Guide...
Page 560 Type the private key for the Wireguard tunnel, if the Device managed private key setting is disabled. > config vpn wireguard add name private key value (config)> With value being a 32-byte string encoded in base 64. Digi Connect EZ 4/4i User Guide...
Page 561 Simple Network Management Protocol (SNMP) Location information Modbus gateway System time Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Digi Connect EZ 4/4i User Guide...
Page 562: Allow Remote Access For Web Administration And Ssh
To allow web administration or SSH for the External firewall zone: Add the External firewall zone to the web administration service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 563 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Add the External firewall zone to the SSH service Digi Connect EZ 4/4i User Guide...
Page 564 Services Allow remote access for web administration and SSH  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 565: Configure The Web Administration Service
An SSL certificate to use for communications with the service. Support for legacy encryption protocols. Set the idle timeout for Connect EZ users for information about setting the inactivity timeout for the web administration services. Digi Connect EZ 4/4i User Guide...
Page 566 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 567 Type quit to disconnect from the device. Configure the service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 568 If SSL certificate is blank, the device will use an automatically-generated, self- signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA ECDH Note Password-protected certificate keys are not supported. Example: Digi Connect EZ 4/4i User Guide...
Page 569 2. At the command line, type config to enter configuration mode: > config (config)> 3. Configure access control: To limit access to specified IPv4 addresses and networks: (config)> add service web_admin acl address end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 570 Type ... firewall zone ? at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge Digi Connect EZ 4/4i User Guide...
Page 571 Paste the contents of certificate.pem and key.pem into the service web_admin cert command. Enclose the contents of certificate.pem and key.pem in quotes. For example: (config)> service web_admin cert "-----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIULOwezcmbnQmIC9pT9txwCfUbkWQwDQYJKoZIhvcNAQEL BQAwgYcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xDjAMBgNVBAcMBUFs b2hhMRMwEQYDVQQKDApNY0JhbmUgSW5jMRAwDgYDVQQLDAdTdXBwb3J0MQ8wDQYD VQQDDAZtY2JhbmUxHzAdBgkqhkiG9w0BCQEWEGptY2JhbmVAZGlnaS5jb20wHhcN MjAwOTIyMTY1OTUyWhcNMjEwOTIyMTY1OTUyWjCBhzELMAkGA1UEBhMCVVMxDzAN BgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFQWxvaGExEzARBgNVBAoMCk1jQmFuZSBJ bmMxEDAOBgNVBAsMB1N1cHBvcnQxDzANBgNVBAMMBm1jYmFuZTEfMB0GCSqGSIb3 DQEJARYQam1jYmFuZUBkaWdpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAOBn19AX01LO9plYtfRZq0bETwNwSCYGeEIOGJ7gHt/rihLVBJS1woYv u1Oq1ohYxIawBY1iIPBD2GtzyEJXzBZdQRhwi/dRyRi4vr7EkjGDr0Vb/NVT0L5w UzcMeT+71DYvKYm6GpcWx+LoKqFTjbMFBIze5pbBfru+SicId6joCHIuYq8Ehflx 6sy6s4MDbyTUAEN2YhsBaOljej64LNzcsHeISbAWibXWjOSsK+N1MivQq5uwIYw/ Digi Connect EZ 4/4i User Guide...
Page 572 DNS server. mDNS is enabled by default. To disable mDNS, or enable it if it has been disabled: To enable the mDNS protocol: (config)> service web_admin mdns enable true (config> Digi Connect EZ 4/4i User Guide...
Page 573 (config)> save Configuration saved. > 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 574: Configure Ssh Access
The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
Page 575 Type quit to disconnect from the device. Configure the service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 576 For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. Digi Connect EZ 4/4i User Guide...
Page 577 A single IP address or host name. A network designation in CIDRnotation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the SSH service. Repeat this step to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 578 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup Digi Connect EZ 4/4i User Guide...
Page 579 If override is set to false, entries in Configuration file will be added to the standard SSH configuration. The default is false. c. Set the configuration settings: (config)> service ssh custom config_file value (config)> Digi Connect EZ 4/4i User Guide...
Page 580 (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 581: Use Ssh With Key Authentication
SSH service to allow SSH access for the External firewall zone.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 582 SSH key, which you can enter by pasting or typing a public encryption key that this user can use for passwordless SSH login 4. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 583 Use SSH with key authentication 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 584: Configure Telnet Access
Enable the telnet service The telnet service is disabled by default. To enable the service:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 585 Type quit to disconnect from the device. Configure the service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 586 For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. Digi Connect EZ 4/4i User Guide...
Page 587 (config)> add service telnet acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: Repeat this step to list additional interfaces. Digi Connect EZ 4/4i User Guide...
Page 588 5. (Optional) Set the port number for this service. The default setting of 23 normally should not be changed. (config)> service telnet port 25 (config)> 6. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 589: Configure Dns
The device is configured by default with the hostname digi.device, which corresponds to the 192.168.210.1 IP address. To configure the DNS server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 590 7. (Optional) Rebind protection, if enabled, prevents upstream DNS servers from returning private IP addresses. To enable, click Rebind protection. 8. (Optional) Allow localhost rebinding is enabled by default if Rebind protection is enabled. This is useful for Real-time Black List (RBL) servers. Digi Connect EZ 4/4i User Guide...
Page 591 No limit to IPv4 addresses that can access the DNS service. Repeat this step to list additional IP addresses or networks. To limit access to specified IPv6 addresses and networks: (config)> add service dns acl address6 end value (config)> Where value can be: Digi Connect EZ 4/4i User Guide...
Page 592 Repeat this step to include additional firewall zones. 4. (Optional) Cache negative responses By default, the device's DNS server caches negative responses. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers Digi Connect EZ 4/4i User Guide...
Page 593 To restrict the device's use of this DNS server based on the domain, use the domain command. If no domain are listed, then all queries may be sent to this server. (config service dns server 0)> domain domain (config service dns server 0)> Digi Connect EZ 4/4i User Guide...
Page 594: Show Dns Server
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Use the show dns command at the system prompt: > show dns Interface Label Server Domain --------- ----- ------------------------ ------ eth1 192.168.3.1 eth1 fd00:2704::1 Digi Connect EZ 4/4i User Guide...
Page 595 > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 596: Simple Network Management Protocol (Snmp)
Authentication type (either MD5 or SHA). Privacy protocol (either DES or AES). Privacy passphrase, if different that the SNMP user password. Enable Multicast DNS (mDNS) support. To configure the SNMP agent on your Connect EZ device:  Digi Connect EZ 4/4i User Guide...
Page 597 Services Simple Network Management Protocol (SNMP) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 598 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 599 To limit access based on firewall zones: (config)> add service snmp acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect EZ 4/4i User Guide...
Page 600 9. (Optional) Set the authentication type. Allowed values are MD5 or SHA. The default is MD5. (config)> service snmp auth_type SHA (config)> 10. (Optional) Set the privacy passphrase. If not set, the password, entered above, is used. Digi Connect EZ 4/4i User Guide...
Page 601: Download Mibs
SNMP support on the Connect EZ device. 2. On the main menu, click Status. Under Services, click SNMP. Note If you have recently enabled SNMP and the SNMP option is not visible, refresh your browser. Digi Connect EZ 4/4i User Guide...
Page 602 Services Simple Network Management Protocol (SNMP) The SNMP page is displayed. 3. Click Download. Digi Connect EZ 4/4i User Guide...
Page 603: Location Information
Configure the location service Configure the device to use a user-defined static location Configure the device to accept location messages from external sources Forward location information to a remote host Configure geofencing Show location information Digi Connect EZ 4/4i User Guide...
Page 604: Configure The Location Service
Use the location service feature to identify and track the location of your Connect EZ router. This feature is enabled by default.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 605 For example, to set interval to ten minutes, enter either 10m or 600s: (config)> service location interval 600s (config)> The default is 10 seconds. 5. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 606: Configure The Device To Use A User-Defined Static Location
You can configured your Connect EZ device to use a user-defined static location.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 607 (config service location source 0 coordinates altitude alt (config service location source 0)> Where alt is an integer followed by m or km, for example, 100m or 1km. 9. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 608: Configure The Device To Accept Location Messages From External Sources
Access control list configuration to provide access to the port through the firewall. To configure the device to accept location messages from external sources:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 609 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 610 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 611 (config)> save Configuration saved. > 2. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 612: Forward Location Information To A Remote Host
A vehicle ID that is used in the TAIP ID message and can also be prepended to the forwarded message. Configure the Connect EZ device to forward location information:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 613 To add a message type: a. For Add NMEA filter or Add TAIP filter, click . b. Select the filter type. Allowed values are: AL: Reports altitude and vertical velocity. CP: Compact position: reports time, latitude, and longitude. Digi Connect EZ 4/4i User Guide...
Page 614 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add a remote host to which location messages will be sent: (config)> add service location forward end (config service location forward 0)> Digi Connect EZ 4/4i User Guide...
Page 615 (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured Format: Default Default value: Default Digi Connect EZ 4/4i User Guide...
Page 616 Reports time, position, and fix related data. gll: Reports position data: position fix, time of position fix, and status. gsa: Reports GPS DOP and active satellites. gsv: Reports the number of SVs in view, PRN, elevation, azimuth, and SNR. Digi Connect EZ 4/4i User Guide...
Page 617 Position/velocity: reports the latitude, longitude, and heading. To remove a message type: a. Use the show command to determine the index number of the message type to be deleted: (config service location forward 0)> show filter_taip 0 al 1 cp Digi Connect EZ 4/4i User Guide...
Page 618 (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 619: Configure Geofencing
Whether the script should be executed within a sandbox that will prevent the script from affecting the system itself. Additional configuration items Update interval, which determines the amount of time that the geofence should wait between polling for updated location data.  Digi Connect EZ 4/4i User Guide...
Page 620 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 621 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
Page 622 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: Digi Connect EZ 4/4i User Guide...
Page 623 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 624 If boundary is set to circular : a. Set the latitude and longitude of the center point of the circle: (config service location geofence test_geofence)> center latitude int (config service location geofence test_geofence)> center Digi Connect EZ 4/4i User Guide...
Page 625 (config service location geofence test_geofence coordinates 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int Digi Connect EZ 4/4i User Guide...
Page 626 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
Page 627 (config)> add service location geofence test_geofence on_ entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value Digi Connect EZ 4/4i User Guide...
Page 628 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> Digi Connect EZ 4/4i User Guide...
Page 629 (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> Digi Connect EZ 4/4i User Guide...
Page 630 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: Digi Connect EZ 4/4i User Guide...
Page 631: Show Location Information
> show location Location Status --------------- State : enabled Source : 192.168.2.3 Latitude : 44* 55' 14.809" N (44.92078) Longitude : 93* 24' 47.262" w (-93.413128) Altitude : 279 meters Digi Connect EZ 4/4i User Guide...
Page 632: Modbus Gateway
Modbus gateway allows for communication between buses and networks that use the Modbus protocol. This section contains the following topics: Configure the Modbus gateway Show Modbus gateway status and statistics Digi Connect EZ 4/4i User Guide...
Page 633: Configure The Modbus Gateway
Whether to send broadcast messages. Response timeout If connection type is set to socket: The port to use. The inactivity timeout. If connection type is set to serial: Whether to use half duplex (two wire) mode. Digi Connect EZ 4/4i User Guide...
Page 634 Whether packets should be delivered to a fixed Modbus address. Whether packets should have their Modbus address adjusted downward before to delivery.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 635 A single IP address or host name. A network designation in CIDRnotation, for example, 192.168.1.0/24. any: No limit to IPv4 addresses that can access the web administration service. d. Click  again to list additional IP addresses or networks. Digi Connect EZ 4/4i User Guide...
Page 636 10. Repeat these steps to configure additional servers. Configure clients 1. Click to expand Clients. 2. For Add Modbus client, type a name for the client and click . The new Modbus gateway client configuration is displayed. Digi Connect EZ 4/4i User Guide...
Page 637 For Address, enter the IPv6 address or network that can access the device's web administration service. Allowed values are: A single IP address or host name. A network designation in CIDRnotation, for example, 2001:db8::/48. Digi Connect EZ 4/4i User Guide...
Page 638 255. Leave at the default setting of 0 to not adjust the server address. If a packet contains a Modbus server address above the amount entered here, the address will be adjusted downward by this amount before the packet is delivered. This allows you to Digi Connect EZ 4/4i User Guide...
Page 639 (config)> add service modbus_gateway server test_modbus_server (config service modbus_gateway server test_modbus_server)> The Modbus server is enabled by default. To disable: (config service modbus_gateway server test_modbus_server)> enable false (config service modbus_gateway server test_modbus_server)> Digi Connect EZ 4/4i User Guide...
Page 640 15 minutes, and takes the format number{m|s}. For example, to set inactivity_timeout to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 641 For example, to set idle_gap to one second, enter 1000ms or 1s. iv. (Optional) Enable half-duplex (two wire) mode: (config service modbus_gateway server test_modbus_server)> serial half_duplex true (config service modbus_gateway server test_modbus_server)> c. Repeat the above instructions for additional servers. Digi Connect EZ 4/4i User Guide...
Page 642 1 and 65535. The default is 502. iii. Set the packet mode: (config service modbus_gateway client test_modbus_client)> socket packet_mode value (config service modbus_gateway client test_modbus_client)> where value is either rtu or ascii. The default is rtu. Digi Connect EZ 4/4i User Guide...
Page 643 Set the serial port: i. Use the ? to determine available serial ports: (config service modbus_gateway client test_modbus_ client)> ... serial port ? Serial Additional Configuration ------------------------------------------------------- ------------------------ port1 Port 1 (config service modbus_gateway client test_modbus_ client)> Digi Connect EZ 4/4i User Guide...
Page 644 Allowed values are between 1 millisecond and 700 milliseconds, and take the format numberms. For example, to set response_timeout to 100 milliseconds: (config service modbus_gateway client test_modbus_client)> response_ timeout 100ms (config service modbus_gateway client test_modbus_client)> The default is 700ms. Digi Connect EZ 4/4i User Guide...
Page 645 This allows you to configure clients on the gateway that will forward messages to remote devices with the same Modbus address on different buses. For example, if there are two devices on two Digi Connect EZ 4/4i User Guide...
Page 646: Show Modbus Gateway Status And Statistics
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 647 Client Configuration Failure Server Configuration Failure Configuration Load Failure Incoming Connections Internal Error Resource Shortages Servers ------- modbus_socket ------------- Client Lookup Errors Incoming Connections Packet Errors RX Broadcasts RX Requests : 12 TX Exceptions Digi Connect EZ 4/4i User Guide...
Page 648 TX Broadcasts TX Requests > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 649: System Time
If t least one upstream NTP server for synchronization. Additional Configuration Options Additional upstream NTP servers.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 650 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. (Optional) Set the timezone for the location of your Connect EZ device. The default is UTC. Digi Connect EZ 4/4i User Guide...
Page 651 See Configure the device as an NTP server for more information about NTP server configuration. 5. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 652 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Synchronize the device's local date and time: > system time synch 24 Aug 22:03:55 ntpdate[2520]: step time server 52.2.40.158 offset - Digi Connect EZ 4/4i User Guide...
Page 653: Manually Set The System Date And Time
NTP clock filter and selection algorithms are applied to select the best of these. Configure the device as an NTP server for information about configuring your device as an NTP server. Digi Connect EZ 4/4i User Guide...
Page 654: Configure The Device As An Ntp Server
The time zone setting, if the default setting of UTCis not appropriate. To configure the Connect EZ device's NTP service:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 655 For Server, enter the hostname of the upstream NTP server that the device will use to synchronize its time. d. Click  to add additional NTP servers. If multiple servers are included, servers are tried in the order listed until one succeeds. Digi Connect EZ 4/4i User Guide...
Page 656 (config)> add service ntp server end time.server.com (config)> To add the NTP server in another location in the list, use an index value to indicate the appropriate position. For example: (config)> add service ntp server 1 time.server.com (config)> Digi Connect EZ 4/4i User Guide...
Page 657 Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)> add service ntp acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Digi Connect EZ 4/4i User Guide...
Page 658 Timezone: The timezone for the location of this device. This is used to adjust the time for log messages. It also affects actions that occur at a specific time of day. Format: Africa/Abidjan Africa/Accra Africa/Addis_Ababa (config)> Digi Connect EZ 4/4i User Guide...
Page 659: Show Status And Statistics Of The Ntp Server
: Up Sync Status : Up Remote Refid When Poll Reach Delay Offset Jitter ---------------- ------------- ---- ---- ----- ------ ----- ------ *ec2-52-2-40-158 129.6.15.32 1024 33.570 +1.561 0.991 128.136.167.120 128.227.205.3 1024 43.583 1.895 0.382 > Digi Connect EZ 4/4i User Guide...
Page 660: Configure A Multicast Route
To configure a multicast route:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 661 Set the interface. For example: (config service multicast test)> add interface end /network/interface/eth1 (config service multicast test)> c. Repeat for each additional destination interface. 8. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 662 Services Configure a multicast route 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 663: Ethernet Network Bonding
Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 664 Repeat for each appropriate Ethernet device. 8. Create a new network interface that is linked to the Ethernet bond: a. Click Network > Interface. b. For Add Interface, type a name for the interface and click . Digi Connect EZ 4/4i User Guide...
Page 665 For example, to create an Ethernet bond named eth_bond: (config> add network bond eth_bond (config network bond eth_bond)> 4. The new network bond is enabled by default. To disable: (config network bond eth_bond)> enable false (config network bond eth_bond)> Digi Connect EZ 4/4i User Guide...
Page 666 Complete the rest of the interface configuration. See Configure a Wide Area Network (WAN) Configure a Local Area Network (LAN) for further information. 8. Disable any other interfaces associated with the devices that were added to the Ethernet bond. Digi Connect EZ 4/4i User Guide...
Page 667: Enable Service Discovery (Mdns)
You can enable the Connect EZ device to use mDNS. Note This feature is enabled by default.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 668 For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. d. Click  again to allow access through additional firewall zones. 6. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 669 (config)> add service mdns acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ? to display interface information: Repeat this step to list additional interfaces. Digi Connect EZ 4/4i User Guide...
Page 670: Use The Iperf Service
This is useful when diagnosing network speed issues, to determine, for example, whether a cellular connection is providing expected throughput. The Connect EZ implementation of iPerf3 supports testing with both TCP and UDP. Digi Connect EZ 4/4i User Guide...
Page 671 To enable the iPerf3 server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 672 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 673 Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)> add service iperf acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Digi Connect EZ 4/4i User Guide...
Page 674: Example Performance Test Using Iperf3
31.2 MBytes 262 Mbits/sec 1.52 MBytes 4.00-5.00 32.1 MBytes 269 Mbits/sec 1.56 MBytes 5.00-6.00 32.5 MBytes 273 Mbits/sec 1.58 MBytes 6.00-7.00 33.9 MBytes 284 Mbits/sec 1.60 MBytes 7.00-8.00 33.7 MBytes 282 Mbits/sec 1.60 MBytes Digi Connect EZ 4/4i User Guide...
Page 675: Configure The Ping Responder Service
IP address, interfaces, and/or zones. To enable the iPerf3 server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 676 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable the iPerf server: (config)> service iperf enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 677 To limit access based on firewall zones: (config)> add service iperf acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Digi Connect EZ 4/4i User Guide...
Page 678: Example Performance Test Using Iperf3
32.1 MBytes 269 Mbits/sec 1.56 MBytes 5.00-6.00 32.5 MBytes 273 Mbits/sec 1.58 MBytes 6.00-7.00 33.9 MBytes 284 Mbits/sec 1.60 MBytes 7.00-8.00 33.7 MBytes 282 Mbits/sec 1.60 MBytes 8.00-9.00 33.5 MBytes 281 Mbits/sec 1.60 MBytes Digi Connect EZ 4/4i User Guide...
Page 679 - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth Retr 0.00-10.00 315 MBytes 264 Mbits/sec sender 0.00-10.00 313 MBytes 262 Mbits/sec receiver iperf Done. Digi Connect EZ 4/4i User Guide...
Page 680 Develop Python applications Set up the Connect EZ to automatically run your applications Start an interactive Python session Run a Python application at the shell prompt Configure scripts to run manually Start a manual script Digi Connect EZ 4/4i User Guide...
Page 681: Develop Python Applications
The Connect EZ features a standard Python 3.6 distribution. Python is a dynamic, object-oriented language for developing software applications, from simple programs to complex embedded applications. Digi offers the Digi IoT PyCharm Plugin to help you while writing, building, and testing your application. See Create and test a Python application.
Page 682: Set Up The Connect Ez For Python Development
2. Create and test your application with: PyCharm. You can create, build, and remotely launch your application in the Connect EZ. Your preferred editor and manually transfer the application, install dependencies, and launch in the Connect EZ. Digi Connect EZ 4/4i User Guide...
Page 683 Develop Python applications Develop an application in PyCharm The Digi IoT PyCharm Plugin allows you to write, build and run Python applications for Digi devices in a quick and easy way. See the Digi XBee PyCharm IDE Plugin User Guide for details.
Page 684 """ def handle(self): # self.request is the TCP socket connected to the client self.data = self.request.recv(1024).strip() print("{} wrote:".format(self.client_address[0])) print(self.data) # just send back the same data, but upper-cased self.request.sendall(self.data.upper()) Digi Connect EZ 4/4i User Guide...
Page 685 Create a custom firewall rule  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 686: Python Modules
The digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: LEDs: digidevice.led SMS: digidevice.sms GPS: digidevice.location Digi Remote Manager: digidevice.datapoint digidevice.device_request digidevice.name Device configuration: digidevice.config Command line interface: digidevice.cli Digi Connect EZ 4/4i User Guide...
Page 687 Digidevice module The Python digidevice module provides platform-specific extensions that allow you to interact with the device’s configuration and interfaces. The following submodules are included with the digidevice module: This section contains the following topics: Digi Connect EZ 4/4i User Guide...
Page 688 : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C Location Contact >>> 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Digi Connect EZ 4/4i User Guide...
Page 689 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use digidevice.datapoint to upload custom datapoints to Digi Remote Manager Use the datapoint Python module to upload custom datapoints to Digi Remote Manager. The following characteristics can be defined for a datapoint:...
Page 690 2. At the shell prompt, use the python command with no parameters to enter an interactive Python session: # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> Digi Connect EZ 4/4i User Guide...
Page 691 Help for using Python to upload custom datapoints to Remote Manager Get help for uploading datapoints to your Digi Remote Manager account by accessing help for datapoint.upload and datapoint.upload_multiple: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions >...
Page 692 Return the entire configuration: >>> from pprint import pprint # use pprint vs. print to make the output easier to read >>> cfg = config.load() >>> pprint(cfg.dump().splitlines()) This returns the device configuration: network.interface.lan1.device=/network/bridge/lan1 Digi Connect EZ 4/4i User Guide...
Page 693 Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the config submodule: >>> from digidevice import config >>> 4. Use config.load(writable=True) to enable write mode for the configuration: >>> cfg = config.load(writable=True) >>> Digi Connect EZ 4/4i User Guide...
Page 694 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Use Python to respond to Digi Remote Manager SCI requests The device_request Python module allows you to interact with Digi Remote Manager by using Remote Manager's Server Command Interface (SCI), a web service that allows users to access information and perform commands that relate to their devices.
Page 695 Ctrl-D. You can also exit the session using exit() or quit(). Task two: Create and send an SCI request from Digi Remote Manager The second step in using the device_request module is to create an SCI request that Remote Manager will forward to the device.
Page 696 1. Create a Python application, called showsystem.py, that uses the digidevice.cli module to create a response containing information about device and the device_request module to respond with this information to a request from Remote Manager: Digi Connect EZ 4/4i User Guide...
Page 697 This can be done from either the WebUI or the command line:  i. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. ii. Access the device configuration: Remote Manager: i.
Page 698 Add an application entry: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)> Digi Connect EZ 4/4i User Guide...
Page 699 Connect EZ local command line as a user with shell access. Depending on your device configuration, you may be presented with an Access selection menu. Type shell to access the device shell. ii. Type the following at the shell prompt: # python /etc/config/scripts/showsystem.py & Digi Connect EZ 4/4i User Guide...
Page 700 <sci_reply version="1.0"> <data_service> <device id="00000000-00000000-0000FFFF-A83CF6A3"/> <requests> <device_request target_name="showSystem" status="0">Model : Digi Connect EZ Serial Number : Connect EZ-000068 Hostname : Connect EZ : 00:40:D0:13:35:36 Hardware Version : 50001959-01 A Firmware Version : 24.3 Bootloader Version Digi Connect EZ 4/4i User Guide...
Page 701 : 0.10, 0.05, 0.00 RAM Usage : 85.176MB/250.484MB(34%) Disk /etc/config Usage : 0.068MB/13.416MB(1%) Disk /opt Usage : 47.724MB/5309.752MB(1%) Disk /overlay Usage : MB/MB(%) Disk /tmp Usage : 0.004MB/40.96MB(0%) Disk /var Usage : 0.820MB/32.768MB(3%)</device_ request> </requests> Digi Connect EZ 4/4i User Guide...
Page 702 </sci_request> Help for using Python to respond to Digi Remote Manager SCI requests Get help for respond to Digi Remote Manager Server Command Interface (SCI) requests by accessing help for digidevice.device_request: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions >...
Page 703 Print available keys: >>> print(runt.keys("")) This returns available keys: ['advanced', 'drm', 'firmware', 'location', 'manufacture', 'metrics', 'mm', 'network', 'pam', 'serial', 'system'] b. Print available keys for the system key: >>> print(runt.keys("system")) This will return the following: Digi Connect EZ 4/4i User Guide...
Page 704 5. Use the set() method to make changes to the runtime database: >>> runt.set("my-variable", "my-value") >>> 6. Use the get() method to verify the change: >>> print(runt.get("my-variable")) my-variable >>> 7. Close the runtime database: >>> runt.stop() >>> Digi Connect EZ 4/4i User Guide...
Page 705 Use Python to upload the device name to Digi Remote Manager The name submodule can be used to upload a custom name for your device to Digi Remote Manager. When you use the name submodule to upload a custom device name to Remote Manager, the...
Page 706 5. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit(). Help for uploading the device name to Digi Remote Manager Get help for uploading the device name to Digi Remote Managerby accessing help for digidevice.name: 1.
Page 707 # python Python 3.10.1 (main, Mar 30 2023, 23:47:13) [GCC 11.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the maintenance module: >>> from digidevice import maintenance >>> Digi Connect EZ 4/4i User Guide...
Page 708 Type "help", "copyright", "credits" or "license" for more information. >>> 3. Import the maintenance submodule: >>> from digidevice import maintenance >>> 4. Use the help command with maintenance : >>> help(maintenance ) Help on module digidevice.maintenance in digidevice: NAME digidevice.maintenance Digi Connect EZ 4/4i User Guide...
Page 709 SMS scripting. Enable the ability to schedule SMS scripting  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 710 Example digidevice.sms script The following example script receives an SMS message and sends a response: #!/usr/bin/python3.10.1 import os import threading import sys from digidevice.sms import Callback, send COND = threading.Condition() Digi Connect EZ 4/4i User Guide...
Page 711 # a CLI command. Send a reponse SMS to the sender before running the command import os import threading import sys from digidevice import cli from digidevice.sms import Callback, send COND = threading.Condition() allowed_incoming_phone_number = '2223334444' def sms_test_callback(sms, info): if info['content.number'] == allowed_incoming_phone_number: print(f"SMS message from {info['content.number']} received") Digi Connect EZ 4/4i User Guide...
Page 712 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the Connect EZ local command line as a user with shell access. Digi Connect EZ 4/4i User Guide...
Page 713 - Firmware update feature (simple implementation, read TODO in cmd_fwupdate) """ import sys import time import paho.mqtt.client as mqtt import json from acl import runt, config from http import HTTPStatus import urllib.request import tempfile Digi Connect EZ 4/4i User Guide...
Page 714 HTTPStatus.INTERNAL_SERVER_ERROR finally: os.remove(fname) print("Firmware update finished") return HTTPStatus.OK CMD_HANDLERS = { "reboot": cmd_reboot, "fw-update": cmd_fwupdate def send_cmd_reply(client, cmd_path, cid, cmd, status): if not status or not cid: return if cmd_path.startswith(PREFIX_CMD): Digi Connect EZ 4/4i User Guide...
Page 715 {}".format(msg.payload)) if not cid: # Return if client-ID not passed return None send_cmd_reply(client, msg.topic, cid, cmd, HTTPStatus.BAD_REQUEST) try: status = CMD_HANDLERS[cmd](payload) except: print("Invalid command: {}".format(cmd)) status = HTTPStatus.NOT_IMPLEMENTED send_cmd_reply(client, msg.topic, cid, cmd, status) Digi Connect EZ 4/4i User Guide...
Page 716 PREFIX_CMD = "cmd/" + PREFIX PREFIX_RSP = "rsp/" + PREFIX client = mqtt.Client() client.on_connect = on_connect client.on_message = on_message try: client.connect("192.168.1.100", 1883, 60) client.loop_start() except: print("Failed to connect to MQTT server") sys.exit(1) while True: publish_dhcp_leases() publish_system() time.sleep(POLL_TIME) Digi Connect EZ 4/4i User Guide...
Page 717: Set Up The Connect Ez To Automatically Run Your Applications
The memory available to be used by the script . Whether the script should run one time only. Task one: Upload the application  Digi Connect EZ 4/4i User Guide...
Page 718 Connect EZ device where the copied file will be placed. For example: To upload a script from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the Connect EZ device, issue the following command: Digi Connect EZ 4/4i User Guide...
Page 719 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 720 If Set Time is selected, specify the time that the script should run in Run time, using the format HH:MM. During system maintenance: The script will run during the system maintenance time window. 7. For Commands, type the commands that will execute the script. Digi Connect EZ 4/4i User Guide...
Page 721 3. Add a script: (config)> add system schedule script end (config system schedule script 0)> Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)> Digi Connect EZ 4/4i User Guide...
Page 722 If set_time is set, set the time that the script should run, using the format HH:MM: (config system schedule script 0)> run_time HH:MM (config system schedule script 0)> maintenance_time: The script will run during the system maintenance time window. Digi Connect EZ 4/4i User Guide...
Page 723 Remove the script from the device and add it again. Make a change to the script. Disable once. 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. Digi Connect EZ 4/4i User Guide...
Page 724: Show Script Information
Type admin to access the Admin CLI. 2. Use the show scripts command at the system prompt: > show scripts Index Label Enabled Status Run time ----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > Digi Connect EZ 4/4i User Guide...
Page 725: Stop A Script That Is Currently Running
----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > Scripts that are currently running have the status of active. 3. Stop the appropriate script: )> system script stop script1 > Digi Connect EZ 4/4i User Guide...
Page 726: Start An Interactive Python Session
>>> help("digidevice") Help on package digidevice: NAME digidevice - Digi device python extensions DESCRIPTION This module includes various extensions that allow Python to interact with additional features offered by the device. 4. Use Ctrl-D to exit the Python session. You can also exit the session using exit() or quit().
Page 727: Run A Python Application At The Shell Prompt
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. b. At the command line, use the command to upload the Python application script to the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 728: Configure Scripts To Run Manually
# python /etc/config/scripts/test.py 120 ports storage Configure scripts to run manually You can configure an scripts to be manually run. Required configuration items Upload or create the script. Enable the script. Set the script to run manually. Digi Connect EZ 4/4i User Guide...
Page 729: Task One: Upload The Application
Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, use the command to upload the Python application script to the Connect EZ device: Digi Connect EZ 4/4i User Guide...
Page 730: Task Two: Configure The Application To Run Automatically
This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 731 10. Sandbox is enabled by default, which restricts access to the file system and available commands that can be used by the script. This option protects the script from accidentally destroying the system it is running on. Digi Connect EZ 4/4i User Guide...
Page 732 If a Python script is being used, include the full path to the Python script and enclose in quotation marks. For example: Digi Connect EZ 4/4i User Guide...
Page 733 10. Sandbox is enabled by default. This option protects the script from accidentally destroying the system it is running on. (config system schedule script 0)> sandbox true (config system schedule script 0)> 11. Save the configuration and apply the change (config)> save Configuration saved. > Digi Connect EZ 4/4i User Guide...
Page 734: Start A Manual Script
2. Determine the name of scripts that are currently running: > show scripts Index Label Enabled Status Run time ----- ----------- ------- ------ -------- script1 true active script2 true idle 01:00 > 3. Start the script: )> system script start script1 > Digi Connect EZ 4/4i User Guide...
Page 735 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 736: User Authentication
User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Disable shell access Set the idle timeout for Connect EZ users Example user configuration Digi Connect EZ 4/4i User Guide...
Page 737: Connect Ez User Authentication
Configures support for LDAP (Lightweight Directory Access Protocol) servers and users. Serial Configures authentication for serial TCP and autoconnect configured services. User authentication methods Authentication methods determine how users of the Connect EZ device are authenticated. Available authentication methods are: Digi Connect EZ 4/4i User Guide...
Page 738 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. Digi Connect EZ 4/4i User Guide...
Page 739: Add A New Authentication Method
The types of authentication method to be used: To add an authentication method:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 740 (config)> add auth method 0 auth_type (config)> where auth_type is one of local, radius, tacacs+, or ldap. To add the new authentication method to the end of the list, use the index keyword end: Digi Connect EZ 4/4i User Guide...
Page 741: Delete An Authentication Method
Type quit to disconnect from the device. Delete an authentication method  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 742: Rearrange The Position Of Authentication Methods
6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Rearrange the position of authentication methods Digi Connect EZ 4/4i User Guide...
Page 743 To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 744: Authentication Groups
Connect EZ via ssh, telnet, or the serial console. Shell access is not available if the Allow shell parameter has been disabled. See Disable shell access for more information about the Allow shell parameter. Digi Connect EZ 4/4i User Guide...
Page 745 The preconfigured authentication groups cannot be deleted, but the access rights defined for the group are configurable. This section contains the following topics: Change the access rights for a predefined group Add an authentication group Delete an authentication group Digi Connect EZ 4/4i User Guide...
Page 746: Change The Access Rights For A Predefined Group
By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 747 WebUI and Admin CLI. The default is full. To disable Admin access for the admin group: (config)> auth group admin acl admin enable false (config)> Shell access: Digi Connect EZ 4/4i User Guide...
Page 748: Add An Authentication Group
Access rights to query the device for Nagios monitoring. To add an authentication group:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 749 Full access full: provides users of this group with the ability to manage the Connect EZ device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI. The default is Full access full. Digi Connect EZ 4/4i User Guide...
Page 750 4. Enable access rights for the group: Admin access: (config auth group test)> acl admin enable true (config)> Set the access level for Admin access: (config)> auth group admin acl admin level value (config)> where value is either: Digi Connect EZ 4/4i User Guide...
Page 751 24h no title (config)> ii. Add a captive portal: (config)> add auth group test acl portal portals end portal1 (config)> 6. (Optional) Configure Nagios monitoring: Digi Connect EZ 4/4i User Guide...
Page 752: Delete An Authentication Group
These groups cannot be deleted. To delete an authentication group that you have created:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 753 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 754: Local Users
The default admin user is preconfigured with both Admin and Serial access. You can configure the admin user account to fit with the needs of your environment. This section contains the following topics: Change a local user's password Configure a local user Delete a local user Digi Connect EZ 4/4i User Guide...
Page 755: Change A Local User's Password
Local users Change a local user's password To change a user's password:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 756 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 757: Configure A Local User
(-) or periods (.), an alias allows the user to log in using a name that contains special characters. The number of unsuccessful login attempts before the user is locked out of the system. Digi Connect EZ 4/4i User Guide...
Page 758 One-time use eight-digit emergency scratch codes. To configure a local user:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 759 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. Digi Connect EZ 4/4i User Guide...
Page 760 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes, enter 10m or 600s. Digi Connect EZ 4/4i User Guide...
Page 761 (.), an alias allows the user to log in using a name that contains special characters. For security purposes, if two users have the same alias, the alias will be disabled. (config auth user new_user> username username_alias (config auth user new_user)> Digi Connect EZ 4/4i User Guide...
Page 762 To remove a group from a user: a. Use the show command to determine the index number of the group to be deleted: (config auth user new_user> show group 0 admin 1 serial (config auth user new_user> Digi Connect EZ 4/4i User Guide...
Page 763 This key should be used by an application or mobile device to generate passcodes. e. For time-based verification only, enable disallow_reuse to prevent a code from being used more than once during the time that it is valid. Digi Connect EZ 4/4i User Guide...
Page 764 (config auth user name 2fa)> login_limit_period 600s (config auth user name 2fa)> The default is 30s. j. Scratch codes are emergency codes that may be used once, at any time. To add a scratch code: Digi Connect EZ 4/4i User Guide...
Page 765: Delete A Local User
Delete a local user To delete a user from your Connect EZ:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 766 User authentication Local users 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 767 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 768: Terminal Access Controller Access-Control System Plus (Tacacs+)
Connect EZ device prior to configuration. The process of setting up a TACACS+ server varies by the server environment. This section contains the following topics: TACACS+ user configuration TACACS+ server failover and fallback to local authentication Configure your Connect EZ device to use a TACACS+ server Digi Connect EZ 4/4i User Guide...
Page 769: Tacacs+ User Configuration
4. Verify that your changes did not introduce any syntax errors: $ sudo tac_plus -C /etc/tacacs+/tac_plus.conf -P If successful, this command will echo the configuration file to standard out. If the command encounters any syntax errors, a message similar to this will display: Digi Connect EZ 4/4i User Guide...
Page 770: Tacacs+ Server Failover And Fallback To Local Authentication
Enable command authorization, so that the device will communicate with the TACACS+ server to determine if the user is authorized to execute a specific command. Enable command accounting, so that the device will communicate with the TACACS+ server to log commands that the user executes. Digi Connect EZ 4/4i User Guide...
Page 771 The TACACS+ server port. It is configured to 49 by default. Add additional TACACS+ servers in case the first TACACS+ server is unavailable.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 772 Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 773 Add the server: (config)> add auth tacacs+ server end (config auth tacacs+ server 0)> b. Enter the TACACS+ server's IP address or hostname: (config auth tacacs+ server 0)> hostname hostname|ip-address (config auth tacacs+ server 0)> Digi Connect EZ 4/4i User Guide...
Page 774 (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 775: Remote Authentication Dial-In User Service (Radius)
An example of a RADIUS server is FreeRADIUS. This section contains the following topics: RADIUS user configuration RADIUS server failover and fallback to local configuration Configure your Connect EZ device to use a RADIUS server Digi Connect EZ 4/4i User Guide...
Page 776: Radius User Configuration
With user authentication methods, you can configure your Connect EZ device to use multiple types of authentication. For example, you can configure both RADIUS authentication and local authentication, so that local authentication can be used as a fallback mechanism if the primary and backup RADIUS Digi Connect EZ 4/4i User Guide...
Page 777: Configure Your Connect Ez Device To Use A Radius Server
60 seconds. Enable additional debug messages from the RADIUS client.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 778 If you are accessing the Connect EZ device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the Connect EZ device by using ssh, the default value is sshd. Digi Connect EZ 4/4i User Guide...
Page 779 If you are accessing the Connect EZ device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the Connect EZ device by using ssh, the default value is sshd. Digi Connect EZ 4/4i User Guide...
Page 780: Ldap
LDAP support, the Connect EZ device acts as an LDAP client, which sends user credentials and connection parameters to an LDAP server. The LDAP server then authenticates the LDAP client requests and sends back a response message to the device. Digi Connect EZ 4/4i User Guide...
Page 781 Connect EZ device prior to configuration. The process of setting up a LDAP server varies by the server environment. This section contains the following topics: LDAP user configuration LDAP server failover and fallback to local configuration Configure your Connect EZ device to use an LDAP server Digi Connect EZ 4/4i User Guide...
Page 782: Ldap User Configuration
$ ldapadd -x -H 'ldap:///' -D 'cn=admin,dc=example,dc=com' -W -f add_ user.ldif adding new entry "uid=john,dc=example,dc=com" 5. Verify that the user has been added by performing an LDAP search: $ ldapsearch -x -LLL -H 'ldap:///' -b 'dc=example,dc=com' uid=john dn: uid=john,dc=example,dc=com objectClass: inetOrgPerson Digi Connect EZ 4/4i User Guide...
Page 783: Ldap Server Failover And Fallback To Local Configuration
The distinguished name used to search to user base. The group attribute. The number of seconds to wait to receive a message from the server. Add additional LDAP servers in case the first LDAP server is unavailable.  Digi Connect EZ 4/4i User Guide...
Page 784 User authentication LDAP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 785 See Rearrange the position of authentication methods for information about rearranging the position of the methods in the list. 15. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 786 6. Set the distinguished name (DN) that is used to bind to the LDAP server and search for users. Leave this option unset if the server allows anonymous connections. (config)> auth ldap bind_dn dn_value (config)> For example: (config)> auth ldap bind_dn cn=user,dc=example,dc=com (config)> Digi Connect EZ 4/4i User Guide...
Page 787 Add the server: (config)> add auth ldap server end (config auth ldap server 0)> b. Enter the LDAP server's IP address or hostname: (config auth ldap server 0)> hostname hostname|ip-address (config auth ldap server 0)> Digi Connect EZ 4/4i User Guide...
Page 788: Disable Shell Access
If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 789 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 790: Set The Idle Timeout For Connect Ez Users
Idle timeout parameter. By default, the Idle timeout is set to 10 minutes.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 791 (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 792: Example User Configuration
Goal: To create a user with administrator rights who is authenticated locally on the device.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 793 2. At the command line, type config to enter configuration mode: > config (config)> 3. Verify that the admin group has full administrator rights: (config)> show auth group admin acl admin enable true level full (config)> Digi Connect EZ 4/4i User Guide...
Page 794: Example 2: Radius, Tacacs+, And Local Authentication For One User
Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the Connect EZ device, user authentication will occur in the following order: Digi Connect EZ 4/4i User Guide...
Page 795 3. The user is authenticated by the Connect EZ device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu. Server configuration may vary depending on the platforms or type of servers used in your environment. Digi Connect EZ 4/4i User Guide...
Page 796 The authentication group on the Connect EZ device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
Page 797 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 798 Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a. On the ubuntu machine hosting the TACACS+ server, open the /etc/tacacs+/tac_plus.conf file: $ sudo gedit /etc/tacacs+/tac_plus.conf Digi Connect EZ 4/4i User Guide...
Page 799 (config)> c. Add TACACS+ authentication second place in the list: (config)> add auth method 1 tacacs+(config)> d. Verify that authentication will occur in the correct order: (config)> show auth method 0 radius 1 tacacs+ Digi Connect EZ 4/4i User Guide...
Page 800 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 801 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Web filtering Digi Connect EZ 4/4i User Guide...
Page 802: Firewall Configuration
To create a zone:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 803 2. At the command line, type config to enter configuration mode: > config (config)> 3. Add the new zone. For example, to add a zone named my_zone: (config)> add firewall zone my_zone (config firewall zone my_zone)> Digi Connect EZ 4/4i User Guide...
Page 804: Configure The Firewall Zone For A Network Interface
This example procedure uses an existing network interface named ETH2 and changes the firewall zone from the default zone, Internal, to External.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 805: Delete A Custom Firewall Zone
Delete a custom firewall zone You cannot delete preconfigured firewall zones. To delete a custom firewall zone:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 806 The Configuration window is displayed. 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 807: Port Forwarding Rules
The port or range of ports to which traffic should be forwarded. Additional configuration items A label for the port forwarding rule. The IP version (either IPv4 or IPv6) that incoming network connections must match. The protocols that incoming network connections must match. Digi Connect EZ 4/4i User Guide...
Page 808 A white list of devices, based on either IP address or firewall zone, that are authorized to leverage this forwarding rule. To configure a port forwarding rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 809 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type: (config)> add firewall dnat end (config firewall dnat 0)> Digi Connect EZ 4/4i User Guide...
Page 810 (config firewall dnat 0)> For IPv6 addresses: (config firewall dnat 0)> to_address6 ip-address (config firewall dnat 0)> 9. Set the public-facing port number(s) that network connections must use for their traffic to be forwarded. Digi Connect EZ 4/4i User Guide...
Page 811 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration ------------------------------------------------------------------- ----------- dynamic_routes edge external internal ipsec loopback setup (config firewall dnat 0 acl)> Digi Connect EZ 4/4i User Guide...
Page 812: Delete A Port Forwarding Rule
Delete a port forwarding rule To delete a port forwarding rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 813 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 814: Packet Filtering
ICMP ICMP6 To configure a packet filtering rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 815 Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 816 Packet filtering rules are enabled by default. To disable the rule: (config firewall filter 1)> enable false (config firewall filter 1)> 3. (Optional) Set the label for the rule. (config firewall filter 1)> label "My filter rule" (config firewall filter 1)> Digi Connect EZ 4/4i User Guide...
Page 817 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. Digi Connect EZ 4/4i User Guide...
Page 818: Enable Or Disable A Packet Filtering Rule
Enable or disable a packet filtering rule To enable or disable a packet filtering rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 819: Delete A Packet Filtering Rule
7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Delete a packet filtering rule To delete a packet filtering rule: Digi Connect EZ 4/4i User Guide...
Page 820 Firewall Packet filtering  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 821: Configure Custom Firewall Rules
To configure custom firewall rules:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 822 4. (Optional) Instruct the device to override all preconfigured firewall behavior and rely solely on the custom firewall rules: (config)> firewall custom override true (config)> 5. Set the shell command that will execute the custom firewall rules script: (config)> firewall custom rules "shell-command" (config)> Digi Connect EZ 4/4i User Guide...
Page 823 (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 824: Configure Captive Portals
To configure captive portals:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 825 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 826 This setting does not affect access to HTTP port 80 after the client has been granted access to the portal. 7. Set the method that will be used to authorize the user: (config firewall portal portal1)> auth value (config firewall portal portal1)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 827: Delete Captive Portals
Type quit to disconnect from the device. Delete captive portals To delete captive portals:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
Page 828: Configure Quality Of Service Options
Firewall Configure Quality of Service options a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
Page 829 These example bindings are disabled by default. Enable the preconfigured bindings  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 830 Type quit to disconnect from the device. Create a new binding  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 831 At least one policy is required for each binding. Each policy can contain up to 30 rules. a. Click to expand Policy. b. For Add Policy, click . The QoS binding policy configuration window is displayed. Digi Connect EZ 4/4i User Guide...
Page 832 For Type Of Service, type the value of the Type of Service (ToS) packet header that defines packet priority. If unspecified, this field is ignored. https://www.tucny.com/Home/dscp-tos for a list of common TOS values. Digi Connect EZ 4/4i User Guide...
Page 833 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. Digi Connect EZ 4/4i User Guide...
Page 834 At least one policy is required for each binding. Each policy can contain up to 30 rules. a. Change to the policy node of the configuration: (config firewall qos 2)> policy (config firewall qos 2 policy)> Digi Connect EZ 4/4i User Guide...
Page 835 (config firewall qos 2 policy 0)> rule (config firewall qos 2 policy 0 rule)> ii. Add a rule: (config firewall qos 2 policy 0 rule)> add end (config firewall qos 2 policy 0 rule 0)> Digi Connect EZ 4/4i User Guide...
Page 836 Source traffic from any address will be matched. Firewall configuration for more information about firewall zones. interface: Only traffic from the selected interface will be matched. Set the interface: Digi Connect EZ 4/4i User Guide...
Page 837 (config network qos 2 policy 0 rule 0)> dst interface /network/interface/eth1 (config network qos 2 policy 0 rule 0)> address: Only traffic destined for the IP address typed in IPv4 address will be matched. Set the address that will be matched: Digi Connect EZ 4/4i User Guide...
Page 838: Web Filtering
Configure web filtering with Cisco Umbrella Required configuration items Enable web filtering. A Cisco Umbrella account. https://umbrella.cisco.com for information about how to create a Cisco Umbrella account. A 14 day trial account is available. A customer-specific API token. Digi Connect EZ 4/4i User Guide...
Page 839 5. Click Create. 6. Copy the token. Task two: Configure web filtering  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 840 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, use the command to delete the web-filter-id file, and confirm the deletion: Digi Connect EZ 4/4i User Guide...
Page 841: Configure Web Filtering With Manual Dns Servers
To configure web filtering with manual DNS servers:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 842 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. Enable web filtering: (config)> firewall web-filter enable true (config)> Digi Connect EZ 4/4i User Guide...
Page 843 Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> Digi Connect EZ 4/4i User Guide...
Page 844: Verify Your Web Filtering Configuration
Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 845 Linux shell: $ curl -I http://www.internetbadguys.com HTTP/1.1 200 OK Server: Apache Content-Type: text/html; charset=UTF-8 Accept-Ranges: bytes Date: Thu, Jan 11, 2024 12:10:00 Digi Connect EZ 4/4i User Guide...
Page 846: Show Web Filter Service Information
ID is a unique ID assigned to the device by Cisco Umbrella. If there is a problem with the device ID, you can clear the ID. See Clear the Cisco Umbrella device ID for instructions. Digi Connect EZ 4/4i User Guide...
Page 847 Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Enable FIPS mode Configuration files Schedule system maintenance tasks Disable device encryption Configure the speed of your Ethernet ports Configure the system watchdog Digi Connect EZ 4/4i User Guide...
Page 848: System Administration
Alt. Firmware Build Date : Fri, Jan 12, 2024 12:10:00 Bootloader Version : 19.7.23.0-15f936e0ed Current Time : Thu, Jan 11, 2024 12:10:00 +0000 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C Location Digi Connect EZ 4/4i User Guide...
Page 849: Configure System Information
Disk /tmp Usage : 0.003MB/120.0MB(0%) Disk /var Usage : 0.816MB/32.0MB(3%) > Configure system information You can configure information related to your Connect EZ device, such as providing a name and location for the device. Digi Connect EZ 4/4i User Guide...
Page 850 A banner that will be displayed when users access terminal services on the device. To enter system information:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 851: Update System Firmware
For example, Connect EZ-24.3.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that all newly installed devices are updated to that same version.
Page 852: Certificate Management For Firmware Images
Update system firmware Certificate management for firmware images The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The Connect EZ device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
Page 853 Newest firmware version available to download is '24.3' Device firmware update from '23.9.74.0' to '24.3' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 23.9.74.0...
Page 854 > Update firmware from a local file  1. Download the Connect EZ operating system firmware from the Digi Support FTP site to your local machine. Log into the Connect EZ WebUI as a user with full Admin access rights.
Page 855 7. Once the device has rebooted, log into the Connect EZ's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system Hostname : Connect EZ FW Version : 24.3 : 0040FF800120 Digi Connect EZ 4/4i User Guide...
Page 856: Dual Boot Behavior
Log into the Connect EZ WebUI as a user with full Admin access rights. 1. On the main menu, click System. Under Administration, click Firmware Update. 2. Click Duplicate firmware. 3. Click Duplicate Firmware.  Command line Digi Connect EZ 4/4i User Guide...
Page 857: Update Cellular Module Firmware
> system duplicate-firmware > Update cellular module firmware You can update modem firmware by downloading firmware from the Digi firmware repository, or by uploading firmware from your local storage onto the device. You can also schedule modem firmware updates. See Schedule system maintenance tasks for details.
Page 858: Update Modem Firmware Over The Air (Ota)
Command line Update modem firmware over the air (OTA) You can update your modem firmware by querying the Digi firmware repository to determine if there is new firmware available for your modem and performing an OTA modem firmware update: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights.
Page 859: Update Modem Firmware By Using A Local Firmware File
1' ... > To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined by using modem firmware ota list command. For example:: >...
Page 860: Reboot Your Connect Ez Device
You can reboot the Connect EZ device immediately or schedule a reboot for a specific time every day. Note You may want to save your configuration settings to a file before rebooting. See Save configuration to a file. Digi Connect EZ 4/4i User Guide...
Page 861: Reboot Your Device Immediately
2. At the prompt, type: > reboot Schedule reboots of your device  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 862 24 hours. See System time for information about configuring NTP servers. If reboot_window is set, the reboot will occur during a random time within the reboot window. Digi Connect EZ 4/4i User Guide...
Page 863: Erase Device Configuration And Reset To Factory Defaults
With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the client-side certificate is erased, you must use the Remote Manager interface to reset the certificate.
Page 864 Log into the Connect EZ WebUI as a user with full Admin access rights. 1. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 2. In the Erase configuration section, click ERASE. Digi Connect EZ 4/4i User Guide...
Page 865 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> Digi Connect EZ 4/4i User Guide...
Page 866: Custom Factory Default Settings
2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. Digi Connect EZ 4/4i User Guide...
Page 867 If you do not wait five minutes after restoring to custom factory defaults before performing these activities, the device will clear the custom factory defaults and reboot to standard factory defaults.  Command line Digi Connect EZ 4/4i User Guide...
Page 868: Locate The Device By Using The Find Me Feature
Locate the device by using the Find Me feature Use the Find Me feature to cause LEDs on the device to blink, which can help you to identify the specific device. To use this feature:  Digi Connect EZ 4/4i User Guide...
Page 869: Enable Fips Mode
AES based ciphers. When the FIPS setting is changed, the device will reboot automatically. Disabling FIPS after it has been enabled will cause the current configuration to be erased. Digi Connect EZ 4/4i User Guide...
Page 870 System administration Enable FIPSmode  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 871 Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. Enable FIPS: (config)> system fips true > 3. Save the change: (config)> save > 4. Reboot the device: > reboot > Digi Connect EZ 4/4i User Guide...
Page 872: Configuration Files
You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 873: Save Configuration To A File
1. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 2. In the Configuration backup section: a. (Optional) To encrypt the configuration using a passphrase, for Passphrase (save/restore), enter the passphrase. b. Click SAVE. Digi Connect EZ 4/4i User Guide...
Page 874: Restore The Device Configuration
> scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your Connect EZ device by using a backup from the device, or a backup from a similar device.  Digi Connect EZ 4/4i User Guide...
Page 875 IP address of the remote host. username is the name of the user on the remote host. remote-path is the path and filename of the file on the remote host that will be copied Digi Connect EZ 4/4i User Guide...
Page 876 EZ's filesystem (local-path in the previous step). passphrase (optional) is the passphrase to restore the configuration backup, if a passphrase was used when the backup was created. For example: > system restore /opt/backup-archive-0040FF800120-24.3- 19.23.42.bin Digi Connect EZ 4/4i User Guide...
Page 877: Schedule System Maintenance Tasks
The frequency (daily, weekly, or monthly) that checks for firmware updates will run.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 878 If Immediately is selected, all scheduled tasks will begin at the exact time specified in Start time. d. For Frequency, select whether the maintenance window will be started every day, or once per week. Digi Connect EZ 4/4i User Guide...
Page 879 3. Configure a system maintenance trigger: a. Add a trigger: (config)> add system schedule maintenance trigger end (config)> b. Set the type of trigger: (config add system schedule maintenance trigger)> type value (config)> where value is one of: Digi Connect EZ 4/4i User Guide...
Page 880 If 0 is used, all scheduled tasks will begin at the start time, defined in the previous step. (config system schedule maintenance trigger 0)> length num (config system schedule maintenance trigger 0)> where num is any whole number between 0 and 24. Digi Connect EZ 4/4i User Guide...
Page 881 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 882: Disable Device Encryption
CLI.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ 4/4i User Guide...
Page 883: Re-Enable Cryptography After It Has Been Disabled
Select the Properties of the relevant network connection on the Windows PC. b. Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: Digi Connect EZ 4/4i User Guide...
Page 884: Configure The Speed Of Your Ethernet Ports
# flatfsd -i This will re-enable encryption and leave the device at its factory default setting. Configure the speed of your Ethernet ports You can configure the speed of your Connect EZ device's Ethernet ports.  Digi Connect EZ 4/4i User Guide...
Page 885 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 886: Configure The System Watchdog
You can configure your Connect EZ device's advanced watchdog to test the system for problems, and to reboot the device when problems are encountered.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 887 Type admin to access the Admin CLI. 2. At the command line, type config to enter configuration mode: > config (config)> 3. The watchdog is enabled by default. To disable: (config)> system watchdog enable false (config)> Digi Connect EZ 4/4i User Guide...
Page 888 (config)> system watchdog tests interfaces interfaces add [value] (config)> with value being the name of the interface. f. To have the modem power cycled after an initial timeout instead of this timeout being reported as a failure: Digi Connect EZ 4/4i User Guide...
Page 889 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 890 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe Digi Connect EZ 4/4i User Guide...
Page 891: Intelliflow
Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.
Page 892: Enable Intelliflow
The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 893 (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 894: Configure Service Types
For example, to define a service type called "MyService" using ports 9000 and 9001:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 895 4. Set the port number: (config monitoring intelliflow ports 20)> port 9000 (config monitoring intelliflow ports 20)> 5. Set the service type: (config monitoring intelliflow ports 20)> service MyService (config monitoring intelliflow ports 20)> Digi Connect EZ 4/4i User Guide...
Page 896: Configure Domain Name Groups
Digi.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 897 (config)> add monitoring intelliflow groups end (config monitoring intelliflow groups 1)> 4. Set the domain name: (config monitoring intelliflow groups 1)> domian digi.com (config monitoring intelliflow groups 1)> 5. Set the group name: (config monitoring intelliflow groups 1)> group Digi (config monitoring intelliflow groups 1)>...
Page 898 7. Set the port number: (config monitoring intelliflow groups 2)> domain devicecloud.com (config monitoring intelliflow groups 2)> 8. Set the service type: (config monitoring intelliflow groups 2)> group Digi (config monitoring intelliflow groups 2)> 9. Save the configuration and apply the change (config)> save Configuration saved.
Page 899: Use Intelliflow To Display Average Cpu And Ram Usage
Display more granular information: 1. Click and drag over an area in the chart to zoom into that area and provide more granular information. 2. Release to display the selected portion of the chart: Digi Connect EZ 4/4i User Guide...
Page 900: Use Intelliflow To Display Top Data Usage Information
Log into the Connect EZ WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow. 2. From the menu, click Status > intelliFlow. Digi Connect EZ 4/4i User Guide...
Page 901 4. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 5. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. Digi Connect EZ 4/4i User Guide...
Page 902: Use Intelliflow To Display Data Usage By Host Over Time
2. From the menu, click Status > intelliFlow. 3. Click Host Data Usage Over Time. Display more granular information: a. Click and drag over an area in the chart to zoom into that area and provide more granular information. Digi Connect EZ 4/4i User Guide...
Page 903: Configure Netflow Probe
The number of seconds that a flow is active before it is exported to the NetFlow collectors. The maximum number of simultaneous flows. A label for the NetFlow collector. The port of the NetFlow collector. Additional NetFlow collectors. To probe network traffic and export statistics to NetFlow collectors: Digi Connect EZ 4/4i User Guide...
Page 904 Monitoring Configure NetFlow Probe  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 905 (config)> where version is one of: v5— NetFlow v5 supports IPv4 only. v9— NetFlow v9 supports IPv4 and IPv6. v10—NetFlow v10 (IPFIX) supports both IPv4 and IPv6 and includes IP Flow Information Export (IPFIX). Digi Connect EZ 4/4i User Guide...
Page 906 Add a collector: (config)> add monitoring netflow collector end (config monitoring netflow collector 0)> b. Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> Digi Connect EZ 4/4i User Guide...
Page 907 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 908: Central Management
Log into Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Remote Manager Configure multiple Connect EZ devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
Page 909: Digi Remote Manager Support
This URL is required to utilize the client-side certificate support. Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
Page 910 HTTP proxy server support. To configure your device's Digi Remote Manager support:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 911 Configure your device for Digi Remote Manager support 3. Click Central management. The Central management configuration window is displayed. Digi Remote Manager support is enabled by default. To disable, toggle off Enable central management. 4. For Service, select Digi Remote Manager.
Page 912 Central management Configure your device for Digi Remote Manager support Allowed values are any number of hours, minutes, or seconds, and take the format number {h|m|s}. For example, to set Cellular keep-alive interval to ten minutes, enter 10m or 600s.
Page 913 2. At the command line, type config to enter configuration mode: > config (config)> 3. Digi Remote Manager support is enabled by default. To disable Remote Manager support: (config)> cloud enable false (config)> 4. (Optional) Set the URL for the central management server.
Page 914 7. (Optional) Set the amount of time that the Connect EZ device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
Page 915 14. (Optional) Configure the Connect EZ device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)> cloud drm sms enable true (config)> b. Set the phone number for Digi Remote Manager: (config)> cloud drm sms destination value (config)> where value is either: Within the US: 12029823370 International: 447537431797 c.
Page 916: Collect Device Health Data And Set The Sample Interval
To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 917 3. Click Monitoring > Device Health. 4. (Optional) Click to expand Data point tuning. Data point tuning options allow to you configure what data are uploaded to the Digi Remote Manager. All options are enabled by default. 5. Only report changed values to Digi Remote Manager is enabled by default.
Page 918 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
Page 919: Enable Event Log Upload To Digi Remote Manager
To enable the event log upload, or disable it if it has been disabled, and to change the upload interval:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
Page 920 Central management Configure your device for Digi Remote Manager support c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click Monitoring > Device event logs.
Page 921: Reach Digi Remote Manager On A Private Network
The device is capable of connecting through an HTTP proxy, such as Squid, but it is up to the network administrator to decide which HTTP proxy type to use. To enable a proxy server and enter the server and port in Digi Remote Manager, see step 17 in Configure your device for Digi Remote Manager support.
Page 922: Log Into Digi Remote Manager
Central management Log into Digi Remote Manager Step 2. Contact Digi Support. Digi Support configures the Digi cloud service to allow your VPN to communicate with Digi Remote Manager. Contact Digi Support at https://www.digi.com/contactus. Log into Digi Remote Manager To start Digi Remote Manager 1.
Page 923: Use Digi Remote Manager To View And Manage Your Device
Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
Page 924: Add A Device To Remote Manager Using Your Remote Manager Login Credentials
4. For Digi Remote Manager Username, type your Remote Manager username. 5. For Digi Remote Manager Password, type your Remote Manager password. 6. For Digi Remote Manager Group (optional), type the group to which the device will be added, if needed.
Page 925: Configure Multiple Connect Ez Devices By Using Digi Remote Manager Configurations
Configure multiple Connect EZ devices by using Digi Remote Manager configurations Digi recommends you take advantage of Remote Manager configurations to manage multiple Connect EZ devices. A Remote Manager configuration is a named set of device firmware, settings, and file system options.
Page 926: View Digi Remote Manager Connection Status
You can also include site-specific settings with a profile to override settings on a device-by-device basis. View Digi Remote Manager connection status To view the current Digi Remote Manager connection status from the local device:  1. Log into the Connect EZ WebUI as a user with full Admin access rights.
Page 927: Learn More
Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Learn more To learn more about Digi Remote Manager features and functions, see the Digi Remote Manager User Guide.
Page 928: File System
The Connect EZ local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory Upload and download files Digi Connect EZ 4/4i User Guide...
Page 929: The Connect Ez Local File System
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 930: Create A Directory
160 Aug 25 17:49 temp > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 931: Display File Contents
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 932: Move Or Rename A File Or Directory
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. 2. At the Admin CLI prompt, type: > mv /etc/config/scripts/test.py /opt/ > Digi Connect EZ 4/4i User Guide...
Page 933: Delete A File Or Directory
'/etc/config/scripts/test.py'? yes > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 934: Upload And Download Files
1. On the menu, click System. Under Administration, click File System. The File System page appears. 2. Highlight the directory to which the file will be uploaded and click  to open the directory. 3. Click  (upload). Digi Connect EZ 4/4i User Guide...
Page 935: Upload And Download Files By Using The Secure Copy Command
To copy firmware from a remote host with an IP address of 192.168.4.1 to the /etc/config directory on the Connect EZ device, issue the following command: > scp host 192.168.4.1 user admin remote /home/admin/bin/Connect EZ-24.3.bin local /etc/config/scripts to local Digi Connect EZ 4/4i User Guide...
Page 936: Upload And Download Files Using Sftp
This example uploads firmware from a remote host to the Connect EZ device with an IP address of 192.168.2.1, using the username ahmed: $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> put Connect EZ-24.3 Uploading Connect EZ-24.3 to Connect EZ-24.3 Connect EZ-24.3 100% 830.4KB/s 00:00 sftp> exit Digi Connect EZ 4/4i User Guide...
Page 937 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit Digi Connect EZ 4/4i User Guide...
Page 938 Configure an email notification for a system event Configure an SNMP trap for a system event Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems Digi Connect EZ 4/4i User Guide...
Page 939: Perform A Speedtest
6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Generate a support report To generate and download a support report:  Digi Connect EZ 4/4i User Guide...
Page 940: Support Report Overview
The relevant log files are packaged into a .bin file that can be downloaded from the local (web) UI. For more information about generating support reports, see Generate a support report. Digi Connect EZ 4/4i User Guide...
Page 941 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system Digi Connect EZ 4/4i User Guide...
Page 942 Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report Digi Connect EZ 4/4i User Guide...
Page 943 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) Digi Connect EZ 4/4i User Guide...
Page 944: View System And Event Logs
1. On the main menu, click System > Logs. The system log displays: 2. Limit the display in the system log by using the Find search tool. 3. Use filters to configure the types of information displayed in the system logs. Digi Connect EZ 4/4i User Guide...
Page 945 Allowed values are critical, warning, info, and debug. For example, to limit the event list to only info messages: > show log filter info Timestamp Type Category Message ---------------- ------- --------- -------------------------------------- ----- Nov 26 22:01:26 info user name=admin~service=cli~state=opened~remote=192.168.1.2 Digi Connect EZ 4/4i User Guide...
Page 946: View Event Logs
3. Click  Events to expand the event viewer. 4. Limit the display in the event log by using the Find search tool. 5. Click  to download the event log.  Command line Digi Connect EZ 4/4i User Guide...
Page 947 Allowed values are error, info, and status. For example, to limit the event list to only info messages: > show event table info Timestamp Type Category Message ---------------- ------- --------- -------------------------------------- ----- Nov 26 22:01:26 info user name=admin~service=cli~state=opened~remote=192.168.1.2 Nov 26 22:01:25 info user name=admin~service=cli~state=closed~remote=192.168.1.2 > Digi Connect EZ 4/4i User Guide...
Page 948 View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 949: Configure Syslog Servers
Configure syslog servers You can configure remote syslog servers for storing event and system logs.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 950 Set the host name or IP address of the server: (config system log remote 0)> server hostname (config system log remote 0)> d. The event categories that will be sent to the server are automatically enabled when the server is enabled. Digi Connect EZ 4/4i User Guide...
Page 951: Configure Options For The Event And System Logs
30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  Digi Connect EZ 4/4i User Guide...
Page 952 Diagnostics Configure options for the event and system logs 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
Page 953 The heartbeat interval determines the amount of time to wait before sending a heartbeat event if no other events have been sent. (config)> system log heartbeat_interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. Digi Connect EZ 4/4i User Guide...
Page 954 (config)> system log event b. Depending on the event category, you can enable or disable informational events, status events, and error events. Some categories also allow you to set the status interval, which is Digi Connect EZ 4/4i User Guide...
Page 955 (config)> save Configuration saved. > 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 956: Configure An Email Notification For A System Event
SNMP traps option for the event category. Log in to the web 2. Click System > Device Configuration. The Configuration page displays. 3. Expand System > Log. 4. Expand SNMP traps. 5. Click Enable. The slider is blue when enabled. Digi Connect EZ 4/4i User Guide...
Page 957 8. Review the system log event categories and select the type of information that you want to save to the system log, and enable the Enable SNMP traps option. To configure these options, Configure options for the event and system logs. Digi Connect EZ 4/4i User Guide...
Page 958: Analyze Network Traffic
Example filters for capturing data traffic Capture packets from the command line Stop capturing packets Show captured traffic data Save captured data traffic to a file Download captured data to your PC Clear captured data Digi Connect EZ 4/4i User Guide...
Page 959: Configure Packet Capture For The Network Analyzer
The frequency with which captured events will be saved. To configure a packet capture configuration:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
Page 960 Click Ignore this IP address or network if the filter should ignore packets from this IP address/network. By default, is option is disabled, which means that the filter will capture packets from this IP address/network. vi. Click  to add additional IP address/network filters. Digi Connect EZ 4/4i User Guide...
Page 961 Click Ignore this VLAN if the filter should ignore packets that use this port. By default, is option is disabled, which means that the filter will capture packets that use this port. v. Click  to add additional VLAN filters. Digi Connect EZ 4/4i User Guide...
Page 962 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change.  Command line Digi Connect EZ 4/4i User Guide...
Page 963 (config network analyzer name filter address 0)> where value is one of: source: The filter will apply to packets when the IP address/network is the source. destination: The filter will apply to packets when the IP address/network is the destination. Digi Connect EZ 4/4i User Guide...
Page 964 If other is set for the protocol, set the number of the protocol: (config network analyzer name filter protocol 0)> protocol_other value (config network analyzer name filter protocol 0)> where value is an integer between 1 and 255 and represents the the number of the protocol. Digi Connect EZ 4/4i User Guide...
Page 965 To create a filter that either captures or ignores packets from one or more specified MAC addresses: i. Add a new MACaddress filter: (config network analyzer name)> add filter mac_address end (config network analyzer name filter mac_address 0)> Digi Connect EZ 4/4i User Guide...
Page 966 By default, is option is set to false, which means that the filter will capture packets from this MACaddress. iv. Repeat these steps to add additional VLANs. f. To create a filter using Berkeley Packet Filter (BPF) syntax: Digi Connect EZ 4/4i User Guide...
Page 967 (config network analyzer name)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set duration to ten minutes, enter either 10m or 600s: Digi Connect EZ 4/4i User Guide...
Page 968: Example Filters For Capturing Data Traffic
Capture traffic for a particular IP protocol: ip proto protocol where protocol is a number in the range of 1 to 255 or one of the following keywords: icmp, icmp6, igmp, pim, ah, esp, vrrp, udp, or tcp. Digi Connect EZ 4/4i User Guide...
Page 969: Capture Packets From The Command Line
To start packet capture from the command line:  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the Connect EZ local command line as a user with full Admin access rights. Digi Connect EZ 4/4i User Guide...
Page 970: Stop Capturing Packets
Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > analyzer stop name ? name: Name of the capture filter to use. Format: test_capture Digi Connect EZ 4/4i User Guide...
Page 971: Show Captured Traffic Data
00 00 00 00 ...@..Ethernet Header Destination MAC Addr : 00:40:D0:13:35:36 Source MAC Addr : fb:03:53:05:11:2f Ethernet Type : IP (0x0800) IP Header IP Version Header Length : 20 bytes : 0x00 Digi Connect EZ 4/4i User Guide...
Page 972: Save Captured Data Traffic To A File
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. Digi Connect EZ 4/4i User Guide...
Page 973: Download Captured Data To Your Pc
The File System page appears. 2. Highlight the analyzer directory and click  to open the directory. 3. Select the saved analyzer report you want to download and click  (download).  Command line Digi Connect EZ 4/4i User Guide...
Page 974: Clear Captured Data
See Configure packet capture for the network analyzer for more information. To determine available packet capture configurations, use the ?: > anaylzer clear name ? name: Name of the capture filter to use. Format: Digi Connect EZ 4/4i User Guide...
Page 975 Diagnostics Analyze network traffic test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. Digi Connect EZ 4/4i User Guide...
Page 976: Use The Ping Command To Troubleshoot Network Connections
Enable socket level debugging. dontfragment: Do not fragment probe packets. first_ttl: Specifies with what TTL to start. (Default: 1) gateway: Route the packet through a specified gateway. icmp: Use ICMP ECHO for probes. interface: Specifies the interface. Digi Connect EZ 4/4i User Guide...
Page 977 1. 192/8: The local network of the Connect EZ device. 2. 192.168.8.1: The local network gateway to the Internet. 3. 96/8: Charter Communications, the network provider. 4. 216/8: Google Inc. Stop the traceroute process To stop the traceroute process, enter Ctrl-C. Digi Connect EZ 4/4i User Guide...
Page 978: Command Line Interface
Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 1003 Digi Connect EZ 4/4i User Guide...
Page 979: Access The Command Line Interface
You can use an open-source terminal software, such as PuTTYor TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
Page 980: Exit The Command Line Interface
Connect EZ local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu. Type admin to access the Admin CLI. The Admin CLI prompt appears. > Digi Connect EZ 4/4i User Guide...
Page 981: Display Help For Commands And Parameters
View a file. Move a file or directory. ping Ping a host. reboot Reboot the system. Remove a file or directory. Copy a file or directory over SSH. show Show instance statistics. system System commands. Digi Connect EZ 4/4i User Guide...
Page 982: Display Help For Individual Commands
Show OpenVPN statistics. route Show IP routing information. scep-client Show SCEP client statistics. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. wifi Show Wi-Fi statistics. > show Digi Connect EZ 4/4i User Guide...
Page 983: Use The Tab Key Or The Space Bar To Display Abbreviated Help
(config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. Digi Connect EZ 4/4i User Guide...
Page 984: Available Commands
Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the Connect EZ device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the Connect EZ device Digi Connect EZ 4/4i User Guide...
Page 985: Use The Scp Command
The location on the remote host where the file will be copied. Copy a file from a remote host to the Connect EZ device To copy a file from a remote host to the Connect EZ device, use the command as follows: Digi Connect EZ 4/4i User Guide...
Page 986 Saving support report to /var/log/support-report-0040D0133536-24-01-12- 12:10:00.bin Support report saved. > 2. Use the scp command to transfer the report to a remote host: > scp host 192.168.4.1 user admin remote /home/admin/temp/ local /var/log/support-report-00:40:D0:13:35:36-24-01-12-12:10:00.bin to remote admin@192.168.4.1's password: adminpwd Digi Connect EZ 4/4i User Guide...
Page 987: Display Status And Statistics Using The Show Command
Alt. Firmware Build Date : Fri, Jan 12, 2024 12:10:00 Bootloader Version : 19.7.23.0-15f936e0ed Current Time : Thu, Jan 11, 2024 12:10:00 +0000 : 1.4% Uptime : 6 days, 6 hours, 21 minutes, 57 seconds (541317s) Temperature : 40C Location Digi Connect EZ 4/4i User Guide...
Page 988: Show Network
When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed. This includes validating configuration changes, canceling and reverting configuration changes, and performing actions on elements in lists. Configuration mode for information about using configuration mode. Digi Connect EZ 4/4i User Guide...
Page 989: Display Help For The Config Command From The Root Admin Cli Prompt
2. You can then display help for the additional configuration commands. For example, to display help for the config service command: > config service ? Services Additional Configuration ------------------------------------------------------------------------- mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP telnet Telnet web_admin Web administration > config service Digi Connect EZ 4/4i User Guide...
Page 990: Configuration Mode
When the command line is in configuration mode, the prompt will change to include (config), to indicate that you are currently in configuration mode. Enter configuration commands in configuration mode There are two ways to enter configuration commands while in configuration mode: Digi Connect EZ 4/4i User Guide...
Page 991: Save Changes And Exit Configuration Mode
You can discard any unsaved configuration changes and exit configuration mode by using the cancel command: (config)> cancel > After using cancel to discard unsaved changes to the configuration, you will automatically exit configuration mode. Digi Connect EZ 4/4i User Guide...
Page 992: Configuration Actions
(?) character at the config prompt. For example: 1. Enter ? at the config prompt: (config)> ? This will display the following help information: (config)> ? Additional Configuration ------------------------------------------------------------------------ application Custom scripts Digi Connect EZ 4/4i User Guide...
Page 993 Either of these methods will display the following information: config> service ? Services Additional Configuration ------------------------------------------------------------------------ mdns Service Discovery (mDNS) multicast Multicast remote_control Remote control snmp SNMP telnet Telnet web_admin Web administration (config)> service Digi Connect EZ 4/4i User Guide...
Page 994 At the config prompt, enter service ssh enable ?: (config)> service ssh enable ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> Digi Connect EZ 4/4i User Guide...
Page 995: Move Within The Configuration Schema
(config service ssh acl)> zone (config service ssh acl zone)> You can also enter multiple nodes at once to move multiple steps in the configuration: (config)> service ssh acl zone (config service ssh acl zone)> Digi Connect EZ 4/4i User Guide...
Page 996: Manage Elements In Lists
1 local (config)> To add the TACACS+ authentication method to the end of the list, use the end keyword: (config)> add auth method end tacacs+ (config)> show auth method 0 local 1 tacacs+ (config)> Digi Connect EZ 4/4i User Guide...
Page 997 Use the show command to verify that the local authentication method was removed: (config)> show auth method 0 tacacs+ 1 radius (config)> Move elements within a list Use the move command to reorder elements in a list. For example, to reorder the authentication methods: Digi Connect EZ 4/4i User Guide...
Page 998: The Revert Command
1. At the config prompt, enter revert: (config)> revert (config)> 2. Set the password for the admin user prior to saving the changes: (config)> auth user admin password pwd (config)> 3. Save the configuration and apply the change Digi Connect EZ 4/4i User Guide...
Page 999 (config auth method)> save Configuration saved. > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Digi Connect EZ 4/4i User Guide...
Page 1000: Enter Strings In Configuration Commands
For string parameters, if the string value contains a space, the value must be enclosed in quotation marks. For example, to assign a descriptive name for the device using the system command, enter: (config)> system description "Digi Connect EZ" Example: Create a new user by using the command line In this example, you will use the Connect EZ command line to create a new user, provide a password for the user, and assign the user to authentication groups.

This manual is also suitable for:

Connect ez 4