Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Digi Manuals
  4. Switch
  5. AnywhereUSB Plus
  6. User manual

Digi AnywhereUSB Plus User Manual

Hide thumbs Also See for AnywhereUSB Plus:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

Quick Links

Download this manual
AnywhereUSB Plus
User Guide
Firmware version 24.12

Advertisement

loading
Need help?

Need help?

Do you have a question about the AnywhereUSB Plus and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Digi AnywhereUSB Plus

Summary of Contents for Digi AnywhereUSB Plus

  • Page 1 AnywhereUSB Plus User Guide Firmware version 24.12...
  • Page 2 2025 functionality in DAL OS 24.12.x firmware and Remote Manager, there's now even more ways to upgrade the modems in or attached to your Digi routers. Make sure to review the Before you begin topic too because the options available to you depend on the DAL OS firmware version you are running.
  • Page 3 There's no need to know and/or specify the carrier because every firmware upgrade package includes all of the carrier images supported by Digi routers. The The modem firmware update is done using the modem firmware bundle ota CLI commands.
  • Page 4 What you see in the local Web UI or CLI is what you will see in Digi Remote Manager. For more information about this release, see the blog post called, "...
  • Page 5 Information in this document is subject to change without notice and does not represent a commitment on the part of Digi International. Digi provides this document “ as is,” without warranty of any kind, expressed or implied, including, but not limited to, the implied warranties of fitness or merchantability for a particular purpose.
  • Page 6 Contact us at +1 952.912.3444 or visit us at www.digi.com/support. Feedback To provide feedback on this document, email your comments to techcomm@digi.com Include the document title and part number (AnywhereUSB Plus User Guide, 90002383 n) in the subject line of your email. AnywhereUSB Plus User Guide...
  • Page 7 AnywhereUSB Plus User Guide Applicable hardware Supported OS Get started with your AnywhereUSB Before you begin: Register your AnywhereUSB Plus Step 1: Install the AnywhereUSB Manager on your computer Step 2: Assemble the AnywhereUSB Step 3: Create a list of Known Hubs...
  • Page 8 AnywhereUSB 24 Plus: Side Panel Additional power and cabling requirements: AnywhereUSB Plus 8 and 24 Mount the Hub on a rack (AnywhereUSB Plus 8 and 24 only) Remove the mounting brackets (AnywhereUSB Plus 8 and 24 only) QR code definition...
  • Page 9 Minimize the AnywhereUSB Manager when launched View AnywhereUSB Manager version and license information View latency graph Stop and start the AnywhereUSB Manager Windows service Stop the service Start the service Stop and start the Linux headless AnywhereUSB Manager AnywhereUSB Plus User Guide...
  • Page 10 Create a debug log file with the USB Debug Logging Wizard Step 1: Prepare the Hub Step 2: Run the USB Debug Logging Wizard Step 3: Send log files to Digi Tech Support and reconnect USB devices to your Hub. Firmware configuration Review AnywhereUSB Plus default settings...
  • Page 11 Log out of the web interface Review the dashboard Use the local REST API to configure the AnywhereUSB Plus device Use the GET method to return device configuration information Use the POST method to modify device configuration parameters and list arrays...
  • Page 12 Network Time Protocol Configure the device as an NTP server Show status and statistics of the NTP server Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Example performance test using iPerf3 AnywhereUSB Plus User Guide...
  • Page 13 Example performance test using iPerf3 Configure AnywhereUSB services Load an SSL certificate Applications Set up the AnywhereUSB Plus to automatically run your applications Configure scripts to run automatically Show script information Stop a script that is currently running Configure scripts to run manually...
  • Page 14 Configure web filtering with manual DNS servers Verify your web filtering configuration Show web filter service information Containers Use Digi Remote Manager to deploy and run containers Use an automation to start the container Upload a new LXC container Configure a container...
  • Page 15 Add a device to Remote Manager using information from the label Add a device to Remote Manager using your Remote Manager login credentials Configure multiple AnywhereUSB Plus devices by using Digi Remote Manager configurations View Digi Remote Manager connection status...
  • Page 16 Use the ping command to troubleshoot network connections Ping to check internet connection Stop ping commands Use the traceroute command to diagnose IP routing problems File system The AnywhereUSB Plus local file system Display directory contents Create a directory Display file contents Copy a file or directory...
  • Page 17 Log in to the command line interface Exit the command line interface Execute a command from the web interface Display help for commands and parameters The help command The question mark (?) command Display help for individual commands AnywhereUSB Plus User Guide...
  • Page 18 1014 modem firmware bundle ota list 1015 modem firmware bundle ota update 1015 modem firmware check 1015 modem firmware list 1015 modem firmware ota check 1016 modem firmware ota download 1016 AnywhereUSB Plus User Guide...
  • Page 19 1028 show l2tp lac 1028 show l2tp lns 1028 show l2tpeth 1028 show location 1029 show log 1029 show manufacture 1029 show modbus-gateway 1029 show modem 1030 show nemo 1030 show network 1030 show ntp 1030 AnywhereUSB Plus User Guide...
  • Page 20 1041 system storage mount 1041 system storage show 1041 system storage unmount 1041 system support-report 1042 system time set 1042 system time sync 1042 system time test 1042 tail 1042 traceroute 1043 vtysh 1044 AnywhereUSB Plus User Guide...
  • Page 21 1074 Security Troubleshooting AnywhereUSB Manager client ID is not unique 1076 No remote Hubs found 1076 Hide a group in the AnywhereUSB Manager 1077 Services turned off and locked out of the Hub 1077 AnywhereUSB Plus User Guide...
  • Page 22 1096 Slovak--Slovák 1097 Slovenian--Esloveno 1097 Spanish--Español 1098 Digi AnywhereUSB Plus regulatory and safety statements European Community - CE Mark Declaration of Conformity (DoC) 1100 CE and UKCA OEM labeling requirements 1100 CE labeling requirements 1100 UK Conformity Assessed (UKCA) labeling requirements...
  • Page 23 USB devices. The 8- and 24- port models provide support for 10 Gigabit Ethernet and include SFP+ interfaces. Applicable hardware This user guide contains information for these AnywhereUSB Plus models. Hardware features are shown in the table below. SFP+...
  • Page 24 AnywhereUSB Plus User Guide Supported OS Supported OS Windows Microsoft Windows Operating Systems supported: Microsoft Windows 7 Microsoft Windows 8.1 Microsoft Windows 10 Microsoft Windows 11 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2022...
  • Page 25 Let's get started! The steps below explain the main steps to getting started with your AnywhereUSB. Before you begin: Register your AnywhereUSB Plus Welcome to the Digi family! Register your new AnywhereUSB Plus today and start enjoying a suite of exclusive benefits, including centralized management and 24/7 technical support.
  • Page 26 The Hub administrator can use the web UI to configure network parameters, services, and other Hub features. You can update the firmware, back up the configuration, view system information and logs, and reboot the Hub. To get started, see Configure and manage the AnywhereUSB Hub in the web user interface. AnywhereUSB Plus User Guide...
  • Page 27 The AnywhereUSB Manager is a separate application that you use to configure and manage the USB ports included in the AnywhereUSB Plus. The Anywhere USB Manager software must be downloaded from the Digi support site and installed on your computer. After the software installs, the AnywhereUSB Manager launches and automatically discovers AnywhereUSB Hubs on the local subnet .
  • Page 28 Note This link takes you to the AnywhereUSB 2 Plus drivers page, but the driver options are the same for all AnywhereUSB Plus models. b. Click the Product Resources tab. This should be selected by default. c. In the Drivers & Patches section, click the AnywhereUSB Manager link.
  • Page 29 Launch AnywhereUSB Manager: Launch the AnywhereUSB Manager when the installation completes. Run AnywhereUSB Manager at Logon: Automatically launch AnywhereUSB Manager each time you log in to your Windows user account. Digi recommends that you do not de-select this option. Note If you have installed the Manager as a service, this option applies only to the current admin user.
  • Page 30 ID is used by your computer and the Hub to create a connection. 9. Click OK. Step 2: Add the client ID for the PC to the AnywhereUSB Hub client ID list This step allows the PC and the Hub to connect. AnywhereUSB Plus User Guide...
  • Page 31 The table below compares the features in each mode. Refer to the table to help you determine which mode is best for your organization. For more information about the user roles, see User roles. Feature Service mode Stand-alone mode Run and configure the Only an Administrator Any user (an AnywhereUSB Plus User Guide...
  • Page 32 If you are not an Administrator, you cannot run the Manager but you can see and use the devices that are connected from the Hub to you. Groups and devices remain connected when users log in or out. AnywhereUSB Plus User Guide...
  • Page 33 Install the AnywhereUSB Manager: Linux Stand-alone If you install the AnywhereUSB Manager as a stand-alone, Digi recommends that you select the Run AnywhereUSB Manager at Startup option during the installation process to automatically launch the Manager each time you log in to your Windows user account.
  • Page 34 You need to choose the awusbmanager package for your distro from the packages that were extracted in the previous step. Stand-alone or headless For ease of use, Digi recommends that you choose a stand-alone package, which includes both the stand-alone awusbmanager and the awusbmanager-headless binaries. Note The headless package is intended for advanced Linux users.
  • Page 35 Manager for configuration and monitoring. Note On some distros, log out and log back in is not enough and a reboot is required. 3. Install vhci_hcd if necessary. Some distributions (RHEL/Rocky/AlmaLinux/CentOS) do not provide the vhci_hcd kernel module. AnywhereUSB Plus User Guide...
  • Page 36 7. Add the client ID for the PC to the AnywhereUSB Hub client ID list. a. Right-click on the Hub name in the AnywhereUSB Manager and choose the Open Web UI menu option. The web UI for the Hub launches. AnywhereUSB Plus User Guide...
  • Page 37 Start the AnywhereUSB Manager: Linux After installation is complete, you can run the stand-alone Manager. Within the Manager you can monitor, configure, control the connected AnywhereUSB Hubs, connected groups and the USB devices in each. AnywhereUSB Plus User Guide...
  • Page 38 The standard awusbmanager package and the headless package provide a headless version of the AnywhereUSB Manager. The awusbmanager-headless does not provide a window for AnywhereUSB management, and is appropriate for server VMs without a display. Run this command to launch the headless manager: $ awusbmanager-headless Notes AnywhereUSB Plus User Guide...
  • Page 39 The cmdline also enables scripting of AnywhereUSB for configuration and monitoring after the installation is complete. Example: Configuration #!/bin/bash -e # Example script to configure Digi awusbmanager-headless # Configure headless awusbmanager (once after install) awusbmanager-headless KNOWN HUB ADD,AW24-010000 awusbmanager-headless AUTOCONNECT GROUP,AW24-010000.1 awusbmanager-headless AUTOCONNECT GROUP,AW24-010000.2...
  • Page 40 Advanced: Complete the Manager installation using the headless package Generally, you should choose a stand-alone package, which includes both the stand-alone awusbmanager and the awusbmanager-headless binaries. For ease of use, Digi recommends choosing the stand-alone package. The headless package is intended for advanced Linux users.
  • Page 41 Hub.to learn how to monitor devices connected to the Hub. Refer to the documentation in /usr/share/doc/awusbmanager/ for next steps, advanced topics, troubleshooting information and notes for various distributions. AnywhereUSB Plus User Guide...
  • Page 42 AnywhereUSB 2 Plus components AnywhereUSB 8 Plus components AnywhereUSB 24 Plus components NEXT STEP: If you are performing the initial device set-up, proceed to the next step after verifying the components: Step 2: Connect the power supply. AnywhereUSB Plus User Guide...
  • Page 43 Verify that you have the following included and required additional equipment. Included equipment Equipment Description AnywhereUSB 2-port device AnywhereUSB Plus 2 Plus Hub For details, see AnywhereUSB 2 Plus: Front panel. Power supply A power supply is included if you purchased an AnywhereUSB 2 (AW02-G300-GLB only) Hub with power supply (AW02-G300-GLB).
  • Page 44 Step 1: Verify product components Optional additional equipment DIN rail mounting kit Digi PN 7000682. Attach a DIN rail clip (AnywhereUSB Plus 2-port ONLY). Note Some kits may not have the required screws included. If this occurs, you will need to separately purchase two screws of the following type: 4 x 40 x .250 Flat or Phillips-head, zinc-plated...
  • Page 45 Philips screws are included. Use the screws provided to attach the mounting brackets to the device. You can then attach the device to your rack. Mount the Hub on a rack (AnywhereUSB Plus 8 and 24 only) Loose label sticker A loose label sticker that includes the unique device password is included in the box.
  • Page 46 Description Finisar Network FTLX8574D3BCL SFP+. Note Digi recommends that you use either the Ethernet cable or the SFP+ module. If both the Ethernet cable and the SFP+ module are connected, data is sent and received by SFP+ only. Ethernet is not used to send or receive data.
  • Page 47 By default, a mounting bracket is attached to each side of the Hub. You can use these to attach the Hub to a rack. You can remove the brackets if desired. Mount the Hub on a rack (AnywhereUSB Plus 8 and 24 only) Remove the mounting brackets (AnywhereUSB Plus 8 and...
  • Page 48 Hub to verify that the power supplies are active. Using two cords maximizes heat dissipation. Digi also recommends that you plug each power cord into separate main power circuits. SFP+ modules Connect an SFP transceiver module for fiber connection, such as Finisar Network FTLX8574D3BCL SFP+.
  • Page 49 Digi CORE® module SIM card An activated SIM card provided by your cellular network operator. You can insert up to two SIM cards in the CORE module. The CORE module supports the standard mini-SIM cards (2FF). Antennas (2) AnywhereUSB Plus User Guide...
  • Page 50 Note For an AnywhereUSB 24 Plus Hub, plug both power cords into an outlet, if you are using two power cords. Digi recommends plugging each power cord into separate main power circuits. 3. Verify that the blue power LED is illuminated.
  • Page 51 A CORE module may be included with your device. If it is not, you must purchase one separately. A CORE module can be connected to only AnywhereUSB 8 and 24 port devices. For information about using a cellular connection, see Use the CORE module to connect to the cellular network. AnywhereUSB Plus User Guide...
  • Page 52 Assemble the AnywhereUSB hardware Step 3: Connect the AnywhereUSB to a computer WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub.
  • Page 53 For more detailed information, see Configure the Wi-Fi radio's channel. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 54 This section explains how to connect the CORE module and cellular antennas to the AnywhereUSB hardware. You can then connect to a cellular network to connect to a support management tool, such as Digi Remote Manager. You must have purchased a CORE module to be able to connect to the cellular network.
  • Page 55 6. Plug the power supply to an outlet. Note For an AnywhereUSB 24 Plus Hub, plug both power supplies into an outlet, if you are using both power supplies. Digi recommends plugging each power cord into separate main power circuits. Step 4: Verify initial connection After the hardware has been connected and powered on, and you have installed the AnywhereUSB Manager, verify that the Hub connection is working as expected.
  • Page 56 Click Add Client. A new row labeled " New Client" is added to the client list and the Settings for Client section is populated for the new client. h. In the Client ID field, enter the client ID you assigned to your user login credentials. AnywhereUSB Plus User Guide...
  • Page 57 Download the firmware onto your computer, and make note of the location. 2. Log into the AnywhereUSB Web UI as a user with Admin access. 3. On the main menu, click System. Under Administration, click Firmware Update. 4. Click Upload file. AnywhereUSB Plus User Guide...
  • Page 58 These Hubs can be on the same network as your computer or on a different network. You can add Hubs with either IPv4 or IPv6 addresses. Digi recommends that after your Hubs have made the initial connection to the AnywhereUSB Manager and you have added the Hubs found during the Autofind process to the Known Hubs list, you should disable the Autofind Hubs feature.
  • Page 59 Hub IP addresses to the Known Hubs list. 7. You can enable the Autofind Hubs feature at any time and then repeat this process to automatically find Hubs and add them to the Known Hubs list. AnywhereUSB Plus User Guide...
  • Page 60 Name groups and assign ports to a group Each USB port on the AnywhereUSB Plus is assigned to a group in the AnywhereUSB Manager. By default, all ports are assigned to Group 1. You can update the default name for each group, and then configure the USB ports into the desired groups.
  • Page 61 ID is allowed access. As you select groups, the selected group numbers appear in the Group Access field. You can also manually enter group numbers in the Group Access field. 6. Click Apply to save the changes. AnywhereUSB Plus User Guide...
  • Page 62 If you are connected to the group, right-click on a USB device name and click Connect to Device. You are connected to that USB device and to all of the USB ports in the group. AnywhereUSB Plus User Guide...
  • Page 63 If the group is owned by another user, you are not allowed to connect to the device. Connect to a group of USB ports To be able to use the USB ports on the AnywhereUSB Plus, you must launch the AnywhereUSB Manager and connect to the group to which the USB port is assigned.
  • Page 64 Not connected to the group: Right-click on the USB device name and click Connect to Group to connect to the group and the USB device. A note appears next to the device name and in the Device Status pane to show that the device is being used by you. AnywhereUSB Plus User Guide...
  • Page 65 AnywhereUSB 24 Plus: Side Panel Additional power and cabling requirements: AnywhereUSB Plus 8 and 24 Mount the Hub on a rack (AnywhereUSB Plus 8 and 24 only) Remove the mounting brackets (AnywhereUSB Plus 8 and 24 only) QR code definition...
  • Page 66 Blinks green and then orange: The Find Me feature has been activated. Power Connect the power supply: 5 Volt DC center positive. The Hub draws 5 Amp maximum when both USB ports are drawing 1.8 connector Amps each. AnywhereUSB Plus User Guide...
  • Page 67 Black screws: Set of two: 4 x 40 x 0.250, Phillips-head, zinc-plated screws. These screws are required for use with the AnywhereUSB Plus 2-port device. Silver screws: This set cannot be used with AnywhereUSB Plus 2-port device and can be disregarded.
  • Page 68 Hardware AnywhereUSB 2 Plus: Back panel 4. Tighten the screws as needed to securely fasten the DIN rail clip to the device. 5. Use the DIN rail clip to mount the device to a rail. AnywhereUSB Plus User Guide...
  • Page 69 Connect to the Hub using an Ethernet LAN connection Note Digi recommends that you use either the Ethernet cable or the SFP+ module. If both the Ethernet cable and the SFP+ module are connected, data is sent and received by SFP+ only. Ethernet is not used to send or receive data.
  • Page 70 Updating modem firmware Slow flash green Slow flash green Recovering modem firmware Slow flash green Waiting for modem to appear Modem not present. Solid green Modem is connected Solid red No SIM card present Fast flash green Connecting AnywhereUSB Plus User Guide...
  • Page 71 Description Solid green Modem signal strength: 5 bars Fast flash green Modem signal strength: 3-4 bars Slow flash green Modem signal strength: 1-2 bars Slow flash red Modem signal strength: 0 bars Modem signal strength: * AnywhereUSB Plus User Guide...
  • Page 72 Use this button to reset the AnywhereUSB Hub configuration to factory defaults. Erase device configuration and reset to factory defaults Power connector Connect the power supply to the Hub. Connect the power supply AnywhereUSB 8 Plus: Side Panel AnywhereUSB Plus User Guide...
  • Page 73 AnywhereUSB 8 Plus: Side Panel Item Name Description Mounting Each side of the AnywhereUSB Plus 8 Plus has four holes used to attach a bracket rack mounting bracket to the side of the Hub. A rack mounting kit is holes included.
  • Page 74 AnywhereUSB 24 Plus: Front panel Item Name Description Rack mounting The AnywhereUSB Plus 24 Plus has rack mounting brackets installed by brackets default. These can be removed and adjusted if needed. DB9 Console Used to access a console using the RS232 DTE interface.
  • Page 75 Name Description Note Digi recommends that you use either the Ethernet cable or the SFP+ module. If both the Ethernet cable and the SFP+ module are connected, data is sent and received by SFP+ only. Ethernet is not used to send or receive data.
  • Page 76 Connecting Solid green Modem signal strength: 5 bars Fast flash green Modem signal strength: 3-4 bars Slow flash green Modem signal strength: 1-2 bars Slow flash red Modem signal strength: 0 bars Modem signal strength: * AnywhereUSB Plus User Guide...
  • Page 77 Fan 1 Primary fan. Fan 2 Secondary fan. Power Connect the power supply to the Hub. connector Connect the power supply Power Connect the second (optional) power supply. This is used for connector redundancy. AnywhereUSB Plus User Guide...
  • Page 78 NEMA locking connector, 18 AWG. The male cable connector to the device is a 2ESDVM-02P (Dinkle). The product is certified and intended for use only with the Digi provided power supply. Use with 3rd party supplies is not covered by the Digi warranty.
  • Page 79 Hardware Remove the mounting brackets (AnywhereUSB Plus 8 and 24 only) AnywhereUSB 24 Plus By default, the brackets are attached to the AnywhereUSB 24 Plus. You do not have to attach them unless they have been removed. AnywhereUSB 8 Plus The AnywhereUSB 8 Plus can be mounted on a rack using the rack mount kit included with the device.
  • Page 80 A QR code is printed on the label attached to the device and on the loose label included in the box with the device components. The QR code contains information about the device. QRcode items Semicolon separated list of: ProductName;DeviceID;Password;SerialNumber;SKUPartNumber SKUPartRevision Note There is a space between PartNumber and PartRevision. Example AnywhereUSB 8 Plus;00000000-00000000-112233FF-FF445566;PW1234567890;AW08-123456;AW08- G300 E AnywhereUSB Plus User Guide...
  • Page 81 Manage the Hubs using the AnywhereUSB Manager You can use the AnywhereUSB Manager to view the AnywhereUSB Plus Hubs that are allowed to connect to your computer. You can also connect to groups of USB ports on the Hubs. By default, the AnywhereUSB Manager is configured to automatically discover Hubs that are connected to the same network as your computer.
  • Page 82 If you erase the device configuration or reset the device to factory defaults, the password for the admin user will revert to the original, factory-assigned default password. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 83 Click on a Hub, group, or device name to display information about the selected Hub, group, or device in the status pane on the right side of the AnywhereUSB Manager. AnywhereUSB Manager Status pane AnywhereUSB Manager Hub Status pane AnywhereUSB Manager Group Status pane AnywhereUSB Manager USB Device Status pane AnywhereUSB Plus User Guide...
  • Page 84 This section explains how to use the icons in the AnywhereUSB Manager and what they represent. The icons in the AnywhereUSB Manager show the status of a Hub or a USB device. Icon Location Description Green lock: Active and secure connection between the Hub and the AnywhereUSB Plus User Guide...
  • Page 85 Help > Always on Top Help > Create Support File Help > Online Manual Help > About AnywhereUSB Manager Hub menu options Right-click on a Hub name in the AnywhereUSB Manager to configure and maintain the Hub. AnywhereUSB Plus User Guide...
  • Page 86 Windows: You can install the Manager in either stand-alone or service mode. Linux: You can pick a package and install the Manager as either headless or stand-alone. Stand-alone mode When installed in stand-alone mode, AnywhereUSB displays in the Status pane. AnywhereUSB Plus User Guide...
  • Page 87 For information about the connection status messages, see AnywhereUSB Manager connection status messages. AnywhereUSB Manager Hub Status pane When you select an AnywhereUSB Hub in the AnywhereUSB Manager, information about the Hub displays in the Hub Status pane. AnywhereUSB Plus User Guide...
  • Page 88 " Group" appended by a consecutive number, such as Group 1, Group 2, and so on. You can change the group name in the AnywhereUSB screen in the web UI. See Name groups and assign ports to a group. AnywhereUSB Plus User Guide...
  • Page 89 AnywhereUSB Manager is running. You can change the local name using the Assign a Local Name menu option for the device. See Assign a local name to a USB device. Vendor ID The USB vendor ID. AnywhereUSB Plus User Guide...
  • Page 90 The " Duplicate Connection" message displays if a Hub is found twice and appears twice in the AnywhereUSB Manager. This occurs if you have added a Hub to the known Hub list that is on same network as your computer, and you have the Autofind Hubs feature enabled. The AnywhereUSB Manager attempts AnywhereUSB Plus User Guide...
  • Page 91 Client ID overview. WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub. The first time that a client ID on a computer connects to the Hub, the unique credentials for this known user are stored in your Hub.
  • Page 92 Step 2: A dd the Hub certificate to the Manager After the Hub has been removed from the Manage Hub Credentials list, the AnywhereUSB Manager forgets the Hub certificate and gets a new one on the next connection attempt. AnywhereUSB Plus User Guide...
  • Page 93 Hub. See Duplicate Hub. Problem: Network issue blocking access You should verify whether a network issue is blocking access to the Hub. Attempt to ping the Hub: AnywhereUSB Plus User Guide...
  • Page 94 You can add a client ID to the Hub during the AnywhereUSB Manager installation process. See Client ID overview. You can manually add a client ID to the client list for the Hub. See Manually add a client AnywhereUSB Plus User Guide...
  • Page 95 Start Manager minimized Autofind Hubs Include IPv6 Addrs in Autofind Use All Hub IPv4 Addresses Hide unauthorized Hubs Auto-register Hub Cert Restore default settings Minimum TLS Version Advanced tab Specify search, response, and keepalive intervals for a Hub AnywhereUSB Plus User Guide...
  • Page 96 Hub, and the Hub attempts to connect to the Manager. The Auto- register Hub Cert option configuration determines whether the Manager collects and stores the Hub's certificate. The table below explains the configuration options. AnywhereUSB Plus User Guide...
  • Page 97 The Autofind Hubs feature works with the Include IPv6 Addrs in Autofind option. This option determines whether IPv6 addresses found during the Autofind process are used to attempt to connect to the Hub. See Configure the Include IPv6 Addrs in Autofind option for details. AnywhereUSB Plus User Guide...
  • Page 98 Hubs, which is a list of Hub IP addresses that your AnywhereUSB Manager is allowed to connect to when you open the Manager. Digi recommends that after your Hubs have made the initial connection to the AnywhereUSB Manager and you have added the Hubs that were automatically found to the list of Known Hubs, you should disable the Autofind Hubs feature.
  • Page 99 Hub. This is the default. Connection attempts using all discovered IPv4 addresses for Enabled Disabled Hub, if any. Disabled The Autofind feature is not used. The only connection attempts are from the Known Hubs list. AnywhereUSB Plus User Guide...
  • Page 100 Assign a local name to a group You can give a group a descriptive local name. The local name can be seen only on the computer on which the AnywhereUSB Manager is running. The name assigned to the group (default or local) AnywhereUSB Plus User Guide...
  • Page 101 Manager as a stand-alone. See Disconnect from a USB device in a group. Move the port to a group on the Hub to which you are not connected. See Name groups and assign ports to a group. AnywhereUSB Plus User Guide...
  • Page 102 Hub automatically cycles the power to each USB device when it disconnects. To ensure that a USB device remains disconnected, you must disable this feature. See Cycle the power to a device when it disconnects from a To disconnect from a device in a group: AnywhereUSB Plus User Guide...
  • Page 103 5. Select Enable Auto Connect. If you were not already connected to the group, you are immediately connected to the group. A note appears next to the group name and in the Group Status pane to show that you are connected to the group. AnywhereUSB Plus User Guide...
  • Page 104 2. Select Configure > Known Hubs. The Known Hubs dialog appears. 3. Verify that the IP address for the Hub is in the list. Known Hubsdialog Open the AnywhereUSB Manager. 2. Select Configure > Known Hubs. The Known Hubs dialog appears. AnywhereUSB Plus User Guide...
  • Page 105 Manager closes that connection and red X displays. In this situation, the Hub added to the known Hubs list is considered a duplicate Hub, and should be removed from the known Hubs list. AnywhereUSB Plus User Guide...
  • Page 106 Display a hidden Hub. Open AnywhereUSB Manager. 2. Right-click on the Hub that you want to hide. The shortcut menu appears. 3. Click Hide Hub. The next time the AnywhereUSB Manager updates, the hidden Hub is AnywhereUSB Plus User Guide...
  • Page 107 You can choose to automatically hide all unauthorized Hubs, which is a Hub that has failed to connect to your computer. An unauthorized Hub appears with a red X next to it in the list of Hubs in AnywhereUSB Plus User Guide...
  • Page 108 Specify search, response, and keepalive intervals for a Hub You can specify the search and response time for Hubs on the network, and the keepalive intervals for the connection between the Hub and the AnywhereUSB Manager. AnywhereUSB Plus User Guide...
  • Page 109 You can specify the minimum TLS version that the AnywhereUSB service will accept. The default is TLS version 1.3. Note You can also configure the minimum TLS version in the Hub's web UI. See Configure AnywhereUSB services. Open the AnywhereUSB Manager. 2. Choose File > Preferences. The Preferences dialog displays. AnywhereUSB Plus User Guide...
  • Page 110 4. Click Add. The Choose a credential file window appears. 5. Browse for the new certificate file and click Open. The file should have a .pem extension. 6. An update message displays in the Manage Hub Credentials dialog. 7. Click Close. AnywhereUSB Plus User Guide...
  • Page 111 Configure the Hub to assign a device address You can configure the Hub to retain the Windows address for the ports in a group. You must connect to the group before you can assign a port address to a device address. AnywhereUSB Plus User Guide...
  • Page 112 When selections are complete, click Unassign. To de-select all of the ports, click Unassign All. 8. Select the Show Assign Port in Device Menu option to display the assigned virtual port number in the AnywhereUSB Manager USB Device Status pane. AnywhereUSB Plus User Guide...
  • Page 113 Open the AnywhereUSB Manager. 2. Select File > Preferences. The Preferences dialog appears. 3. Click the Setup tab. 4. Click Restore default settings. A dialog appears. 5. Select the Keep Client ID option. This is selected by default. AnywhereUSB Plus User Guide...
  • Page 114 If the AnywhereUSB Manager is running, you have to close it. From the AnywhereUSB Manager, click File > Exit to disconnect all USB devices connected to your computer, close all connections, and close the AnywhereUSB Manager. b. In the Windows search field, enter: services.msc AnywhereUSB Plus User Guide...
  • Page 115 3. Make a note of the file location. 4. Click OK to close the dialog. 5. Navigate to the file location and copy it. You can then email the copy to Digi Technical Support. Note If you installed the AnywhereUSB Manager in service mode, you must have Administrator rights on the computer to copy the file.
  • Page 116 You can review the relative latency of all of the Hubs connected to the network. Note The Latency Graph menu item is not available when the AnywhereUSB Manager is installed in service mode. Open the AnywhereUSB Manager. 2. Select Help > Latency graph to display the latency graph. AnywhereUSB Plus User Guide...
  • Page 117 AnywhereUSB Manager. 1. In the Windows search field, enter: services.msc 2. The Services dialog displays. Scroll through the list to find the Digi AnywhereUSB Manager service. 3. Right-click on the service to display the shortcut menu, and click Stop. The Status for the service becomes blank.
  • Page 118 2. Click File > Exit to disconnect all USB devices connected to your computer, close all connections, and close the AnywhereUSB Manager. 3. If you are connected to any USB devices, a confirmation dialog appears. 4. Click Yes to exit the AnywhereUSB Manager. AnywhereUSB Plus User Guide...
  • Page 119 Enabled by default. Cycle the power to a device when it disconnects from a To disable this feature: Disable the power cycle on disconnect feature. Disconnects happen when: A device is manually disconnected from the Manager AnywhereUSB Plus User Guide...
  • Page 120 If an externally powered USB device (one that is not powered by the Hub) is connected to the Hub, the power cycle feature may have no effect on the USB device. Note You can also power cycle a port using the powercycle port CLI command. AnywhereUSB Plus User Guide...
  • Page 121 Note This feature is disabled by default on the AnywhereUSB Plus 24 variant without Wi-Fi. If your device has a serial number greater than or equal to AW24-010000, this feature can be enabled. Otherwise, the feature does not work as expected and should not be enabled.
  • Page 122 PC. Note This feature is disabled by default on the AnywhereUSB Plus 24 variant without Wi-Fi. If your device has a serial number greater than or equal to AW24-010000, this feature can be enabled. Otherwise, the feature does not work as expected and should not be enabled.
  • Page 123 Enable USB debug logging Select this option to enable USB debug logging. This feature should only be used when working with Digi Technical Support to debug an issue. Group Settings Click Group Settings to expand this section. In this section you can name groups and assign USB ports to the groups.
  • Page 124 Click Add Client to manually add a new client ID. Manually add a client Automatically Register This feature is not currently implemented. Unknown Clients Group Access This section is related to the Automatically Register Unknown Clients option, which is not currently implemented. AnywhereUSB Plus User Guide...
  • Page 125 Click the  (configuration) icon in the upper right corner of the  configuration icon page to access the AnywhereUSB Configuration page. See Configure and manage the AnywhereUSB Hub in the web user interface more information. Group The group to which the client has connected or an AnywhereUSB Plus User Guide...
  • Page 126 For more detailed information, see Unblock a client Click the  (configuration) icon in the upper right corner of the  configuration icon page to access the AnywhereUSB Configuration page. See AnywhereUSB Configuration page for more information. AnywhereUSB Plus User Guide...
  • Page 127 By default, the AnywhereUSB Hub name is the serial number assigned to the Hub. The serial number for the Hub is on the Hub's label. The Hub name displays in the Name field in the Hub Status pane the AnywhereUSB Manager. AnywhereUSB Plus User Guide...
  • Page 128 A computer can connect to more than one group at a time. Configure a client ID Manually add a client ID Remove a client ID Automatically register or reject unknown clients Client ID overview AnywhereUSB Plus User Guide...
  • Page 129 AnywhereUSB Manager client ID is not unique. WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub. The first time that a client ID on a computer connects to the Hub, the unique credentials for this known user are stored in your Hub.
  • Page 130 Configure and manage the AnywhereUSB Hub in the web user interface Configure and manage client IDs Note Digi recommends disabling the Automatically Register Unknown Clients option if you choose to manually add multiple client IDs to the client list. See Automatically reject unknown clients.
  • Page 131 A client ID is assigned to user credentials the first time a user logs into a computer and launches the AnywhereUSB Manager. WARNING! Digi recommends that you use a private network to connect the computer to the Hub. This ensures that only clients IDs with known user credentials can connect to the Hub.
  • Page 132 USB devices in the groups that allow access to automatically registered clients. Using this feature on secure and insecure (public) networks Note This feature is inherently insecure. Digi recommends that you disable the Automatically Register Unknown Clients option and manually add client IDs to the list. See Manually add a client Secure network: If the Hub is on a secure network, you may want to enable this feature for the initial set up, when many clients are connecting to the Hub.
  • Page 133 Hub's configuration. Note This feature is inherently insecure. Digi recommends that you disable the Automatically Register Unknown Clients option and manually add client IDs to the list. See Manually add a client To confirm that a client ID has been added automatically, you can review the client ID list.
  • Page 134 This is useful if you need to change the groups included in the block or if you need to extend the block time period. Note Only a Hub administrator can access the AnywhereUSB Status page and block a client ID. AnywhereUSB Plus User Guide...
  • Page 135 When the blocked time period limit is reached, any group that has auto-connect enabled automatically reconnects. The client ID can also manually reconnect to devices in the previously blocked groups. Note You can also use a CLI command to configure the time limit. AnywhereUSB Plus User Guide...
  • Page 136 Name of the USB device manufacturer, if supplied by the device. Product Name of the USB product, if supplied by the device. Serial number The serial number of the USB device, if supplied by the device. AnywhereUSB Plus User Guide...
  • Page 137 AnywhereUSB Configuration page. See AnywhereUSB Configuration page for more information. Block a Client section The fields and options in this section are used to block a client ID. For more detailed information, Block a client AnywhereUSB Plus User Guide...
  • Page 138 You can manually assign an IP address to the Hub. You would need to do this when your computer and the Hub are both connected to a private network and you do not have a DHCP server. AnywhereUSB Plus User Guide...
  • Page 139 IMPORTANT: Make note of the current IP address entries for IP address, Subnet mask, and Default gateway. You will need this information to complete the final step of the process. 5. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 AnywhereUSB Plus User Guide...
  • Page 140 When the wizard is completed, the option is disabled. For information about this option, see AnywhereUSB Configuration page. During the process, two log files are created, and you should send both of these to Digi Tech Support. AnywhereUSB Plus User Guide...
  • Page 141 Step 2: Run the USB Debug Logging Wizard This step explains how to run the USB Debug Logging Wizard to create both of the debug log files that you will send to Digi Tech Support. Open the web 2. Click Status > Services > AnywhereUSB. The AnywhereUSB Status page displays.
  • Page 142 2. Combine the usbtrace.tar.gz and awusbmanager_support.bin files into a .zip file. 3. Email the zipped file to Digi Technical Support. a. From the Digi Tech Support case documenting the issue, open an email reply to Digi Technical Support. b. In the body of the email, enter the wall clock time of the occurrence that you just collected and your time zone.
  • Page 143 Change the default SSID and pre-shared key for the preconfigured Wi-Fi access point Configuration methods Using Digi Remote Manager Access Digi Remote Manager Open the web user interface Review the dashboard Use the local REST API to configure the AnywhereUSB Plus device Using the command line AnywhereUSB Plus User Guide...
  • Page 144 Firmware configuration Review AnywhereUSB Plus default settings Review AnywhereUSB Plus default settings You can review the default settings for your AnywhereUSB Plus device by using the local WebUI or Digi Remote Manager: Local WebUI 1. Log into the AnywhereUSB Plus WebUI as a user with Admin access. See...
  • Page 145 To change the default password for the admin user:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 146 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 147 Pre-shared key: The unique password printed on the bottom label of the device.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 148 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 149 Configuration methods There are three methods for configuring your AnywhereUSB Plus device: Web interface The local web interface on the Hub, which includes a separate page for all AnywhereUSB Plus configuration. Open the web user interface for information about accessing the web interface from a Hub.
  • Page 150 2. Check your email for Digi Remote Manager login instructions. 3. Go to remotemanager.digi.com. 4. Enter your user name and password. The Digi Remote Manager Dashboard appears. Open the web user interface You can open the web user interface for a selected AnywhereUSB Hub from the AnywhereUSB Manager.
  • Page 151 Digi Remote Displays the device connection status for Digi Remote Manager, the amount of Manager time the connection has been up, and the Digi Remote Manager device ID. Using Digi Remote Manager. The links in this section enable you to do the following:...
  • Page 152 Use the local REST API to configure the AnywhereUSB Plus device Your AnywhereUSB Plus device includes a REST API that can be used to return information about the device's configuration and to make modifications to the configuration. You can view the REST API specification from your web browser by opening the URL: https://ip-address/cgi-bin/config.cgi...
  • Page 153 Firmware configuration Use the local REST API to configure the AnywhereUSB Plus device 2. At the command line, type config to enter configuration mode: > config (config)> 3. At the config prompt, type ?(question mark): (config)> ? auth Authentication cloud...
  • Page 154 Firmware configuration Use the local REST API to configure the AnywhereUSB Plus device "result": { "type": "object", "path": "service.ssh" "collapsed": { "acl.zone.0": "internal" "acl.zone.1": "edge" "acl.zone.2": "ipsec" "acl.zone.3": "setup" "enable": "true" "key": "" "mdns.enable": "true" "mdns.name": "" "mdns.type": "_ssh._tcp." "port": "22"...
  • Page 155 Firmware configuration Use the local REST API to configure the AnywhereUSB Plus device $ curl -k -u admin "https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.enable&value=false" -X POST Enter host password for user 'admin': { "ok": true } Use the POST method to add itemsto a list array To add items to a list array, use the POST method with the path and append parameters.
  • Page 156 Firmware configuration Use the local REST API to configure the AnywhereUSB Plus device "1": "edge" "2": "ipsec" "3": "setup" "4": "external" 2. Use the DELETE method to remove the external zone (list item 4). $ curl -k -u admin https://192.168.210.1/cgi- bin/config.cgi/value?path=service.ssh.acl.zone.4 -X DELETE...
  • Page 157 You can use an open-source terminal software, such as PuTTYor TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
  • Page 158 1: Serial: port1 (9600,8,1,none,none) q: Quit Select access or quit [admin] : Type a or admin to access the AnywhereUSB Plus command line. You will now be connected to the Admin CLI: Connecting now... Press Tab to autocomplete commands Press '?' for a list of commands and details...
  • Page 159 Local Area Network (LAN) or assigned to a Wide Area Network (WAN). This chapter contains the following topics: Define a static IP address Wide Area Networks (WANs) Local Area Networks (LANs) Virtual LANs (VLANs) Bridging Show SureLink status and statistics Configure a TCP connection timeout AnywhereUSB Plus User Guide...
  • Page 160 Define a static IP address You can configure a static IP address for the AnywhereUSB. 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed.
  • Page 161 Wide Area Networks (WANs) Wide Area Networks (WANs) The AnywhereUSB Plus device is preconfigured with one Wide Area Network (WAN), named ETH1, and one Wireless Wide Area Network (WWAN), named Modem. You can modify configuration settings for the existing WAN and WWANs, and you can create new WANs and WWANs.
  • Page 162 Configured WAN and WWAN interfaces. This example uses the preconfigured ETH1 and Modem interfaces. The metric for each WAN.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 163 Click IPv6. d. For Metric, type 1. 4. Set the metrics for ETH1: a. Click Network > Interfaces > ETH1 > IPv4. b. For Metric, type 2. c. Click IPv6. d. For Metric, type 2. AnywhereUSB Plus User Guide...
  • Page 164 Wide Area Networks (WANs) 5. Click Apply to save the configuration and apply the change. The AnywhereUSB Plus device is now configured to use the cellular modem WWAN, Modem, as its highest priority WAN, and its Ethernet WAN, ETH1, as its secondary WAN.
  • Page 165 WAN, and its Ethernet WAN, ETH1, as its secondary WAN. WAN/WWAN failover If a connection to a WAN interface is lost for any reason, the AnywhereUSB Plus device will immediately fail over to the next WAN or WWAN interface, based on WAN priority. See...
  • Page 166 Problems can occur beyond the immediate WAN/WWAN connection that prevent some IP traffic from reaching its destination. Normally this kind of problem does not cause the AnywhereUSB Plus device to detect that the WAN has failed, because the connection continues to work while the core problem exists somewhere else in the network.
  • Page 167 Otherwise, the device will reboot and all recovery actions listed after the Reboot Device action will be ignored.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 168 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address. See...
  • Page 169 DHCP, or statically configured for this interface. Test the interface status: Tests the current status of the interface. The test fails if the interface is down. Failing this test infers that all other tests fail. AnywhereUSB Plus User Guide...
  • Page 170 Click to expand Recovery actions. By default, there are two preconfigured recovery actions: Update routing: Uses the Change default gateway action, which increases the interface's metric by 100 to change the default gateway. Restart interface. AnywhereUSB Plus User Guide...
  • Page 171 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. AnywhereUSB Plus User Guide...
  • Page 172 Test interface gateway by pinging is used by the Interface gateway Ping test as the endpoint for traceroute to use to determine the interface gateway. The default is 8.8.8.8, and should only be changed if this IP address is not accessible due to networking issues. AnywhereUSB Plus User Guide...
  • Page 173 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot obtain an IP address. See...
  • Page 174 Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: (config network interface my_wan surelink tests 1)> dns_server IP_address (config network interface my_wan surelink tests 1)> AnywhereUSB Plus User Guide...
  • Page 175 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config network interface my_wan surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: AnywhereUSB Plus User Guide...
  • Page 176 /network/interface/eth2 /network/interface/loopback Current value: (config network interface my_wan surelink tests 1)> other_ interface ii. Set the interface. For example: (config network interface my_wan surelink tests 1)> other_ interface /network/interface/eth1 (config network interface my_wan surelink tests 1)> AnywhereUSB Plus User Guide...
  • Page 177 Set the type of recovery action. If multiple recovery actions are configured, they are performed in the order that they are listed. The command varies depending on whether the interface is a WAN or WWAN: AnywhereUSB Plus User Guide...
  • Page 178 Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config network interface my_wan surelink actions 0)> test_ failures int (config network interface my_wan surelink actions 0)> The default is 3. AnywhereUSB Plus User Guide...
  • Page 179 (config network interface my_wan surelink actions 0)> modem_power_cycle: This recovery action is available for WWAN interfaces only. If modem_power_cycle is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: AnywhereUSB Plus User Guide...
  • Page 180 (config network interface my_wan surelink actions 0)> custom_ action_commands_modem "string" (config network interface my_wan surelink actions 0)> Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. AnywhereUSB Plus User Guide...
  • Page 181 (config)> network interface my_wan surelink timeout value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set timeout to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 182 IP address is not accessible due to networking issues. To set to an alternate host: (config)> network interface my_wan surelink advanced interface_gateway hostname/IP_address (config)> 8. Save the configuration and apply the change. (config network interface my_wan ipv4 surelink)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 183 Type quit to disconnect from the device. Configure the device to reboot when a failure is detected Using SureLink, you can configure the AnywhereUSB Plus device to reboot when it has determined that an interface has failed. Required configuration items Enable SureLink.
  • Page 184 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 185 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. The Interface address. The Interface DNS server. AnywhereUSB Plus User Guide...
  • Page 186 If Test another interface's status is selected, complete the following: Test interface: The interface to test. IP version: The type of IP connection, one of: Any: Either the IPv4 or IPv6 connection must be up. Both: Both the IPv4 or IPv6 connection must be up. AnywhereUSB Plus User Guide...
  • Page 187 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. AnywhereUSB Plus User Guide...
  • Page 188 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. f. Repeat for each additional recovery action. 12. (Optional) Configure advanced SureLink parameters: AnywhereUSB Plus User Guide...
  • Page 189 When SureLink is configured for Wireless WANs, SureLink tests are only run if the cellular modem is connected and has an IP address. Use the SIM failover options to configure the AnywhereUSB Plus device to automatically recover the modem in the event that it cannot AnywhereUSB Plus User Guide...
  • Page 190 (config network interface my_wan surelink tests 1)> ping_ method value (config network interface my_wan surelink tests 1)> where value is one of: hostname: The hostname or IP address of an external server. Set ping_host to the hostname or IP address of the server: AnywhereUSB Plus User Guide...
  • Page 191 (config network interface my_wan surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set interface_down_time to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 192 Set the TCP port to create a TCP connection to. (config network interface my_wan surelink tests 1)> tcp_port port (config network interface my_wan surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 193 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). f. Repeat for each additional test. AnywhereUSB Plus User Guide...
  • Page 194 Type ... to return to the root of the configuration: (config network interface my_wan surelink actions 0)> ... (config)> b. Set the test interval between connectivity tests: (config)> network interface my_wan surelink interval value (config)> AnywhereUSB Plus User Guide...
  • Page 195 (config)> network interface my_wan surelink advanced delayed_start value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set delayed_start to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 196 DNS resolution, you can disable SureLink connectivity tests. You can also reconfigure SureLink to disable the DNS test and use one or more other tests.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 197 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 198 Internet access, or that have restricted wired WAN connections that do not allow DNS resolution, and configure alternate test.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 199 Ping payload size: The number of bytes to send as part of the ping payload. DNS test: Performs a DNS query to the named DNS server. If DNS test is selected, complete the following: DNS server: The IP address of the DNS server. AnywhereUSB Plus User Guide...
  • Page 200 IPv6: The IPv6 connection must be up. Expected status: The status required for the test to past. Up: The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). AnywhereUSB Plus User Guide...
  • Page 201 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 202 Failing this test infers that all other tests fail. If interface_up is set, complete the following: Set the amount of time that the interface is down before the test can be considered to have failed. AnywhereUSB Plus User Guide...
  • Page 203 If tcp_connection is selected, complete the following: Set the hostname or IP address of the host to create a TCP connection to: (config network interface my_wan surelink tests 1)> tcp_host hostname/IP_address (config network interface my_wan surelink tests 1)> AnywhereUSB Plus User Guide...
  • Page 204 The IPv6 connection must be up. The status required for the test to past. (config network interface my_wan surelink tests 1)> other_ status value (config network interface my_wan surelink tests 1)> where value is one of: AnywhereUSB Plus User Guide...
  • Page 205 To achieve this WAN failover from the ETH1 to the Modem interface, the WAN failover configuration  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 206 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 207 Type quit to disconnect from the device. Using Ethernet devices in a WAN The AnywhereUSB Plus device has Ethernet devices, named ETH1ETH2. You can use these Ethernet interfaces as a WAN when connecting to the Internet, through a device such as a cable modem:...
  • Page 208 SIM, the modem will attempt to reconnect to the SIM in the preferred SIM slot. To configure the modem:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: AnywhereUSB Plus User Guide...
  • Page 209 Interfaces Wide Area Networks (WANs) Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
  • Page 210 14. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 211 6. To set the preferred SIM slot check schedule: (config)> network modem modem sim_slot_preference_value where value is one of the following: 1: SIM slot 1. 2. SIM slot 2. (config)> ...run-time when value where value is one of the following: after boot AnywhereUSB Plus User Guide...
  • Page 212 (config)> network modem modem access_tech value (config)> Available options for value vary depending on the modem type. To determine available options: (config)> network modem modem access_tech ? Access technology: The cellular network technology that the modem may use. Format: AnywhereUSB Plus User Guide...
  • Page 213 Configure cellular modem A PNs To configure the APN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: AnywhereUSB Plus User Guide...
  • Page 214 On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. For your single-cellular AnywhereUSB Plus, click Network > Interfaces > Modem > modem > APN Selection. 4. For APN Selection, select whether you want your AnywhereUSB Plus to use the preconfigured APNs, custom APNs, or both.
  • Page 215 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 216 (config)> network interface modem modem apn 0 attm2mglobal false (config)> 9. (Optional) To configure the device to use either the preconfigured APNs, custom APNs, or both: (config)> network interface modem modem apn_selection value (config)> Where value is one of the following: apn_list_only both_lists built-in-list-only AnywhereUSB Plus User Guide...
  • Page 217 Using an AT&T SIM with the Telit LE910-NAv2 module is supported. The Telit LE910-NAv2 module is used in the 1002-CM04 CORE modem.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 218 For Add Interface, type WWAN_Private and click . h. For Interface type, select Modem. i. For Zone, select External. j. For Device, select Modem . This should be the same modem selected for the WWAN_Public WWAN. AnywhereUSB Plus User Guide...
  • Page 219 Click the  to add another route policy. h. For Label, enter Route through private APN. i. For Interface, select Interface: WWAN_Private. j. Configure the source address: i. Click to expand Source address. ii. For Type, select Interface. iii. For Interface, select LAN2. AnywhereUSB Plus User Guide...
  • Page 220 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 221 (config)> add network route policy end (config network route policy 0)> b. Set the label that will be used to identify this route policy: (config network route policy 0)> label "Route through public apn" (config network route policy 0)> AnywhereUSB Plus User Guide...
  • Page 222 Set the label that will be used to identify this route policy: (config network route policy 1)> label "Route through private apn" (config network route policy 1)> i. Set the interface: (config network route policy 1)> interface /network/interface/WWANPrivate (config network route policy 1)> AnywhereUSB Plus User Guide...
  • Page 223 Type quit to disconnect from the device. Configure manual carrier selection By default, your AnywhereUSB Plus automatically selects the most appropriate cellular carrier based on the SIM that is in use and the status of available carriers in your area.
  • Page 224 Interfaces Wide Area Networks (WANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 225 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 226  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. From the main menu, click Status > Modems. 2. Scroll to the Connection Status section and click SCAN.
  • Page 227 You can view a summary status for all cellular modems, or view detailed status and statistics for a specific modem.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click Status. 2. Under Connections, click Modems.
  • Page 228 IPv4 DNS server(s) : 245.144.162.207, 245.144.162.208 IPv6 surelink : passing IPv6 address : 11f6:4680:0d67:59d2:552b:3429:81a8:f1ea IPv6 gateway : ff50:d95d:7e98:abe8:3030:9138:4f25:f51b IPv6 MTU : 1500 TX bytes : 127941 RX bytes : 61026 Uptime : 10 hrs, 56 mins (39360s) AnywhereUSB Plus User Guide...
  • Page 229 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 230 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 231 IMEI SV: 9 FSN: LQ650551070110 +GCAP: +CGSM 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 232 Additional IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the WAN. The relative weight for IPv4 routes associated with the WAN.
  • Page 233 MAC address denylist and allowlist. To create a new WAN or edit an existing WAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 234 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The AnywhereUSB Plus can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 235 Never: Never use DNS servers for this interface. k. Enable DHCP Hostname to instruct the AnywhereUSB Plus device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 236 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 237 (config network interface my_wan)> where value is one of: always: DNS will always be used for this WAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. AnywhereUSB Plus User Guide...
  • Page 238 Never use DNS servers for this interface. vi. Enable DHCP Hostname to instruct the AnywhereUSB Plus device to include the device's system name with DHCP requests as the Client FQDN option. The DHCP server can then be configured to register the device's hostname and IP address with an associated DNS server.
  • Page 239 8. (Optional) To configure 802.1x port based network access control: Note The AnywhereUSB Plus can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the AnywhereUSB Plus device: (config network interface my_wan)>...
  • Page 240 APN configuration. The custom gateway/netmask. IPv4 configuration: The type being the way to control how the modem in the Digi device obtains an IP address from the cellular network. The metric for IPv4 routes associated with the WAN. The relative weight for IPv4 routes associated with the WAN.
  • Page 241 Configure SureLink active recovery to detect WAN/WWAN failures for further information.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 242 Manual: The cellular carrier must be manually configured. If the configured network is not available, no cellular connection will be established. Manual/Automatic: The carrier is manually configured. If the configured network is not available, automatic carrier selection is used. If Manual or Manual/Automatic is selected: AnywhereUSB Plus User Guide...
  • Page 243 Reset modem: The device will reset the modem if automatic SIM switching is unavailable. Reboot device: The device will reboot if automatic SIM switching is unavailable. 13. For APN Selection, select whether you want to configure the AnywhereUSB Plus to use the preconfigured APNs, custom APNs, or both. See Cellular modem APNs for information and instructions for setting an APN.
  • Page 244 IPv6 support is Enabled by default. Click to disable. c. Set the Type. Static IP address - Digi device obtains the static IP address from the cellular network. DHCP address - Digi device obtains IP address through a DHCP server on the cellular network.
  • Page 245 6. Set the SIM matching criteria to determine when this WWAN should be used: (config network interface my_wwan)> modem match value (config network interface my_wwan)> Where value is one of: carrier Set the cellular carrier must be in active for this WWAN to be used: AnywhereUSB Plus User Guide...
  • Page 246 (config network interface my_wwan)> sim_slot Set which SIM slot must be in active for this WWAN to be used: (config network interface my_wwan)> modem sim_slot value (config network interface my_wwan)> where value is either 1 or 2. AnywhereUSB Plus User Guide...
  • Page 247 2G: Only 2Gtechnology will be used. 3G: Only 3Gtechnology will be used. 4G: Only 4Gtechnology will be used. NR5G-NSA: Only 5Gnon-standalone technology will be used. NR5G-SA: Only 5Gstandalone technology will be used. The default is all. AnywhereUSB Plus User Guide...
  • Page 248 Where value is one of the following: apn_list_only both_lists built-in-list-only 13. (Optional) To configure the IP address of a custom gateway or a custom netmask: a. Enable the custom gateway: (config network interface my_wwan)> modem custom_gw enable true (config network interface my_wwan)> AnywhereUSB Plus User Guide...
  • Page 249 Where value is one of: static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. c. Set the metric: (config network interface my_wwan)> ipv4 metric num (config network interface my_wwan)>...
  • Page 250 Where value is one of: static: Digi device obtains the static IP address from the cellular network. dhcp: Digi device obtains IP address via a DHCP server on the cellular network. c. Set the metric: (config network interface my_wwan)> ipv4 metric num (config network interface my_wwan)>...
  • Page 251 Type quit to disconnect from the device. Show WAN and WWAN status and statistics  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. From the menu, click Status. 2. Under Networking, click Interfaces.
  • Page 252 WAN. For example, to display information about ETH1, enter show network interface eth1: > show network interface eth1 wan1 Interface Status --------------------- Device : eth1 Zone : external IPv4 Status : up IPv4 Type : dhcp AnywhereUSB Plus User Guide...
  • Page 253 Follow this procedure to delete any WANs and WWANs that have been added to the system. You cannot delete the preconfigured WAN, ETH1, or the preconfigured WWAN, Modem.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 254 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 255 Local Area Networks (LANs) Local Area Networks (LANs) The AnywhereUSB Plus device is preconfigured with the following Local Area Networks (LANs): You can modify configuration settings for ETH2, and you can create new LANs. This section contains the following topics:...
  • Page 256 A Local Area Network (LAN) connects network devices together, such as Ethernet or Wi-Fi, in a logical Layer-2 network. The following diagram shows a LAN connected to the ETH2 Ethernet device and the Digi AP access point (available for Wi-Fi enabled models only). Once the LAN is configured and enabled, the devices connected to the network interfaces can communicate with each other, as demonstrated by the ping commands.
  • Page 257 MAC address denylist and allowlist. To create a new LAN or edit an existing LAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 258 8. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The AnywhereUSB Plus can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 259 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 260 To configure the LAN to be a DHCP client, rather than using a static IP addres: (config network interface my_lan)> ipv4 type dhcp (config network interface my_lan)> These instructions assume that the LAN will use a static IP address for its IPv4 configuration. AnywhereUSB Plus User Guide...
  • Page 261 Set the IPv6 type to DHCP: (config network interface my_lan)> ipv6 type dhcpv6 (config network interface my_lan)> c. Generally, the default settings for IPv6 support are sufficient. You can view the default IPv6 settings by using the question mark (?): AnywhereUSB Plus User Guide...
  • Page 262 If the minimum length is not available, then a longer prefix will be used. Configure WAN/WWAN priority and default route metrics for further information about metrics. 8. (Optional) To configure 802.1x port based network access control: AnywhereUSB Plus User Guide...
  • Page 263 Type quit to disconnect from the device. Configure the ETH1 port as a LAN or in a bridge By default, the ETH1 Ethernet port on your AnywhereUSB Plus is configured to function as a WAN port, which means that it:...
  • Page 264 ETH1 port. To configure the ETH1 Ethernet port as a LAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 265 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 266 To bridge the AnywhereUSB Plus device's ETH1 Ethernet port with or Wi-Fi access points:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 267 Repeat for additional access points. 4. Create a LAN interface for the bridge: a. Click Network > Interfaces. b. For Add Interface, type a name for the interface and click . c. For Zone, select Internal. AnywhereUSB Plus User Guide...
  • Page 268 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 269 (config network bridge LAN_bridge)> To remove a port or access point from the bridge: i. Use the show keyword to display the devices: (config network bridge LAN_bridge)> show .. lan1 device 0 /network/device/eth1 /network/wifi/ap/digi_ap (config network bridge LAN_bridge)> AnywhereUSB Plus User Guide...
  • Page 270 (config network interface LAN_bridge_interface)> ipv4 address 192.168.3.1/24 (config network interface LAN_bridge_interface)> f. Enable the DHCP server: (config network interface LAN_bridge_interface)> ipv4 dhcp_server enable true (config network interface LAN_bridge_interface)> 5. Disable the eth1 interface: (config)> network interface eth1 enable false (config)> AnywhereUSB Plus User Guide...
  • Page 271 IPs. The local DHCP server range will also change to the range of the LAN subnet. To change the LAN subnet:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 272 Type quit to disconnect from the device. Show LAN status and statistics  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. From the menu, click Status. 2. Under Networking, click Interfaces. ...
  • Page 273 : 192.168.2.1/24 IPv4 Gateway IPv4 MTU : 1500 IPv4 Metric IPv4 Weight : 10 IPv4 DNS Server(s) IPv6 Status : up IPv6 Type : prefix IPv6 Address(es) : fd00:2704::1/48 IPv6 Gateway IPv6 MTU : 1500 IPv6 Metric AnywhereUSB Plus User Guide...
  • Page 274 Follow this procedure to delete any LANs that have been added to the system. You cannot delete the preconfigured LAN, LAN1.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 275 Type quit to disconnect from the device. DHCP servers You can enable DHCP on your AnywhereUSB Plus device to assign IP addresses to clients, using either: The DHCP server for the device's local network, which assigns IP addresses to clients on the device's local network.
  • Page 276 Map static IP addresses to hosts for information about static leases.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 277 For Gateway, select either: None: No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. Automatic: Broadcasts the AnywhereUSB Plus device's gateway. Custom: Allows you to identify the IP address of a Custom gateway to be broadcast.
  • Page 278 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 279 No gateway is broadcast by the DHCP server. Client destinations must be resolvable without a gateway. auto: Broadcasts the AnywhereUSB Plus device's gateway. custom: Allows you to identify the IP address of a custom gateway to be broadcast: (config)>...
  • Page 280 (config)> where value is one of: none: No server is broadcast. auto: Broadcasts the AnywhereUSB Plus device's server. custom: Allows you to identify the IP address of the server. For example: (config)> network interface my_lan ipv4 dhcp_server advanced primary_dns_custom ip_address (config)>...
  • Page 281 Required configuration items IP address that will be mapped to the device. MAC address of the device. A dditional configuration items A label for this instance of the static lease. To map static IP addresses:  AnywhereUSB Plus User Guide...
  • Page 282 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 283 8. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show current static IP mapping To view your current static IP mapping:  AnywhereUSB Plus User Guide...
  • Page 284 Delete static IP mapping entries To delete a static IP entry:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager:...
  • Page 285 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 286 Required configuration items DHCP option number. Value for the DHCP option. A dditional configuration items The data type of the value. Force the option to be sent to the DHCP clients. A label for the custom option. AnywhereUSB Plus User Guide...
  • Page 287 Interfaces Local Area Networks (LANs)  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 288 0)> force true (config network interface my_lan ipv4 dhcp_server advanced custom_option 0)> 9. (Optional) Set the data type that the option uses. If the incorrect data type is selected, the device will send the value as a string. AnywhereUSB Plus User Guide...
  • Page 289 LAN. For the AnywhereUSB Plus device, DHCP relay is configured by providing the IP address of a DHCP relay server, rather than an IP address range. If both the DHCP relay server and an IP address range are specified, DHCP relay is used, and the specified IP address range is ignored.
  • Page 290 Interfaces Local Area Networks (LANs) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 291 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show DHCP server statusand settings View DHCP status to monitor which devices have been given IP configuration by the AnywhereUSB device and to diagnose DHCP issues.  AnywhereUSB Plus User Guide...
  • Page 292 Interfaces Local Area Networks (LANs) Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click Status 2. Under Networking, click DHCP Leases.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights.
  • Page 293 IP address assigned to it on a WAN or cellular modem interface, to a client connected to a LAN interface.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 294 For Access concentrator name, type the name of the access concentrator to report to the client. If no name is provided, the host name is used. d. For Authentication method, select the authentication method used to connect to the remote peer. AnywhereUSB Plus User Guide...
  • Page 295 For Configuration file, type or paste configuration data using the format of a pppd options file. 14. (Optional) Click to expand 802.1x to configure 802.1x port based network access control. The AnywhereUSB Plus can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Click to expand Authentication.
  • Page 296 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 297 (config network interface ip_passthrough_interface)> where value is one of: always: DNS will always be used for this WAN; when multiple interfaces have the same DNS server, the interface with the lowest metric will be used for DNS requests. AnywhereUSB Plus User Guide...
  • Page 298 Modify any of the remaining default settings as appropriate. 10. (Optional) To configure 802.1x port based network access control: Note The AnywhereUSB Plus can function as an 802.1x authenticator; it does not function as an 802.1x supplicant. a. Enable the 802.1x authenticator on the AnywhereUSB Plus device: (config network interface ip_passthrough_interface)>...
  • Page 299 VLAN, which isolates networks from one another, even though they run over the same physical network. Your AnywhereUSB Plus device supports two VLANs modes: Trunking: Supports multiple VLANs per Ethernet port, which enables you to extend your VLAN across multiple switches through your entire network.
  • Page 300 The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 301 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 302 The VLAN ID. The TCP header uses the VLAN ID to identify the destination VLAN for the packet. To create a VLAN using switchport mode:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 303 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 304 (config network vlan vlan1)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 305 You can also use bridging to create a Vitural LAN switchport bridge. See Create a VLAN using switchport mode for more information about switchport bridging for VLANs. This section contains the following topics: Configure a bridge AnywhereUSB Plus User Guide...
  • Page 306 Additional configuration items Enable Spanning Tree Protocol (STP). To create a bridge:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 307 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 308 (config network bridge my_bridge)> ..interface lan device ? Default value: /network/lan Current value: /network/lan (config network bridge my_bridge)> b. Add the appropriate device. For example, to add the Digi AP Wi-Fi access point: (config network bridge my_bridge)> add device end /network/wireless/ap/digi_ap (config)>...
  • Page 309  Command line Show SureLink State To show the current state of SureLink for the AnywhereUSB Plus device, use the show surelink state command: 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights.
  • Page 310 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 311 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 312 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 313 A low number of retries will end a " stale" connection more quickly that a larger number. The default is 15 retries.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 314 Interfaces Configure a TCP connection timeout Minimum: 0 Maximum: 255 Default: 15 4. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 315 AnywhereUSB Plus devices have a single console port that provides access to the command line interface. Use an RS232 DB9 console cable to establish a serial connection from your AnywhereUSB Plus to your local laptop or PC. You can then use a terminal emulator program to establish the serial connection.
  • Page 316 Console port Console port pinout Description Data Carrier Detect Received Data Transmit Data Data Terminal Ready Ground Data Set Ready Request To Send Clear To Send Ring Indicator AnywhereUSB Plus User Guide...
  • Page 317 Configure a Wi-Fi access point with personal security Configure a Wi-Fi access point with enterprise security Isolate Wi-Fi clients Configure a Wi-Fi client and add client networks Show Wi-Fi access point status and statistics Show Wi-Fi client status and statistics AnywhereUSB Plus User Guide...
  • Page 318 Beacon interval A ccesspoint Default setting Name Digi AP Enabled or disabled Enabled SSID Digi-AnywhereUSB PlusW-serial_number SSID broadcast Enabled Encyrption WAP2 Personal (PSK) Pre-shared key The unique password printed on the bottom label of the device. AnywhereUSB Plus User Guide...
  • Page 319 Wi-Fi Wi-Fi configuration Default setting Group rekey interval 10 minutes Isolate clients Enabled Client mode connections None. AnywhereUSB Plus User Guide...
  • Page 320 Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 321 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 322 Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 323 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 324 Not all Digi devices currently support 5 GHz. Before you try to use this feature, verify that your device supports 5 GHz.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 325 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 326 Wi-Fi Configure the Wi-Fi radio's transmit power 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 327 The amount of time to wait before changing the group key. To configure a Wi-Fi access point with no security:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration:...
  • Page 328 Wi-Fi Configure an open Wi-Fi access point Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a.
  • Page 329 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 330 Wi-Fi radio is restarted. The default is 10 minutes. 1. Assign the Wi-Fi access point to a LAN interface or to a bridge. See Configure a Local Area Network (LAN) Configure a bridge for more information. AnywhereUSB Plus User Guide...
  • Page 331 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 332 2. Save the configuration and apply the change. (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 333 The amount of time to wait before changing the group key. To configure a Wi-Fi access point to use personal security:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 334 Only select WPA3 Personal (SAE) if you know that all Wi-Fi clients connecting to this device will have WPA3 capabilities. 9. For Pre-shared key, enter the password that clients will use when connecting to the access point. AnywhereUSB Plus User Guide...
  • Page 335 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre-shared key. The wpa_ passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
  • Page 336 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
  • Page 337 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 338 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
  • Page 339 2. Save the configuration and apply the change. (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 340 The amount of time to wait before changing the group key. To configure a Wi-Fi access point with WPA2 enterprise security:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 341 Click to expand RADIUS server list. b. Click to expand RADIUS server. c. For RADIUS IP/hostname, type the IP address or hostname of the RADIUS server. d. (Optional) Change the RADIUS port. The default port is 1812. AnywhereUSB Plus User Guide...
  • Page 342 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 343 Add a server: (config network wifi ap new_AP)> add encryption radius_servers end (config network wifi ap new_AP encryption radius_servers 1)> ii. Configure the new server as described above. For example, set the server IP address: AnywhereUSB Plus User Guide...
  • Page 344 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 345 11. (Optional) Set the amount of time to wait before changing the group key. The group key is shared by all in clients of the access point, and after a client has disconnected, it will be able to use the group key to decrypt broadcast packets until the key AnywhereUSB Plus User Guide...
  • Page 346 2. Save the configuration and apply the change. (config)> save Configuration saved. > 3. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 347 This section provides instructions for both mechanisms. Isolate clients connected to the same access point  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 348 3. Assign those LAN interfaces to separate firewall zones. 4. Create firewall filters to prevent traffic between the two firewall zones.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 349 3. Create a new access point. By default, the AnywhereUSB PlusW comes with one preconfigured access point, named Digi AP. In these instructions, we will use the existing Digi AP access point and create another new access point, named new_AP.
  • Page 350 For Device, select the new Wi-Fi access point. e. Click to expand IPv4. f. For Address, type an IP address and subnet for the LAN. g. Click to expand DHCP server. h. Enable the DHCP server. AnywhereUSB Plus User Guide...
  • Page 351 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 352 Set the label for the filter: (config firewall filter 0)> label "Drop traffic from Internal to LAN2_isolation_zone" (config firewall filter 0> iii. Set the source zone to internal: (config firewall filter 0)> src_zone internal (config firewall filter 0)> AnywhereUSB Plus User Guide...
  • Page 353 (config network interface LAN2)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 354 To configure a Wi-Fi client:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 355 Configure a Wi-Fi client and add client networks 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings.
  • Page 356 Wi-Fi Configure a Wi-Fi client and add client networks shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command. If WPA2 Enterprise is selected: Select the Extensible Authentication Protocol (EAP), one of: TLS: Client certificate authentication.
  • Page 357 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 358 If you need to configure a Wi-Fi passphrase with any non-printable ASCII characters, you can use the wpa_passphrase tool to generate the appropriate pre- shared key. The wpa_passphrase command is available in the shell console of a DAL OS Digi device. For details about the command, see the wpa_passphrase Linux command.
  • Page 359 Set the username: (config network wifi client new_client)> ssid 0 encryption id_wpa2 username (config network wifi client new_client)> ii. Set the CA certificate by using the ca_cert paramater and pasting the certificte in PEM format: AnywhereUSB Plus User Guide...
  • Page 360 If the signal strength from the access point to which the client is currently connected is stronger than the value of bgscan_strength, it will use bgscan_long_ interval to determine how often to scan for available access points. AnywhereUSB Plus User Guide...
  • Page 361 Use the appropriate index number to delete the channel. For example, to delete the 2412 frequency: (config network wifi client new_client)> del 0 (config network wifi client new_client)> g. To add a frequency: i. Use the ?with an existing index number to determine the allowed values for frequencies: AnywhereUSB Plus User Guide...
  • Page 362 You can show summary status for all Wi-Fi access points, and detailed status and statistics for individual Wi-Fi access points.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click Status. 2. Under Connections, click Wi-Fi > Access Points.
  • Page 363 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 364 You can show summary status for all Wi-Fi clients, and detailed status and statistics for individual Wi-Fi clients.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click Status. 2. Under Connections, click Wi-Fi > Clients.
  • Page 365 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 366 Simple Network Management Protocol (SNMP) Location information System time synchronization Network Time Protocol Configure a multicast route Ethernet network bonding Enable service discovery (mDNS) Use the iPerf service Configure the ping responder service Configure AnywhereUSB services Load an SSL certificate AnywhereUSB Plus User Guide...
  • Page 367 To allow web administration or SSH for the External firewall zone: Add the External firewall zone to the web administration service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 368 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 369 Services Allow remote access for web administration and SSH  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 370 Internal firewall zone, which means that only devices connected to the AnywhereUSB Plus's LAN can access the WebUI. If this configuration is sufficient for your needs, no further configuration is required. See...
  • Page 371 The web administration service is enabled by default. To disable the service, or enable it if it has been disabled:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 372 Type quit to disconnect from the device. Configure the service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 373 If SSL certificate is blank, the device will use an automatically-generated, self- signed certificate. The SSL certificate and private key must be in PEM format. The private key can use one of the following algorithms: ECDSA ECDH Note Password-protected certificate keys are not supported. AnywhereUSB Plus User Guide...
  • Page 374 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 375 To limit access based on firewall zones: (config)> add service web_admin acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: AnywhereUSB Plus User Guide...
  • Page 376 # openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem b. Paste the contents of certificate.pem and key.pem into the service web_admin cert command. Enclose the contents of certificate.pem and key.pem in quotes. For example: AnywhereUSB Plus User Guide...
  • Page 377 MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALj/mrgaKDNTspv9 ThyZTBlRQ59wIzwRWRYRxUmkVcR8eBcjwdBTWjSBLnFlD2WFOEEEnVz2Dzcixmj4 /Fw7GQNcYIKj+aIGJzbcKgox10mZB3VKYRmPpnpzHCkvFi4o81+bC8HJQfK9U80e vDV0/vA5OB2j/DrjvlOrapCTkuyA0TVyGvgTASx2ATu9U45KZofm4odThQs/9FRQ +cwSTb5v47KYffeyY+g3dyJw1/KgMJGpBUYNJDIsFQC9RfzPjKE2kz41hx4VksT/ q81WGstDXH++QTu2sj7vWkFJH5xPFt80HjtWKKpIfeOIlBPGeRHvdH2PQibx0OOt Sa+P5O8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDgZ9fQF9NSzvaZ WLX0WatGxE8DcEgmBnhCDhie4B7f64oS1QSUtcKGL7tTqtaIWMSGsAWNYiDwQ9hr c8hCV8wWXUEYcIv3UckYuL6+xJIxg69FW/zVU9C+cFM3DHk/u9Q2LymJuhqXFsfi 6CqhU42zBQSM3uaWwX67vkonCHeo6AhyLmKvBIX5cerMurODA28k1ABDdmIbAWjp Y3o+uCzc3LB3iEmwFom11ozkrCvjdTIr0KubsCGMP9X7Jw/Cg0uN1oOe/n2q/X0N jCB7D56ABs/sOjyCiUefeMvzH6kH3wxTQodpSWOPRYTqhLQOQfU8l0SsKGt4/5SA v7eXKSAXAgMBAAECggEBAMDKdi7hSTyrclDsVeZH4044+WkK3fFNPaQCWESmZ+AY i9cCC513SlfeSiHnc8hP+wd70klVNNc2coheQH4+z6enFnXYu2cPbKVAkx9x4eeI Ktx72wurpnr2JYf1v3Vx+S9T9WvN52pGuBPJQla3YdWbSf18wr5iHm9NXIeMTsFc esdjEW07JRnxQEMZ1GPWT+YtH1+FzQ3+W9rFsFFzt0vcp5Lh1RGg0huzL2NQ5EcF 3brzIZjNAavMsdBFzdc2hcbYnbv7o1uGLujbtZ7WurNy7+Tc54gu2Ds25J0/0mgf OxmqFevIqVkqp2wOmeLtI4o77y6uCbhfA6I+GWTZEYECgYEA/uDzlbPMRcWuUig0 CymOKlhEpx9qxid2Ike0G57ykFaEsKxVMKHkv/yvAEHwazIEzlc2kcQrbLWnDQYx oKmXf87Y1T5AXs+ml1PlepXgveKpKrWwORsdDBd+OS34lyNJ0KCqqIzwAaf8lcSW tyShAZzvuH9GW9WlCc8g3ifp9WUCgYEA4WSSfqFkQLA09sI76VLvUqMbb31bNgOk ZuPg7uxuDk3yNY58LGQCoV8tUZuHtBJdrBDCtcJa5sasJZQrWUlZ8y/5zgCZmqQn MzTD062xaqTenL0jKgKQrWig4DpUUhfc4BFJmHyeitosDPG98oCxuh6HfuMOeM1v Xag6Z391VcsCgYBgBnpfFU1JoC+L7m+lIPPZykWbPT/qBeYBBki5+0lhzebR9Stn VicrmROjojQk/sRGxR7fDixaGZolUwcRg7N7SH/y3zA7SDp4WvhjFeKFR8b6O1d4 PFnWO2envUUiE/50ZoPFWsv1o8eK2XT67Qbn56t9NB5a7QPvzSSR7jG77QKBgD/w BrqTT9wl4DBrsxEiLK+1g0/iMKCm8dkaJbHBMgsuw1m7/K+fAzwBwtpWk21alGX+ Ly3eX2j9zNGwMYfXjgO1hViRxQEgNdqJyk9fA2gsMtYltTbymVYHyzMweMD88fRC Ey2FlHfxIfPeE7MaHNCeXnN5N56/MCtSUJcRihh3AoGAey0BGi4xLqSJESqZZ58p e71JHg4M46rLlrxi+4FXaop64LCxM8kPpROfasJJu5nlPpYHye959BBQnYcAheZZ AnywhereUSB Plus User Guide...
  • Page 378 To disable legacy port redirection: (config)> service web_admin legacy enable false (config)> 9. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 379 Services Configure the web administration service 10. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 380 The SSH service is enabled by default. To disable the service, or enable it if it has been disabled:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights.
  • Page 381 Type quit to disconnect from the device. Configure the service  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 382 Click Zones. By default, there are three firewall zones already configured: Internal, Edge, and IPsec. b. For Add Zone, click . c. For Zone, select the appropriate firewall zone from the dropdown. Firewall configuration for information about firewall zones. AnywhereUSB Plus User Guide...
  • Page 383 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 384 Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Type ... firewall zone ?at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be AnywhereUSB Plus User Guide...
  • Page 385 6. (Optional) Set the port number for this service. The default setting of 22 normally should not be changed. (config)> service ssh port 24 (config)> 7. To create custom SSH configuration settings: a. Enable custom configurations: (config)> service ssh custom enable true (config)> AnywhereUSB Plus User Guide...
  • Page 386 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 387 SSH service to allow SSH access for the External firewall zone.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 388 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 389 The device is configured by default with the hostname digi.device, which corresponds to the 192.168.210.1 IP address. To configure the DNS server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 390 5. (Optional) Cache negative responses is enabled by default. Disabling this option may improve performance on networks with transient DNS results, when one or more DNS servers may have positive results. To disable, click to toggle off Cache negative responses. AnywhereUSB Plus User Guide...
  • Page 391 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 392 Where value is a firewall zone defined on your device, or the any keyword. Display a list of available firewall zones: Type ... firewall zone ?at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be AnywhereUSB Plus User Guide...
  • Page 393 7. (Optional) Allow localhost rebinding By default, localhost rebinding is enabled by default if rebind protection is enabled. This is useful for Real-time Black List (RBL) servers. To disable: (config)> service dns rebind_localhost_ok false (config)> 8. (Optional) Fallback server AnywhereUSB Plus User Guide...
  • Page 394 11. Save the configuration and apply the change. (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 395 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 396 By default, the AnywhereUSB Plus device automatically blocks SNMP packets from being received over WAN and LAN interfaces. As a result, if you want a AnywhereUSB Plus device to receive SNMP packets, you must configure the SNMP access control list to allow the device to receive the packets.
  • Page 397 Services Simple Network Management Protocol (SNMP) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 398 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 399 (config)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ?to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- setupip Setup IP AnywhereUSB Plus User Guide...
  • Page 400 6. Set the password for the user that will be used to connect to the SNMP agent: (config)> service snmp password pwd (config)> 7. (Optional) Set the port number for the SNMP agent. The default is 161. AnywhereUSB Plus User Guide...
  • Page 401 The community name is set to public by default. You can change it if desired. (config)> service snmp community_name <name> (config)> Where name is the new community name. 14. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 402 Enable SNMP. To download a .zip archive of the SNMP MIBs supported by this device:  1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. Enable SNMP. Configure Simple Network Management Protocol (SNMP) for information about enabling and configuring SNMP support on the AnywhereUSB Plus device.
  • Page 403 You can also configure your AnywhereUSB Plus device to forward location messages, either from the AnywhereUSB Plus device or from external sources, to a remote host. Additionally, the device can be configured to use a geofence, to allow you to determine actions that will be taken based on the physical location of the device.
  • Page 404 You can configured your AnywhereUSB Plus device to use a user-defined static location.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 405 (config service location source 0 coordinates altitude alt (config service location source 0)> Where alt is an integer followed by m or km, for example, 100m or 1km. 9. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 406 Access control list configuration to provide access to the port through the firewall. To configure the device to accept location messages from external sources:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 407 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 408 No limit to IPv6 addresses that can access the location server UDP port. Repeat this step to list additional IP addresses or networks. To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device: AnywhereUSB Plus User Guide...
  • Page 409 (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback AnywhereUSB Plus User Guide...
  • Page 410 A vehicle ID that is used in the TAIP ID message and can also be prepended to the forwarded message. Configure the AnywhereUSB device to forward location information:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 411 Services Location information 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config.
  • Page 412 15. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 413 Use the ?to determine available talker IDs: (config service location forward 0)> talker_id ? Talker ID: Setting a talker ID will override the talker ID from all remote sources, and all forwarded sentences from remote sources will use the configured AnywhereUSB Plus User Guide...
  • Page 414 ID is configured, this setting defaults to 0000. (config service location forward 0)> vehicle-id 1234 (config service location forward 0)> 11. (Optional) Provide a description of the remote host: (config service location forward 0)> label "Remote host 1" (config service location forward 0)> AnywhereUSB Plus User Guide...
  • Page 415 (config service location forward 0 filter_nmea)> add gsa end (config service location forward 0 filter_nmea)> If the message protocol type is TAIP: Allowed values are: al: Reports altitude and vertical velocity. cp: Compact position: reports time, latitude, and longitude. id: Reports the vehicle ID. AnywhereUSB Plus User Guide...
  • Page 416 13. Save the configuration and apply the change. (config)> save Configuration saved. > 14. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 417 Geofencing is a mechanism to create a virtual perimeter that allows you configure your AnywhereUSB Plus device to perform actions when entering or exiting the perimeter. For example, you can configure a device to factory default if its location service indicates that it has been moved outside of the geofence.
  • Page 418 Services Location information 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 419 Click  again to add an additional point, and continue adding points to create the desired polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: This defines a square-shaped polygon equivalent to the following: 7.
  • Page 420 If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. To define actions that will be taken when the device exits the geofence, or is outside the geofence when it boots: AnywhereUSB Plus User Guide...
  • Page 421 Sandbox is enabled by default. This prevents the script from adversely affecting the system. If you disable Sandbox, the script may render the system unusable. vii. Repeat for any additional actions. 8. Click Apply to save the configuration and apply the change.  Command line AnywhereUSB Plus User Guide...
  • Page 422 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 423 Configure additional vortices: (config service location geofence test_geofence coordinates 0)> .. (config service location geofence test_geofence coordinates)> add end (config service location geofence test_geofence coordinates 1)> latitude int (config service location geofence test_geofence coordinates 1)> longitude int AnywhereUSB Plus User Guide...
  • Page 424 For longitude, any integer between -180 and 180, with up to six decimal places. Repeat for each vortex of the polygon. For example, to configure a square polygon around the Digi headquarters, configure a polygon with four points: (config service location geofence test_geofence)> add...
  • Page 425 Add the action: (config)> add service location geofence test_geofence on_ entry action end (config service location geofence test_geofence on_entry action 0)> d. Set the type of action: (config service location geofence test_geofence on_entry action 0)> type value AnywhereUSB Plus User Guide...
  • Page 426 For example. the allocate one megabyte of memory to the script and its spawned processes: (config service location geofence test_geofence on_entry action 0)> max_memory 1MB (config service location geofence test_geofence on_entry action 0)> AnywhereUSB Plus User Guide...
  • Page 427 (config)> add service location geofence test_geofence on_exit action end (config service location geofence test_geofence on_exit action 0)> d. Set the type of action: (config service location geofence test_geofence on_exit action 0)> type value (config service location geofence test_geofence on_exit action 0)> AnywhereUSB Plus User Guide...
  • Page 428 (config service location geofence test_geofence on_exit action 0)> max_memory 1MB (config service location geofence test_geofence on_exit action 0)> v. A sandbox is enabled by default to prevent the script from adversely affecting the system. To disable the sandbox: AnywhereUSB Plus User Guide...
  • Page 429 You can view status and statistics about location information from either the WebUI or the command line.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click Status. 2. Under Services, click Location.
  • Page 430 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 431 Configure the system time synchronization To configure or change the system time synchronization:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 432 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 433 NTP socket is in use, exiting. System time setting UI Configuration Timezone (Optional) Set the timezone for the location of your AnywhereUSB Plus device. The default is UTC. (config)> system time timezone value (config)> Where value is the timezone using the format specified with the following command: (config)>...
  • Page 434 (config system time source 1)> type modem (config time source 1) > modem modem To see the modem and its settings: (config system time source 1)> show enable true no label modem modem offset local type modem AnywhereUSB Plus User Guide...
  • Page 435 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 436 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 437 The time zone setting, if the default setting of UTC is not appropriate. To configure the AnywhereUSB Plus device's NTP service:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 438 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the AnywhereUSB Plus device can use the NTP service. 6. Enable Fall back to local clock to allow the device's local system clock to be used as backup time source.
  • Page 439 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 440 To limit access to hosts connected through a specified interface on the AnywhereUSB Plus device: (config)> add service ntp acl interface end value (config)> Where value is an interface defined on your device. Display a list of available interfaces: AnywhereUSB Plus User Guide...
  • Page 441 Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- dynamic_routes edge external internal ipsec loopback setup (config)> Repeat this step to include additional firewall zones. AnywhereUSB Plus User Guide...
  • Page 442 By default, the access control list for the NTP service is empty, which means that all downstream hosts connected to the AnywhereUSB Plus device can use the NTP service. 7. (Optional) Set the timezone for the location of your AnywhereUSB Plus device. The default is UTC.
  • Page 443 To configure a multicast route:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 444 6. Type the Source address for the route. This must be a multicast IP address between 224.0.0.1 and 239.255.255.255. 7. Select a Source interface where multicast packets will arrive. 8. To add one or more destination interface that the AnywhereUSB Plus device will send mutlicast packets to: a. Click to expand Destination interfaces.
  • Page 445 Set the interface. For example: (config service multicast test)> src_interface /network/interface/eth1 (config service multicast test)> 7. Set a destination interface that the AnywhereUSB Plus device will send mutlicast packets to: a. Use the ?to determine available interfaces: (config service multicast test)> src_interface ? Destination interface: Which interface to send the multicast packets.
  • Page 446 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 447 Create a new network interface for the bonded Ethernet devices, and disable the any interfaces associated with those Ethernet devices..  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 448 Repeat for each appropriate Ethernet device. 8. Create a new network interface that is linked to the Ethernet bond: a. Click Network > Interface. b. For Add Interface, type a name for the interface and click . AnywhereUSB Plus User Guide...
  • Page 449 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 450 Repeat to add additional device names to the list. 7. Create a new network interface that is linked to the Ethernet bond: a. Type ... to return to the root of the configuration: (config network bond eth_bond)> ... (config)> AnywhereUSB Plus User Guide...
  • Page 451 Enable service discovery (mDNS) Multicast DNS mDNS is a protocol that resolves host names in small networks that do not have a DNS server. You can enable the AnywhereUSB Plus device to use mDNS. Note This feature is enabled by default.
  • Page 452 Services Enable service discovery (mDNS) 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 453 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 454 Type ... firewall zone ?at the config prompt: (config)> ... firewall zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. Additional Configuration -------------------------------------------------------- ----------------------- AnywhereUSB Plus User Guide...
  • Page 455 Type quit to disconnect from the device. Use the iPerf service Your AnywhereUSB Plus device includes an iPerf3 server that you can use to test the performance of your network. iPerf3 is a command-line tool that measures the maximum network throughput an interface can handle.
  • Page 456 To enable the iPerf3 server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 457 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 458 Repeat this step to list additional interfaces. To limit access based on firewall zones: (config)> add service iperf acl zone end value (config)> Where value is a firewall zone defined on your device, or the any keyword. AnywhereUSB Plus User Guide...
  • Page 459 Example performance test using iPerf3 On a remote host with iPerf3 installed, enter the following command: $ iperf3 -c device_ip where device_ip is the IP address of the AnywhereUSB Plus device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201...
  • Page 460 IP address, interfaces, and/or zones. To enable the iPerf3 server:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 461 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 462 Display a list of available interfaces: Use ... network interface ?to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- setupip Setup IP setuplinklocalip Setup Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem AnywhereUSB Plus User Guide...
  • Page 463 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example performance test using iPerf3 On a remote host with Iperf3 installed, enter the following command: $ iperf3 -c device_ip AnywhereUSB Plus User Guide...
  • Page 464 Services Configure AnywhereUSB services where device_ip is the IP address of the AnywhereUSB Plus device. For example: $ iperf3 -c 192.168.2.1 Connecting to host 192.168.2.1, port 5201 4] local 192.168.3.100 port 54934 connected to 192.168.1.1 port 5201 [ ID] Interval Transfer...
  • Page 465 The default is TLS version 1.2. 9. In the Keep-alive interval field, enter how often the AnywhereUSB Manager sends a keepalive request to the Hubs connected to the network. This impacts network utilization because each AnywhereUSB Plus User Guide...
  • Page 466 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 467 Use ... network interface ?to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- setupip Setup IP setuplinklocalip Setup Link-local IP eth1 ETH1 eth2 ETH2 loopback Loopback modem Modem (config)> Repeat this step to list additional interfaces. AnywhereUSB Plus User Guide...
  • Page 468 Hubs connected to the network. This impacts network utilization because each AnywhereUSB Manager will send one packet at this interval to each Hub to which it is connected. Default is 3 seconds. The minimum value is 1 second. AnywhereUSB Plus User Guide...
  • Page 469 The entire certificate chain, not just the primary certification, must be saved to the AnywhereUSB Plus. The certificates must be in PEM format. The certificates must be stored in this order: AnywhereUSB Plus User Guide...
  • Page 470 Primary certificate Intermediate CA certificate Root CA certificate Private Key To load an AnywhereUSB Plus SSL certificate: 1. Paste the SSL certificate (and any others) and the Private Key into an app such as Notepad, for ease of retrieval. Note The order in which these are pasted is important: SSL certificate must be first, followed by the Private Key.
  • Page 471 Select File > Preferences. The Preferences dialog displays. d. Click Restore Default Settings. A dialog displays. e. Click OK to close the dialog. f. In the Preferences dialog, click Save to apply the new SSL certificate. AnywhereUSB Plus User Guide...
  • Page 472 In the address bar, where you enter a URL, hover over the padlock. The View Site Information link displays. Click the padlock. d. Click Connection is secure. e. Click Certificate is Valid to view the certificate. AnywhereUSB Plus User Guide...
  • Page 473 Applications The AnywhereUSB Plus provides you with the ability to run scripts on the device. You can also specify scripts to be run each time the device system restarts, at specific intervals, or at a specified time. Set up the AnywhereUSB Plus to automatically run your...
  • Page 474 Whether the script should run one time only. Task one: Upload the application  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 475 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 476 Applications Set up the AnywhereUSB Plus to automatically run your applications Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration. The Configuration window is displayed. 3. Click System > Scheduled tasks > Custom scripts. 4. For Add Script, click .
  • Page 477 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 478 Applications Set up the AnywhereUSB Plus to automatically run your applications Scheduled scripts are enabled by default. To disable: (config system schedule script 0)> enable false (config system schedule script 0)> 4. (Optional) Provide a label for the script. (config system schedule script 0)> label value (config system schedule script 0)>...
  • Page 479 Applications Set up the AnywhereUSB Plus to automatically run your applications set_time: Runs the script at a specified time of the day. If set_time is set, set the time that the script should run, using the format HH:MM: (config system schedule script 0)> run_time HH:MM (config system schedule script 0)>...
  • Page 480 You can view status and statistics about location information from either the WebUI or the command line.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. At the Status page, click Scripts. The Scripts page displays: ...
  • Page 481 Stop a script that is currently running You can stop a script that is currently running.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. At the Status page, click Scripts. The Scripts page displays: 2.
  • Page 482 Whether the script should run one time only. Task one: Upload the application  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 483 AnywhereUSB Plus device. local-path is the location on the AnywhereUSB Plus device where the copied file will be placed. To upload a script from a remote host with an IP address of 192.168.4.1 to the /etc/config/scripts directory on the AnywhereUSB Plus device, issue the following command: >...
  • Page 484 This feature does not provide syntax or error checking. Certain commands can render the device inoperable. Use with care.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 485 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 486 If once is enabled, rebooting the device will cause the script to run again. The only way to re- run the script is to: Remove the script from the device and add it again. Make a change to the script. Disable once. AnywhereUSB Plus User Guide...
  • Page 487 You can start a script that is enabled and configured to have a run mode of Manual.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. At the Status page, click Scripts. The Scripts page displays: 2.
  • Page 488 4. Save the configuration and apply the change. (config)> save Configuration saved. > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 489 User authentication methods Authentication groups Local users Terminal Access Controller Access-Control System Plus (TACACS+) Remote Authentication Dial-In User Service (RADIUS) LDAP Configure serial authentication Disable shell access Set the idle timeout for AnywhereUSB Plus users Example user configuration AnywhereUSB Plus User Guide...
  • Page 490 User authentication AnywhereUSB Plus user authentication AnywhereUSB Plus user authentication User authentication on the AnywhereUSB Plus has the following features and default configuration: Default Feature Description configuration Idle timeout 10 minutes Determines how long a user session can be idle before the system automatically disconnects.
  • Page 491 TACACS+: Users authenticated by using a remote TACACS+ server for authentication. Terminal Access Controller Access-Control System Plus (TACACS+) for information about configuring TACACS+ authentication. LDAP: Users authenticated by using a remote LDAP server for authentication. LDAP for information about configuring LDAP authentication. AnywhereUSB Plus User Guide...
  • Page 492 The types of authentication method to be used: To add an authentication method:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 493 Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 494 Type quit to disconnect from the device. Delete an authentication method  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 495 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 496 To reorder these so that RADIUS is first and Local users is second: 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 497 Admin access: Users with Admin access can be configured to have either: The ability to manage the AnywhereUSB Plus device by using the WebUI or the Admin CLI. Read-only access to the WebUI and Admin CLI.
  • Page 498 User authentication Authentication groups Serial access: Users with Serial access have the ability to log into the AnywhereUSB Plus device by using the serial console. Preconfigured authentication groups The AnywhereUSB Plus device has two preconfigured authentication groups: The admin group is configured by default to have full Admin access.
  • Page 499 By default, two authentication groups are predefined: admin and serial. To change the access rights of the predefined groups:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 500 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 501 Access rights to query the device for Nagios monitoring. To add an authentication group:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 502 Full access full: provides users of this group with the ability to manage the AnywhereUSB Plus device by using the WebUI or the Admin CLI. Read-only access read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 503 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 504 User authentication Authentication groups full: provides users of this group with the ability to manage the AnywhereUSB Plus device by using the WebUI or the Admin CLI. read-only: provides users of this group with read-only access to the WebUI and Admin CLI.
  • Page 505 These groups cannot be deleted. To delete an authentication group that you have created:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 506 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 507 TACACS+ or RADIUS. Local user authentication is enabled by default, with one preconfiged default user. Default user At manufacturing time, each AnywhereUSB Plus device comes with a default user configured as follows: Username: admin. Password: The default password is displayed on the label on the bottom of the device.
  • Page 508 To change a user's password:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 509 You can also change the password for the active user by clicking the user name in the menu bar: The active user must have full Admin access rights to be able to change the password. 6. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 510 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 511 One-time use eight-digit emergency scratch codes. To configure a local user:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 512 The minimum value is 1 second, and the maximum is 15 minutes. The default is 15 minutes. 8. Add groups for the user. Groups define user access rights. See Authentication groups for information about configuring groups. AnywhereUSB Plus User Guide...
  • Page 513 For time-based verification only, in Code refresh interval, type the amount of time that a code will remain valid. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Code refresh interval to ten minutes, enter 10m or 600s. AnywhereUSB Plus User Guide...
  • Page 514 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 515 Every user must be configured with at least one group. b. (Optional) Add additional groups by repeating the add group command: (config auth user new_user> add group end serial (config auth user new_user)> To remove a group from a user: AnywhereUSB Plus User Guide...
  • Page 516 HMAC-based One-Time Password (HOTP) uses a counter to validate a one- time password. The default value is totp. (config auth user new_user 2fa)> type totp (config auth user new_user 2fa)> AnywhereUSB Plus User Guide...
  • Page 517 (config auth user new_user 2fa)> login_limit_period value (config auth user new_user 2fa)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set login_limit_period to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 518 Delete a local user To delete a user from your AnywhereUSB Plus:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 519 The Configuration window is displayed. 3. Click Authentication > Users. 4. Click the menu icon (...) next to the name of the user to be deleted and select Delete. 5. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 520 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 521 To use TACACS+ authentication, you must set up a TACACS+ server that is accessible by the AnywhereUSB Plus device prior to configuration. The process of setting up a TACACS+ server varies by the server environment.
  • Page 522 The groupname attribute is optional. If used, the value must correspond to authentication groups configured on your AnywhereUSB Plus. Alternatively, if the user is also configured as a local user on the AnywhereUSB Plus device and the LDAP server authenticates the user but does not return any groups, the local configuration determines the list of groups.
  • Page 523 $ sudo /etc/init.d/tacacs_plus restart TACACS+ server failover and fallback to local authentication In addition to the primary TACACS+ server, you can also configure your AnywhereUSB Plus device to use backup TACACS+ servers. Backup TACACS+ servers are used for authentication requests when the primary TACACS+ server is unavailable.
  • Page 524 The TACACS+ server port. It is configured to 49 by default. Add additional TACACS+ servers in case the first TACACS+ server is unavailable.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 525 TACACS+ login fails. 6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's configuration to identify the AnywhereUSB Plus authentication group or groups that the user is a member of. For example, in...
  • Page 526 (config)> 4. (Optional) Configure the group_attribute. This is the name of the attribute used in the TACACS+ server's configuration to identify the AnywhereUSB Plus authentication group or groups that the user is a member of. For example, in TACACS+ user configuration, the group attribute in the sample tac_plus.conf file is groupname, which is also the default setting for...
  • Page 527 10. Save the configuration and apply the change. (config)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 528 With RADIUS support, the AnywhereUSB Plus device acts as a RADIUS client, which sends user credentials and connection parameters to a RADIUS server over UDP.
  • Page 529 $ sudo /etc/init.d/freeradius restart RADIUS server failover and fallback to local configuration In addition to the primary RADIUS server, you can also configure your AnywhereUSB Plus device to use backup RADIUS servers. Backup RADIUS servers are used for authentication requests when the primary RADIUS server is unavailable.
  • Page 530 60 seconds. Enable additional debug messages from the RADIUS client.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 531 If you are accessing the AnywhereUSB Plus device by using the WebUI, the default value is for NAS ID is httpd. If you are accessing the AnywhereUSB Plus device by using ssh, the default value is sshd. AnywhereUSB Plus User Guide...
  • Page 532 (NAS). You can use the fully-qualified domain name of the NAS or any arbitrary string. If not set, the default value is used: If you are accessing the AnywhereUSB Plus device by using the WebUI, the default value is for NAS ID is httpd.
  • Page 533 IP network. LDAP can be used with your AnywhereUSB Plus device for centralized authentication and authorization management for users who connect to the device. With LDAP support, the AnywhereUSB Plus device acts as an LDAP client, AnywhereUSB Plus User Guide...
  • Page 534 When you are using LDAP authentication, you can have both local users and LDAP users able to log in to the device. To use LDAP authentication, you must set up a LDAP server that is accessible by the AnywhereUSB Plus device prior to configuration. The process of setting up a LDAP server varies by the server environment.
  • Page 535 LDAP LDAP user configuration When configured to use LDAP support, the AnywhereUSB Plus device uses a remote LDAP server for user authentication (password verification) and authorization (assigning the access level of the user). Additional LDAP servers can be configured as backup servers for user authentication.
  • Page 536 LDAP server failover and fallback to local configuration In addition to the primary LDAP server, you can also configure your AnywhereUSB Plus device to use backup LDAP servers. Backup LDAP servers are used for authentication requests when the primary LDAP server is unavailable.
  • Page 537 User authentication LDAP  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 538 12. (Optional) For Group attribute, type the name of the user attribute that contains the list of AnywhereUSB Plus authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 539 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 540 . If this attribute is not set, the user will be denied access. 10. (Optional) Set the name of the user attribute that contains the list of AnywhereUSB Plus authentication groups that the authenticated user has access to. See LDAP user configuration for further information about the group attribute.
  • Page 541 Configure serial authentication This section describes how to configure authentication for serial access.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 542 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 543 If shell access is disabled, re-enabling it will erase the device's configuration and perform a factory reset.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 544 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 545 Idle timeout parameter. By default, the Idle timeout is set to 10 minutes.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 546 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 547 Goal: To create a user with administrator rights who is authenticated locally on the device.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 548 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 549 Goal: To create a user with administrator rights who is authenticated by using all three authentication methods. In this example, when the user attempts to log in to the AnywhereUSB Plus device, user authentication will occur in the following order:...
  • Page 550 2. The user is authenticated by the TACACS+ server. If both the RADIUS and TACACS+ servers are unavailable, 3. The user is authenticated by the AnywhereUSB Plus device using local authentication. This example uses a FreeRadius 3.0 server running on ubuntu, and a TACACS+ server running on ubuntu.
  • Page 551 The authentication group on the AnywhereUSB Plus device, admin, is identified in the groupname parameter. c. Save and close the tac_plus.conf file. 3. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 4. Access the device configuration:...
  • Page 552 User authentication Example user configuration a. Locate your device as described in Use Digi Remote Manager to view and manage your device. b. Click the Device ID. c. Click Settings. d. Click to expand Config. Local Web UI: a. On the menu, click System. Under Configuration, click Device Configuration.
  • Page 553 In this example: The user's username is admin1. The user's password is password1. The authentication group on the AnywhereUSB Plus device, admin, is identified in the Unix-FTP-Group-Names parameter. c. Save and close the users file. 2. Configure a user on the TACACS+ server: a.
  • Page 554 3. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 555 (config auth user adminuser)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 556 Firewall This chapter contains the following topics: Firewall configuration Port forwarding rules Packet filtering Configure custom firewall rules Configure captive portals Configure Quality of Service options Web filtering AnywhereUSB Plus User Guide...
  • Page 557 To create a zone:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 558 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 559 Delete a custom firewall zone You cannot delete preconfigured firewall zones. To delete a custom firewall zone:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 560 The Configuration window is displayed. 3. Click Firewall > Zones. 4. Click the menu icon (...) next to the appropriate custom firewall zone and select Delete. 5. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 561 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 562 A white list of devices, based on either IP address or firewall zone, that are authorized to leverage this forwarding rule. To configure a port forwarding rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 563 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 564 7. Set the type of internet protocol . (config firewall dnat 0)> protocol value (config firewall dnat 0)> Network connections will only be forwarded if they match the selected protocol. Allowed values are custom, tcp, tcpudp, or upd. The default is tcp. AnywhereUSB Plus User Guide...
  • Page 565 To view a list of available zones: (config firewall dnat 0 acl)> ..zone ? Zones: A list of groups of network interfaces that can be referred to by packet filtering rules and access control lists. AnywhereUSB Plus User Guide...
  • Page 566 Delete a port forwarding rule To delete a port forwarding rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 567 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 568 5. Save the configuration and apply the change. (config)> save Configuration saved. > 6. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 569 ICMP ICMP6 To configure a packet filtering rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 570 Firewall configuration for more information about firewall zones. 10. Click Apply to save the configuration and apply the change.  Command line AnywhereUSB Plus User Guide...
  • Page 571 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 572 The default is any. 8. Set the protocol. (config firewall filter 1)> protocol value (config firewall filter 1)> where value is one of: icmp icmpv6 The default is any. AnywhereUSB Plus User Guide...
  • Page 573 Enable or disable a packet filtering rule To enable or disable a packet filtering rule:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 574 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 575 Firewall Packet filtering  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 576 To configure custom firewall rules:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 577 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 578 6. Save the configuration and apply the change. (config)> save Configuration saved. > 7. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 579 Captive portals are available on the AnywhereUSB PlusW Wi-Fi enabled model only. To configure captive portals:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 580 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 581 For example, to set Session timeout to ten minutes, enter either 10m or 600s: (config firewall portal portal1)> timeout 600s (config firewall portal portal1)> AnywhereUSB Plus User Guide...
  • Page 582 11. (Optional) Set the URL to which the user will be directed when granted access to the portal. If left blank, the user will be directed to the domain of the URL in the original access request. (config firewall portal portal1)> url https://myportal.com (config firewall portal portal1)> AnywhereUSB Plus User Guide...
  • Page 583 Type quit to disconnect from the device. Delete captive portals To delete captive portals:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 584 These example bindings are disabled by default. Enable the preconfigured bindings  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 585 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 586 Type quit to disconnect from the device. Create a new binding  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 587 For Add Policy, click . The QoS binding policy configuration window is displayed. New QoS binding policies are enabled by default. To disable, toggle off Enable. c. (Optional) Type a Label for the binding policy. AnywhereUSB Plus User Guide...
  • Page 588 Interface: Only traffic from the selected Interface will be matched. IPv4 address: Only traffic from the IP address typed in IPv4 address will be matched. Use the format IPv4_address[/netmask], or use any to match any IPv4 address. AnywhereUSB Plus User Guide...
  • Page 589 Use the format IPv6_address[/prefix_length], or use any to match any IPv6 address. Repeat to add a new rule. Up to 30 rules can be configured. 10. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 590 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 591 (config firewall qos 2 policy 0)> where int is any integer, 1 or greater. The default is 100. f. To identify this policy as a fall-back policy: (config firewall qos 2 policy 0)> default true (config firewall qos 2 policy 0)> AnywhereUSB Plus User Guide...
  • Page 592 IP port number, a range of port numbers using the format IP_port- IP_port, or any. vii. Set the destination port to define a destination matching criteria: (config firewall qos 2 policy 0 rule 0)> dstport value (config firewall qos 2 policy 0 rule 0)> AnywhereUSB Plus User Guide...
  • Page 593 Set the address that will be matched: (config network qos 2 policy 0 rule 0)> src address6 value (config network qos 2 policy 0 rule 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. AnywhereUSB Plus User Guide...
  • Page 594 (config network qos 2 policy 0 rule 0)> where value uses the format IPv4_address[/netmask], or any to match any IPv4 address. address6: Only traffic destined for the IP address typed in IPv6 address will be matched. Set the address that will be matched: AnywhereUSB Plus User Guide...
  • Page 595 Web filtering allows you to control access to services that can be accessed through the AnywhereUSB Plus device by forwarding all Domain Name System (DNS) traffic to a web filtering service. This allows the network security administrator to configure a set of policies with the web filtering service that are applied to all routing devices with web filtering enabled.
  • Page 596 5. Click Create. 6. Copy the token. Task two: Configure web filtering  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 597 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Clear the Cisco Umbrella device ID If the Cisco Umbrella device ID being used by your AnywhereUSB Plus is invalid, you can clear the device ID. ...
  • Page 598 To configure web filtering with manual DNS servers:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 599 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 600 Add the second DNS server: i. Move back one node in the configuration tree: (config firewall web-filter server 0)> .. (config firewall web-filter server)> ii. Add the server: (config firewall web-filter server)> add end (config firewall web-filter server 1)> AnywhereUSB Plus User Guide...
  • Page 601 Configure web filtering with manual DNS servers for information about configuring web filtering to use Cisco open DNS servers. 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 602 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 603 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 604 Containers The AnywhereUSB Plus device includes support for LXC Linux containers. LXC containers are a lightweight, operating system level method of virtualization that allows you to run one or more isolated Linux instances on a the same host using the host's Linux kernal.
  • Page 605 Use Digi Remote Manager to deploy and run containers Use Digi Remote Manager to deploy and run containers Note Container support must be enabled in Digi Remote Manager. Contact your Digi sales representative for information. 1. In Remote Manager, create a Configuration template. See the Remote Manager User Guide instructions.
  • Page 606 Containers Use Digi Remote Manager to deploy and run containers i. Click Browse and select the container file. ii. Type the Name of the container. The Name entered here must be the same name as the container .tgz file. This is absolutely necessary, otherwise the container file will not be properly configured on the local devices.
  • Page 607 Containers Use Digi Remote Manager to deploy and run containers c. For the Automation step: i. Click to toggle on Enable Scanning. ii. Click to toggle on Remediate. Run a manual configuration scan to apply the container and configuration settings to all applicable devices.
  • Page 608 Containers Use Digi Remote Manager to deploy and run containers vi. Click the Stream ID to view container status. To verify by using the show containers command on the local device: a. From the Remote Manager main menu, click  Management >  Devices.
  • Page 609 Is one of the devices included on the Target page. Upload a new LXC container  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. From the main menu, click Status. Under Services, click Containers. 2. Click Upload New Container.
  • Page 610 The network gateway. Serial ports on the device that the container will have access to.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 611 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Restart timeout to ten minutes, enter 10m or 600s. 8. (Optional) Type any Optional parameters for the container. Parameters are in the format accepted by the lxc utility. AnywhereUSB Plus User Guide...
  • Page 612 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 613 For example, to set restart_timeout to ten minutes, enter either 10m or 600s: (config system container name)> restart_timeout 600s (config system container name)> The default timeout of 0s means that if the container stops, it will not be restarted. AnywhereUSB Plus User Guide...
  • Page 614 Serial Additional Configuration --------------------------------------------------------------------- ---------- port1 Port 1 (config system container name)> b. Add the port: (config system container name)> add ports end port1 (config system container name)> 13. Save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 615 To start the container in non-persistent mode: 1. Select a device in Remote Manager that is configured to allow shell access to the admin user, and click Actions > Open Console. Alternatively, log into the AnywhereUSB Plus local command line as a user with shell access.
  • Page 616 # exit View the status of containers  1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. From the main menu, click Status. Under Services, click Containers. The Containers status page displays.
  • Page 617 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 618 1. Start the container in non-persistent mode. 2. Execute a ping command every ten seconds from inside the container.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 619 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 620 Create the custom container file 1. At the command line of a Linux host, unpack the test_lxc.tgz file: $ tar -xfv test_lxc.tgz rootfs/ rootfs/usr/ rootfs/etc/ rootfs/etc/group rootfs/etc/profile rootfs/etc/passwd AnywhereUSB Plus User Guide...
  • Page 621 Test the custom container file 1. Add the new container to your AnywhereUSB Plus device: Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. a. From the main menu, click Status. Under Services, click Containers.
  • Page 622 Containers Create a custom container 3. At the shell prompt, type: # lxc python_lxc lxc # 4. Execute the python command: lxc # python /etc/test.py Hello world. lxc # AnywhereUSB Plus User Guide...
  • Page 623 Review device status Configure system information Update system firmware Upgrade cellular modem firmware Reboot your AnywhereUSB Plus device Erase device configuration and reset to factory defaults Locate the device by using the Find Me feature Enable FIPS mode Configuration files...
  • Page 624  To display system information: Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click Status. A secondary menu appears, along with a status panel. 2. On the secondary menu, click to display the details panel for the status you want to view.
  • Page 625 : 215.739MB/458.328MB(50%) Disk /tmp Usage : 0.003MB/120.0MB(0%) Disk /var Usage : 0.816MB/32.0MB(3%) > Configure system information You can configure information related to your AnywhereUSB Plus device, such as providing a name and location for the device. AnywhereUSB Plus User Guide...
  • Page 626 A banner that will be displayed when users access terminal services on the device. To enter system information:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 627 For example, AnywhereUSB Plus-24.12.bin. Manage firmware updates using Digi Remote Manager If you have a network of many devices, you can use Digi Remote Manager Profiles to manage firmware updates. Profiles ensure all your devices are running the correct firmware version and that...
  • Page 628 The system firmware files are signed to ensure that only Digi-approved firmware load onto the device. The AnywhereUSB Plus device validates the system firmware image as part of the update process and only successfully updates if the system firmware image can be authenticated.
  • Page 629 Newest firmware version available to download is '24.12' Device firmware update from '23.9.74.0' to '24.12' is needed > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > system firmware ota list 23.9.74.0...
  • Page 630 > reboot > To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined by using system firmware ota list command. For example: a.
  • Page 631  Command line 1. Download the AnywhereUSB Plus operating system firmware from the Digi Support FTP site to your local machine. 2. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights.
  • Page 632 > reboot Rebooting system > 7. Once the device has rebooted, log into the AnywhereUSB Plus's command line as a user with Admin access and verify the running firmware version by entering the show system command. > show system...
  • Page 633 1. (Optional) Download the appropriate modem firmware from the Digi repository to your local machine. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. From the main menu, click Status > Modems. 3. Click the modem firmware version.
  • Page 634 Newest firmware version available to download is '24.01.5x4_ATT' Modem firmware update from '24.01.544_ATT' to '24.01.5x4_ATT' is needed 24.01.5x4_ATT 24.01.544_ATT > 3. Use the modem firmware ota list command to list available firmware on the Digi firmware repository. > modem firmware ota list Retrieving modem firmware list ...
  • Page 635 System administration Upgrade cellular modem firmware To perform an OTA firmware update by using a specific version from the Digi firmware repository, use the version parameter to identify the appropriate firmware version as determined by using modem firmware ota list command. For example:: >...
  • Page 636 Upgrade cellular modem firmware 000' Modem firmware up to date 05.05.58.00_ATT_005.026_000 > modem firmware check 3. Use the modem firmware list command to list available firmware on the AnywhereUSB Plus device. > modem firmware list ATT, 24.01.544_ATT, current Generic, 24.01.514_Generic, image Verizon, 24.01.524_Verizon, image...
  • Page 637 Type admin to access the Admin CLI. 2. At the prompt, type: > reboot Schedule reboots of your device  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 638 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 639 With firmware release 22.2.9.x and newer, erases the client-side certificate used for communication with Digi Remote Manager. If you are using Digi Remote Manager with firmware release 22.2.9.x and newer, by default the device uses a client-side certificate for communication with Remote Manager. If the...
  • Page 640 Add a Hub certificate.  1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 2. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. AnywhereUSB Plus User Guide...
  • Page 641 3. In the Erase configuration section, click ERASE. 4. Click CONFIRM. 5. After resetting the device: a. Connect to the AnywhereUSB Plus using an Ethernet cable to connect the AnywhereUSB Plus ETH2 port to your PC. b. Log into the AnywhereUSB Plus: User name: Use the default user name: admin.
  • Page 642 Type quit to disconnect from the device. Custom factory default settings You can configure your AnywhereUSB Plus device to use a custom factory default configuration file. This way, when you erase the device's configuration, the device will reset to your custom configuration rather than to the original factory defaults.
  • Page 643 4. After the configuration backup file has been downloaded, rename the file to: custom-default-config.bin 5. Upload the file to the device: a. From the main menu, select System > Filesystem. b. Under Default device configuration, click . c. Select the file from your local file system. AnywhereUSB Plus User Guide...
  • Page 644 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 645 To use this feature:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click Find Me. A notification message appears, noting that the LED is flashing on the device. Click the x in the message to close it.
  • Page 646 When the FIPS setting is changed, the device will reboot automatically. Disabling FIPS after it has been enabled will cause the current configuration to be erased.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 647 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 648 You must explicitly save configuration changes, which also applies the changes. If you do not save configuration changes, the system discards the changes.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 649 Type quit to disconnect from the device. Save configuration to a file You can save your AnywhereUSB Plus device's configuration to a file and use this file to restore the configuration, either to the same device or to similar devices.
  • Page 650 > scp host 192.168.4.1 user admin remote /home/admin/bin/ local /etc/config/backup-archive-0040FF800120-19.05.17-19.01.17.bin to remote Restore the device configuration You can restore a configuration file to your AnywhereUSB Plus device by using a backup from the device, or a backup from a similar device. ...
  • Page 651 System administration Configuration files Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click System. Under Configuration, click Configuration Maintenance. The Configuration Maintenance windows is displayed. 2. In the Configuration Restore section: a.
  • Page 652 System administration Configuration files local-path is the location on the AnywhereUSB Plus device where the copied file will be placed. > scp host 192.168.4.1 user admin remote /home/admin/bin/backup-archive- 0040FF800120-24.12-19.23.42.bin local /opt to local 3. Enter the following: > system restore filepath [passphrase passphrase]...
  • Page 653 The frequency (daily, weekly, or monthly) that checks for firmware updates will run.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 654 For Frequency, select whether the maintenance window will be started every day, or once per week. 7. If Central Management is disabled, click Device firmware update to instruct the system to look for any updated device firmware during the maintenance window. If updated firmware is AnywhereUSB Plus User Guide...
  • Page 655 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 656 If the duration length is set to 24 hours, the start time is effectively obsolete and the maintenance tasks will be scheduled to run at any time. Setting the duration length to 24 hours can potentially overstress the device and should be used with caution. AnywhereUSB Plus User Guide...
  • Page 657 6. (Optional) Configure automated checking for device and modem firmware updates: a. Device firmware update check is enabled by default. This enables to automated checking for device firmware updates. To disable: (config)> system schedule maintenance firmware_update_check device false (config)> AnywhereUSB Plus User Guide...
  • Page 658 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 659 Disable device encryption Disable device encryption You can disable the cryptography on your AnywhereUSB Plus device. This can be used to ship unused devices from overseas without needing export licenses from the country from which the device is being shipped.
  • Page 660 Click the Internet Protocol Version 4 (TCP/IPv4) parameter. c. Click Properties. The Internet Protocol Version 4 (TCP/IPv4) Properties dialog appears. d. Configure with the following details: IP address for PC: 192.168.210.2 Subnet: 255.255.255.0 Gateway: 192.168.210.1 AnywhereUSB Plus User Guide...
  • Page 661 Configure the speed of your Ethernet ports 2. Connect the PC's Ethernet port to the ETH1 Ethernet port on your AnywhereUSB Plus device. 3. Open a telnet session and connect to the AnywhereUSB Plus device at the IP address of 192.168.210.1.
  • Page 662 System administration Configure the speed of your Ethernet ports 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 663 Configure the Watchdog service To configure the Watchdog service on your AnywhereUSB Plus:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 664 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 665 The minimum value is 60 percent, the maximum is 100 percent. The default is 95 percent. d. To log memory usage with every watchdog memory usage test, enable log_memory: (config)> system watchdog tests memory log_memory true (config)> AnywhereUSB Plus User Guide...
  • Page 666 To view metrics for the Watchdog service and the tests performed:  In the local Web UI of your AnywhereUSB Plus: 1. Log in to the local Web UI of your device as a user with full Admin access rights.
  • Page 667 To view the results of the Watchdog tests: 1. Access the Command Line Interface for your AnywhereUSB, from either the local web UI as an administrator with full access rights or from Digi Remote Manager. 2. At the prompt, type show watchdog All tests that were performed, as well as their status are listed.
  • Page 668 System administration View Watchdog metrics AnywhereUSB Plus User Guide...
  • Page 669 Monitoring This chapter contains the following topics: intelliFlow Configure NetFlow Probe AnywhereUSB Plus User Guide...
  • Page 670 Digi intelliFlow is a reporting and graphical presentation tool for visualizing your network’s data usage and network traffic information. intelliFlow can be enabled on Digi Remote Manager to provide a full analysis of all Digi devices on your network. Contact your Digi sales representative for information about enabling intelliFlow on Remote Manager.
  • Page 671 The firewall zone for internal clients being monitored by intelliFlow. To enable intelliFlow:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 672 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 673 For example, to define a service type called " MyService" using ports 9000 and 9001:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 674 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 675 Digi.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 676 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 677 7. Set the port number: (config monitoring intelliflow groups 2)> domain devicecloud.com (config monitoring intelliflow groups 2)> 8. Set the service type: (config monitoring intelliflow groups 2)> group Digi (config monitoring intelliflow groups 2)> 9. Save the configuration and apply the change. (config)> save Configuration saved.
  • Page 678 This procedure is only available from the WebUI. To display display average CPU and RAM usage:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 679 Top data usage by service To generate a top data usage chart:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 680 4. Change the type of chart that is used to display the data: a. Click the menu icon (). b. Select the type of chart. 5. Change the number of top users displayed. You can display the top five, top ten, or top twenty data users. AnywhereUSB Plus User Guide...
  • Page 681 Use intelliFlow to display data usage by host over time To generate a chart displaying a host's data usage over time:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. If you have not already done so, enable intelliFlow. See Enable intelliFlow.
  • Page 682 To save the chart to your local filesystem, select Export to PNG. c. To print the chart, select Print chart. Configure NetFlow Probe NetFlow probe is used to probe network traffic on the AnywhereUSB Plus device and export statistics to NetFlow collectors. Required configuration items Enable NetFlow.
  • Page 683 Monitoring Configure NetFlow Probe  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 684 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 685 9. Add collectors: a. Add a collector: (config)> add monitoring netflow collector end (config monitoring netflow collector 0)> b. Set the IP address of the collector: (config monitoring netflow collector 0)> address ip_address (config monitoring netflow collector 0)> AnywhereUSB Plus User Guide...
  • Page 686 (config monitoring netflow collector 0)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 687 Log in to Digi Remote Manager Use Digi Remote Manager to view and manage your device Add a device to Remote Manager Configure multiple AnywhereUSB Plus devices by using Digi Remote Manager configurations View Digi Remote Manager connection status Learn more...
  • Page 688 Prior to release 22.2.9.x, the default URL was my.devicecloud.com. If your Digi device is configured to use a non-default URL to connect to Remote Manager, updating the firmware will not change your configuration. However, if you erase the device's configuration, the Remote Manager URL will change to the default of edp12.devicecloud.com.
  • Page 689 HTTP proxy server support. To configure your device's Digi Remote Manager support:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 690 8. (Optional) For Speedtest server, type the name or IP address of the server to use to test the speed of the device's internet connection(s). 9. (Optional) For Retry interval, type the amount of time that the AnywhereUSB Plus device should wait before reattempting to connect to remote cloud services after being disconnected.
  • Page 691 12. (Optional) For Allowed keep-alive misses, type the number of allowed keep-alive misses. The default is 3. 13. Enable watchdog is used to monitor the connection to Digi Remote Manager. If the connection is down, you can configure the device to restart the connection, or to reboot. The watchdog is enabled by default.
  • Page 692 Firmware prior to version 22.2.9.x, the default is the Digi Remote Manager server, https://remotemanager.digi.com. 5. (Optional) Set the amount of time that the AnywhereUSB Plus device should wait before reattempting to connect to the remote cloud services after being disconnected. The minimum value is ten seconds.
  • Page 693 (config)> cloud drm keep_alive 600s (config)> 7. (Optional) Set the amount of time that the AnywhereUSB Plus device should wait between sending keep-alive messages to the Digi Remote Manager when using a cellular interface. Allowed values are from 30 seconds to two hours. The default is 290 seconds.
  • Page 694 If set to false, no login prompt will be presented and the user will be logged in as admin. The default is false. 14. (Optional) Configure the AnywhereUSB Plus device to communicate with remote cloud services by using SMS: a. Enable SMS messaging: (config)>...
  • Page 695 To disable the collection of device health data or enable it if it has been disabled, or to change the health sample interval:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 696 3. Click Monitoring > Device Health. 4. (Optional) Click to expand Data point tuning. Data point tuning options allow to you configure what data are uploaded to the Digi Remote Manager. All options are enabled by default. 5. Only report changed values to Digi Remote Manager is enabled by default.
  • Page 697 1, 5, 15, 30, or 60, and represents the number of minutes between uploads of health sample data. 5. By default, the device will only report health metrics values to Digi Remote Manager that have changed health metrics were last uploaded. This is useful to reduce the bandwidth used to report health metrics.
  • Page 698 To change how often the event logs are uploaded to Digi Remote Manager:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 699 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 700 The device is capable of connecting through an HTTP proxy, such as Squid, but it is up to the network administrator to decide which HTTP proxy type to use. To enable a proxy server and enter the server and port in Digi Remote Manager, see step 17 in Configure your device for Digi Remote Manager support.
  • Page 701 If you opened a new browser tab/window to log in, you will see the default fleet Dashboard page. If you cannot remember your password, go to remotemanager.digi.com, type your username and then click Forgot username?. You will be asked to provide your email address associated with your user account.
  • Page 702 Use Digi Remote Manager to view and manage your device To view and manage your device: 1. If you have not already done so, connect to your Digi Remote Manager account. 2. From the menu, click Devices to display a list of your devices.
  • Page 703 4. For Digi Remote Manager Username, type your Remote Manager username. 5. For Digi Remote Manager Password, type your Remote Manager password. 6. For Digi Remote Manager Group (optional), type the group to which the device will be added, if needed.
  • Page 704 The device is added to Remote Manager.  Command line 1. Log into the AnywhereUSB Plus local command line as a user with full Admin access rights. 2. Register a device. (register) [group STRING] password STRING username STRING where: group: group to add device in Digi Remote Manager.
  • Page 705 You can also include site-specific settings with a profile to override settings on a device-by-device basis. View Digi Remote Manager connection status To view the current Digi Remote Manager connection status from the local device:  AnywhereUSB Plus User Guide...
  • Page 706 Central management View Digi Remote Manager connection status 1. Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. The dashboard includes a Digi Remote Manager status pane:  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights.
  • Page 707 Central management Learn more Learn more To learn more about Digi Remote Manager features and functions, see the Digi Remote Manager User Guide. AnywhereUSB Plus User Guide...
  • Page 708 Configure an email notification for a system event Configure an SNMP trap for a system event Analyze network traffic Use the ping command to troubleshoot network connections Use the traceroute command to diagnose IP routing problems AnywhereUSB Plus User Guide...
  • Page 709 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 710 Diagnostics Generate a support report Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click System. Under Administration, click Support Report. 2. Click  to generate and download the support report.
  • Page 711 A breakdown of memory utilization at the time when the support report was generated config_dump- The device's current settings, scrubbed of passwords public and preshared keys conntrack_-L A list of all currently tracked connections through the system AnywhereUSB Plus User Guide...
  • Page 712 AT commands netstat_-i Interface statistics for transmitted/ received packets netstat_-na List of both listening and non-listening network sockets on the device ps_l A snapshot of the current processes running at the time of generating the report AnywhereUSB Plus User Guide...
  • Page 713 Rollover syslog information /var/run This directory can be disregarded for most troubleshooting/ diagnostic purposes. Directory Filename Notes /var/run all files Runtime settings for the device -- referenced in the syslog data gathered in /tmp (see above) AnywhereUSB Plus User Guide...
  • Page 714 View System Logs  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click System > Logs. The system log displays: 2. Limit the display in the system log by using the Find search tool.
  • Page 715 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 716 View Event Logs  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the main menu, click System > Logs. 2. Click  System Logs to collapse the system logs viewer, or scroll down to Events.
  • Page 717 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 718 Diagnostics View system and event logs 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 719 Configure syslog servers You can configure remote syslog servers for storing event and system logs.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 720 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 721 30 minutes. All event categories are enabled. To change or disable the heartbeat interval, or to disable event categories, and to perform other log configuration:  AnywhereUSB Plus User Guide...
  • Page 722 Diagnostics Configure options for the event and system logs 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 723 Default is 8. Minimum is 1; maximum is 20. 8. Enable Preserve system logs to save the current session's system log after a reboot. By default, the AnywhereUSB Plus device erases system logs each time the device is powered off or rebooted.
  • Page 724 To disable the heartbeat interval, set the value to 0s 4. Enable preserve system logs functionality to save the current session's system log after a reboot. By default, the AnywhereUSB Plus device erases system logs each time the device is powered off or rebooted.
  • Page 725 -------------- info true Enable informational events status true Enable status events status_interval Status interval (config)> system log event dhcpserver ii. To disable informational messages for the DHCP server: (config)> system log event dhcpserver info false (config)> AnywhereUSB Plus User Guide...
  • Page 726 Configure an email notification for a system event You can configure the AnywhereUSB Plus to send an email notification of a system event. Step 1: Configure the SMTP server that is used to send email notifications when a system log event occurs by enabling the Email notifications system log feature.
  • Page 727 Configure options for the event and system logs. Configure an SNMP trap for a system event You can configure an SNMP trap destination for a AnywhereUSB Plus to save system event information. Step 1: Configure an SNMP trap by enabling the SNMP traps system log feature.
  • Page 728 Analyze network traffic Analyze network traffic The AnywhereUSB Plus device includes a network analyzer tool that captures data traffic on any interface and decodes the captured data traffic for diagnostics. You can capture data traffic on multiple interfaces at the same time and define capture filters to reduce the captured data. You can capture up to 10 MB of data traffic in two 5 MB files per interface.
  • Page 729 The frequency with which captured events will be saved. To configure a packet capture configuration:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 730 Click Ignore this IP address or network if the filter should ignore packets from this IP address/network. By default, is option is disabled, which means that the filter will capture packets from this IP address/network. vi. Click  to add additional IP address/network filters. AnywhereUSB Plus User Guide...
  • Page 731 Click Ignore this VLAN if the filter should ignore packets that use this port. By default, is option is disabled, which means that the filter will capture packets that use this port. v. Click  to add additional VLAN filters. AnywhereUSB Plus User Guide...
  • Page 732 Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. For example, to set Save interval to ten minutes, enter 10m or 600s. 9. Click Apply to save the configuration and apply the change.  Command line AnywhereUSB Plus User Guide...
  • Page 733 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 734 Format: icmp icmpv6 igmp ospf other vrrp Current value: (config network analyzer name filter protocol 0)> iii. Set the protocol: (config network analyzer name filter protocol 0)> protocol value (config network analyzer name filter protocol 0)> AnywhereUSB Plus User Guide...
  • Page 735 By default, is option is set to false, which means that the filter will capture packets from this port. v. Repeat these steps to add additional port filters. d. To create a filter that either captures or ignores packets from one or more specified MAC addresses: AnywhereUSB Plus User Guide...
  • Page 736 (config network analyzer name filter vlan 0)> where value is number o the VLAN. iii. (Optional) Set the filter should ignore packets from this VLAN: (config network analyzer name filter vlan 0)> ignore true (config network analyzer name filter vlan 0)> AnywhereUSB Plus User Guide...
  • Page 737 (config network analyzer name)> maintenance_time: The script will run during the system maintenance time window. c. Set the amount of time that the scheduled analyzer session will run: (config network analyzer name)> duration value (config network analyzer name)> AnywhereUSB Plus User Guide...
  • Page 738 Capture traffic to and from IP host 192.168.1.1: ip host 192.168.1.1 Capture traffic from IP host 192.168.1.1: ip src host 192.168.1.1 Capture traffic to IP host 192.168.1.1: ip dst host 192.168.1.1 Capture traffic for a particular IP protocol: ip proto protocol AnywhereUSB Plus User Guide...
  • Page 739 Save captured data traffic to a file. Clear captured data. Required configuration items A configured packet capture. See Configure packet capture for the network analyzer packet capture configuration information. To start packet capture from the command line:  Command line AnywhereUSB Plus User Guide...
  • Page 740 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 741 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 742  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 743 WebUI or from the command line by using the (secure copy file) command.  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 744 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 745 Analyze network traffic > anaylzer clear name ? name: Name of the capture filter to use. Format: test_capture capture_ping > anaylzer clear name Note You can remove data traffic saved to a file using the command. AnywhereUSB Plus User Guide...
  • Page 746 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 747 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 748 File system This chapter contains the following topics: The AnywhereUSB Plus local file system Display directory contents Create a directory Display file contents Copy a file or directory Move or rename a file or directory Delete a file or directory...
  • Page 749 The AnywhereUSB Plus local file system The AnywhereUSB Plus local file system The AnywhereUSB Plus local file system has approximately 150 MB of space available for storing files, such as alternative configuration files and firmware versions, and release files, such as cellular module images.
  • Page 750 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 751 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 752 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 753 To delete a file or directory by using the WebUI or the Admin CLI:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click File System.
  • Page 754 Upload and download files by using the WebUI Upload files Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click System. Under Administration, click File System. The File System page appears.
  • Page 755 Upload and download files by using the Secure Copy command Copy a file from a remote host to the A nywhereUSBPlusdevice To copy a file from a remote host to the AnywhereUSB Plus device, use the command as follows: > scp host hostname-or-ip user username remote remote-path local local-path to...
  • Page 756 AnywhereUSB Plus device. To copy a support report from the AnywhereUSB Plus device to a remote host at the IP address of 192.168.4.1: 1.
  • Page 757 This example downloads a file named test.py from the AnywhereUSB device at the IP address of 192.168.2.1 with a username of ahmed to the local directory on the remote host: $ sftp ahmed@192.168.2.1 Password: Connected to 192.168.2.1 sftp> get test.py Fetching test.py to test.py test.py 100% 0.3KB/s 00:00 sftp> exit AnywhereUSB Plus User Guide...
  • Page 758 Routing This chapter contains the following topics: IP routing Show the routing table Dynamic DNS Virtual Router Redundancy Protocol (VRRP) AnywhereUSB Plus User Guide...
  • Page 759 IP routing IP routing The AnywhereUSB Plus device uses IP routes to decide where to send a packet it receives for a remote network. The process for deciding on a route to send the packet is as follows: 1. The device examines the destination IP address in the IP packet, and looks through the IP routing table to find a match for it.
  • Page 760 The Maximum Transmission Units (MTU) of network packets using this route. To configure a static route:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 761 255.255.255.0, type 192.168.47.0/24. The any keyword can also be used to route packets to any destination with this static route. 7. For Interface, select the interface on the AnywhereUSB Plus device that will be used with this static route. 8. (Optional) For Gateway, type the IPv4 address of the gateway used to reach the destination.
  • Page 762 The any keyword can also be used to route packets to any destination with this static route. 6. Set the interface on the AnywhereUSB Plus device that will be used with this static route: a. Use the ?to determine available interfaces: (config network route static 0)>...
  • Page 763 Type quit to disconnect from the device. Delete a static route  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 764 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 765 However, you can use policy-based routing to forward the packet based on other criteria, such as the source of the packet. For example, you can configure the AnywhereUSB Plus device so that high-priority traffic is routed through the cellular connection, while all other traffic is routed through an Ethernet (WAN) connection.
  • Page 766 Routing IP routing  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 767 13. Click Apply to save the configuration and apply the change.  Command line 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. AnywhereUSB Plus User Guide...
  • Page 768 (config network route policy 0)> label "New route policy" (config network route policy 0)> 5. Set the interface on the AnywhereUSB Plus device that will be used with this route policy: a. Use the ?to determine available interfaces: (config network route policy 0)> interface ? Interface: The network interface used to reach the destination.
  • Page 769 The ICMP protocol is matched. Identify the ICMP type: (config network route policy 0)> icmp_type value (config network route policy 0)> where value is the ICMP type and optional code, or set to any to match for any ICMP type. AnywhereUSB Plus User Guide...
  • Page 770 Set the interface: a. Use the ?to determine available interfaces: (config network route policy 0)> src interface ? Interface: The network interface. Format: /network/interface/setupip /network/interface/setuplinklocalip /network/interface/eth1 /network/interface/eth2 /network/interface/loopback Current value: (config network route policy 0)> src interface AnywhereUSB Plus User Guide...
  • Page 771 Use the ?to determine available zones: (config network route policy 0)> dst zone ? Zone: Match the IP address to the specified firewall zone. Format: dynamic_routes edge external internal ipsec loopback setup Default value: any AnywhereUSB Plus User Guide...
  • Page 772 (config network route policy 0)> where value uses the format IPv6_address[/prefix_length], or any to match any IPv6 address. mac: Matches the destination MAC address to the specified MAC address. Set the MAC address to be matched: AnywhereUSB Plus User Guide...
  • Page 773 11. Save the configuration and apply the change. (config)> save Configuration saved. > 12. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 774 Enable routing services. Enable and configure the types of routing services that will be used.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 775 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 776 --------------------------------------------------------------------- ---------- ecmp false Allow ECMP enable true Enable Additional Configuration --------------------------------------------------------------------- ---------- interface Interfaces neighbour Neighbours redis Route redistribution timer Timers (config)> 5. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 777 Type quit to disconnect from the device. Show the routing table To display the routing table:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 778 DNS provider, the router can automatically update the remote nameserver whenever your WAN or public IP address changes. Your AnywhereUSB Plus device supports a number of Dynamic DNS providers as well as the ability to provide a custom provider that is not included on the list of providers.
  • Page 779 Routing Dynamic DNS  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 780 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 781 (config network ddns new_ddns_instance)> 6. If custom is configured for service, set the custom URL that should be used to update the IP address with the Dynamic DNS provider: (config network ddns new_ddns_instance)> custom url (config network ddns new_ddns_instance)> AnywhereUSB Plus User Guide...
  • Page 782 (config network ddns new_ddns_instance)> retry_interval value (config network ddns new_ddns_instance)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set retry_interval to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 783 Multiple AnywhereUSB Plus devices can be configured as VRRP devices and assigned a priority. The router with the highest priority will be used as the master router. If the master router fails, then the IP address of the virtual router is mapped to the backup device with the next highest priority.
  • Page 784 VRRP-enabled devices and dynamically change the VRRP priorty of devices based on the status of their network connectivity.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 785 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 786 (config network vrrp VRRP_test)> priority int (config network vrrp VRRP_test)> 8. (Optional) Set a password that will be used to authenticate this VRRP router with VRRP peers. If the password length exceeds 8 characters, it will be truncated to 8 characters. AnywhereUSB Plus User Guide...
  • Page 787 VRRP+ is an extension to the VRRP standard that uses SureLink network probing to monitor connections through VRRP-enabled devices and adjust devices' VRRP priority based on the status of the SureLink tests. This section describes how to configure VRRP+ on a AnywhereUSB Plus device. Required configuration items Both master and backup devices: A configured and enabled instance of VRRP.
  • Page 788 For backup VRRP devices, enable the ability to monitor the VRRP master, so that a backup device can increase its priority when the master device fails SureLink tests.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 789 Click to expand Network > Interfaces. b. Click to expand the appropriate VRRP interface (for example, LAN1). c. For backup devices, for Default Gateway, type the IP address of the VRRP interface on the master device. AnywhereUSB Plus User Guide...
  • Page 790 Click to expand Test targets > Test target. v. Configure the test target. For example, to configure SureLink to verify internet connectivity on the LAN by pinging https://remotemanager.digi.com: i. For Test Type, select Ping test. ii. For Ping host, type https://remotemanager.digi.com.
  • Page 791 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 792 (config)> show network vrrp VRRP_test virtual_address 0 192.168.3.3 1 10.10.10.1 (config)> iii. Set the custom gateway to one of the VRRP virtual IP addresses. For example: (config)> network interface eth2 ipv4 dhcp_server advanced gateway_custom 192.168.3.3 (config)> AnywhereUSB Plus User Guide...
  • Page 793 Tests connectivity by sending an ICMP echo request to a specified hostname or IP address. Specify the hostname or IP address: (config network interface eth2 ipv4 surelink target 0)> ping_host host (config network interface eth2 ipv4 surelink target 0)> AnywhereUSB Plus User Guide...
  • Page 794 (config network interface eth2 ipv4 surelink target 0)> The default is 60 seconds. (Optional) Set the amount of time to wait for an initial connection to the interface before this test is considered to have failed: AnywhereUSB Plus User Guide...
  • Page 795 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Example: VRRP/VRRP+ configuration This example configuration creates a VRRP pool containing two AnywhereUSB Plus devices: Configure device one (master device) ...
  • Page 796 Routing Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device one 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 797 1. Click to expand Network > Interfaces > ETH2 > IPv4 > DHCP Server 2. For Lease range start, leave at the default of 100. 3. For Lease range end, type 199. 4. Click to expand Advanced settings. 5. For Gateway, select Custom. 6. For Custom gateway, enter 192.168.3.3. AnywhereUSB Plus User Guide...
  • Page 798 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 799 > 5. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Configure device two (backup device)  AnywhereUSB Plus User Guide...
  • Page 800 Routing Virtual Router Redundancy Protocol (VRRP) Task 1: Configure VRRP on device two 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 801 Task 4: Configure SureLink for ETH2 on device two 1. Click Network > Interfaces > ETH2 > IPv4 > SureLink. 2. Click Enable. 3. For Interval, type 15s. 4. Click to expand Test targets > Test target. 5. For Test Type, select Ping test. AnywhereUSB Plus User Guide...
  • Page 802 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 803 (config network vrrp VRRP_test )> Task 3: Configure the IP addressfor the VRRP interface, ETH2, on device two 1. Type ... to return to the root of the config prompt: (config network vrrp VRRP_test )> ... (config)> AnywhereUSB Plus User Guide...
  • Page 804 (config network interface eth2 ipv4 surelink target 0)> test ping (config network interface eth2 ipv4 surelink target 0)> 4. Set https://remotemanager.digi.com as the hostname to ping: (config network interface eth2 ipv4 surelink target 0)> ping_host https://remotemanager.digi.com(config network interface eth2 ipv4 surelink target 0)>...
  • Page 805 This section describes how to display VRRP status and statistics for a AnywhereUSB device. VRRP status is available from the Web UI only.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 806 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 807 Routing Virtual Router Redundancy Protocol (VRRP) > AnywhereUSB Plus User Guide...
  • Page 808 Virtual Private Networks (VPNs) are used to securely connect two private networks together so that devices can connect from one network to the other using secure channels. This chapter contains the following topics: IPsec OpenVPN Generic Routing Encapsulation (GRE) Dynamic Multipoint VPN (DMVPN) L2TP L2TPv3 Ethernet MACsec NEMO WireGuard VPN AnywhereUSB Plus User Guide...
  • Page 809 Anti-Replay Authentication of data to ensure an unauthorized device has not injected it into the IPsec tunnel. IPsec mode The AnywhereUSB Plus supports IPsec mode. You can set this mode to run using either the Tunnel or Transport options. Tunnel The entire IP packet is encrypted and/or authenticated and then encapsulated as the payload in a new IP packet.
  • Page 810 XAUTH (extended authentication) pre-shared key authentication mode provides additional security by using client authentication credentials in addition to the standard pre-shared key. The AnywhereUSB Plus device can be configured to authenticate with the remote peer as an XAUTH client. RSASignatures With RSA signatures authentication, the AnywhereUSB Plus device uses a private RSA key to authenticate with a remote peer that is using a corresponding public key.
  • Page 811 Enable Mode-configuration (MODECFG) to receive configuration information, such as the private IP address, from the remote peer. Disable the padding of IKE packets. This should normally not be done except for compatibility purposes. Destination networks that require source NAT. AnywhereUSB Plus User Guide...
  • Page 812 Configure a static route for information about configuring a static route.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 813 The metric can also be used in tandem with SureLink to configure IPsec failover behavior. See Configure IPsec failover for more information. 11. For Mode, select Tunnel mode. Transport mode is not currently supported. AnywhereUSB Plus User Guide...
  • Page 814 SCEP certificates: Uses Simple Certificate Enrollment Protocol (SCEP) to download a private key, certificates, and an optional Certificate Revocation List (CRL) to the AnywhereUSB Plus device from a SCEP server. You must create the SCEP client prior to configuring the IPsec tunnel. See Configure a Simple Certificate Enrollment Protocol client for instructions.
  • Page 815 IPv6: The ID will be interpreted as an IP address and sent as an ID_IPV6_ADDR IKE identity. For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. AnywhereUSB Plus User Guide...
  • Page 816 For IPv6 ID value, type an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. RFC822/Email: The ID will be interpreted as an RFC822 (email address). For RFC822 ID value, type the ID in internet email address format. AnywhereUSB Plus User Guide...
  • Page 817 Request a network: Requests a network from the remote peer. Dynamic: Uses the address of the local endpoint. d. For Protocol, select one of the following: Any: Matches any protocol. TCP: Matches TCP protocol only. UDP: Matches UDP protocol only. ICMP: Matches ICMP requests only. AnywhereUSB Plus User Guide...
  • Page 818 For Mode, select either Main mode or Aggressive mode. d. For IKE fragmentation, select one of the following: If supported by the peer: Send oversized IKE messages in fragments, if the peer supports receiving them. AnywhereUSB Plus User Guide...
  • Page 819 23. (Optional) Click to expand Dead peer detection. Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions to the remote endpoint to detect whether tunnel communications have failed, allowing the tunnel to be automatically AnywhereUSB Plus User Guide...
  • Page 820 Configure SureLink active recovery for IPsec for information about IPsec Active recovery. 26. (Optional) Click Advanced to set various IPsec-related time out, keep alive, and related values. 27. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 821 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 822 Only the payload of the IP packet is encrypted and/or authenticated. The IP header is unencrypted. The default is tunnel. 8. Set the protocol: (config vpn ipsec tunnel ipsec_example)> type protocol (config vpn ipsec tunnel ipsec_example)> AnywhereUSB Plus User Guide...
  • Page 823 Set the private key passphrase that is used to decrypt the private key. Leave blank if the private key is not encrypted. (config vpn ipsec tunnel ipsec_example)> auth private_key_ passphrase passphrase (config vpn ipsec tunnel ipsec_example)> AnywhereUSB Plus User Guide...
  • Page 824 These must include all peer certificates in the chain up to the root CA certificate, in PEM format. (config vpn ipsec tunnel ipsec_example)> auth ca_cert cert_ chain (config vpn ipsec tunnel ipsec_example)> 11. (Optional) Configure the device to connect to its remote peer as an XAUTH client: AnywhereUSB Plus User Guide...
  • Page 825 (config vpn ipsec tunnel ipsec_example)> local id type raw_id id (config vpn ipsec tunnel ipsec_example)> any: Any ID will be accepted. ipv4: The ID will be interpreted as an IPv4 address and sent as an ID_IPV4_ADDR IKE identity. AnywhereUSB Plus User Guide...
  • Page 826 IPv4 address of the IPsec peer. If your device is not configured to initiate the IPsec connection (see initiate), you can also use the keyword any, which means that the hostname is dynamic or unknown. Repeat for additional hostnames. AnywhereUSB Plus User Guide...
  • Page 827 The ID will be interpreted as an IPv6 address and sent as an ID_IPV6_ADDR IKE identity. Set an IPv6 formatted ID. This can be a fully-qualified domain name or an IPv6 address. (config vpn ipsec tunnel ipsec_example)> remote id type ipv6_id (config vpn ipsec tunnel ipsec_example)> AnywhereUSB Plus User Guide...
  • Page 828 (config vpn ipsec tunnel ipsec_example)> where value is one of: if_supported: Send oversized IKE messages in fragments, if the peer supports receiving them. always: Always send IKEv1 messages in fragments. For IKEv2, this option is equivalent to if supported. AnywhereUSB Plus User Guide...
  • Page 829 For example, to set lifetime_margin to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s (config vpn ipsec tunnel ipsec_example)> AnywhereUSB Plus User Guide...
  • Page 830 Set the type of hash to use during phase 1 to verify communication integrity: (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> hash value (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> where value is one of: sha1 sha256 sha384 sha512 The default is sha1. AnywhereUSB Plus User Guide...
  • Page 831 (config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)> .. (config vpn ipsec tunnel ipsec_example ike)> ii. Add a phase 2 proposal: (config vpn ipsec tunnel ipsec_example ike)> add ike phase2_ proposal end (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> AnywhereUSB Plus User Guide...
  • Page 832 Set the type of Diffie-Hellman group to use for key exchange during phase 2: i. Use the ?to determine available Diffie-Hellman group types: (config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_group ? curve25519 curve448 ecp192 AnywhereUSB Plus User Guide...
  • Page 833 The default is 60. (config)> vpn ipsec tunnel ipsec_example dpd delay value (config)> d. Set the number of seconds to wait for a response from a dead peer packet before assuming the tunnel has failed. The default is 90. AnywhereUSB Plus User Guide...
  • Page 834 Address: The local network interface to use the address of. This field must be set when 'Type' is set to 'Address'. Format: setupip setuplinklocalip eth1 eth2 loopback Current value: (config vpn ipsec tunnel ipsec_example policy 0)> local AnywhereUSB Plus User Guide...
  • Page 835 Set the port matching criteria for the local traffic selector: (config vpn ipsec tunnel ipsec_example policy 0)> local port value (config vpn ipsec tunnel ipsec_example policy 0)> where value is the port number, a range of port numbers, or the keyword any. AnywhereUSB Plus User Guide...
  • Page 836 If other is used, set the number of the protocol: (config vpn ipsec tunnel ipsec_example policy 0)> remote protocol_other int (config vpn ipsec tunnel ipsec_example policy 0)> Allowed values are an integer between 1 and 255. AnywhereUSB Plus User Guide...
  • Page 837 You can also enable debugging for IPsec: (config)> vpn ipsec advanced debug value (config)> where value is one of: none basic_auditing detailed_control generic_control raw_data sensitive_data 20. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 838 Virtual Private Networks (VPN) IPsec 21. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 839 Virtual Private Networks (VPN) IPsec Configure IPsec failover You can configure the AnywhereUSB Plus device to fail over from a primary IPsec tunnel to a backup tunnel: SureLink active recovery—You can use SureLink along with the IPsec tunnel's metric to configure two or more tunnels so that when the primary tunnel is determined to be inactive by SureLink, a secondary tunnel can begin serving traffic that the primary tunnel was serving.
  • Page 840 (for example, 20).  Command line 1. Configure the primary IPsec tunnel. See Configure an IPsec tunnel for instructions. During configuration of the IPsec tunnel, set the metric to a low value (for example, 10): AnywhereUSB Plus User Guide...
  • Page 841 (config vpn ipsec tunnel backup_ipsec_tunnel)> ipsec_failover ? Preferred tunnel: This tunnel will not start until the preferred tunnel has failed. It will continue to operate until the preferred tunnel returns to full operation status. Format: primary_ipsec_tunnel AnywhereUSB Plus User Guide...
  • Page 842 To configure the AnywhereUSB Plus device to regularly probe the IPsec connection:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 843 All test pass: All tests need to pass for SureLink to consider the interface to be up. 9. (Optional) For Pass threshold, type or select the number of times that the test must pass after failure, before the interface is determined to be working and is reinstated. AnywhereUSB Plus User Guide...
  • Page 844 If HTTP test is selected, complete the following: Web server: The URL of the web server. Test DNS servers configured for this interface: Tests communication with DNS servers that are either provided by DHCP, or statically configured for this interface. AnywhereUSB Plus User Guide...
  • Page 845 Down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). e. Repeat for each additional test. 12. Add recovery actions: a. Click to expand Recovery actions. By default, there are two preconfigured recovery actions: AnywhereUSB Plus User Guide...
  • Page 846 If set to the default value of 0s, the Test interval is used. Switch to alternate SIM: Switches to an alternate SIM. This recovery action is available for WWAN interfaces only. If Switch to alternate SIM is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 847 For Backoff interval, type the time to add to the test interval when restarting the list of actions. This option is capped at 15 minutes. Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the format number{w|d|h|m|s}. AnywhereUSB Plus User Guide...
  • Page 848 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 849 Performs a DNS query to the named DNS server. If dns is set, set the IPv4 or IPv6 address of the DNS server: (config vpn ipsec tunnel ipsec_example surelink tests 1)> dns_ server IP_address (config vpn ipsec tunnel ipsec_example surelink tests 1)> AnywhereUSB Plus User Guide...
  • Page 850 For example, to set interface_timeout to ten minutes, enter either 10m or 600s: (config vpn ipsec tunnel ipsec_example surelink tests 1)> interface_timeout 600s (config)> custom_test: Tests the interface with custom commands. If custom_test is set, set the commands to run to perform the test: AnywhereUSB Plus User Guide...
  • Page 851 /network/interface/loopback Current value: (config vpn ipsec tunnel ipsec_example surelink tests 1)> other_interface ii. Set the interface. For example: (config vpn ipsec tunnel ipsec_example surelink tests 1)> other_interface /network/interface/eth1 (config vpn ipsec tunnel ipsec_example surelink tests 1)> AnywhereUSB Plus User Guide...
  • Page 852 (config vpn ipsec tunnel ipsec_example surelink actions 0)> enable false (config vpn ipsec tunnel ipsec_example surelink actions 0)> d. Create a label for the action: (config vpn ipsec tunnel ipsec_example surelink actions 0)> label string (config vpn ipsec tunnel ipsec_example surelink actions 0)> AnywhereUSB Plus User Guide...
  • Page 853 (config vpn ipsec tunnel ipsec_example surelink actions 0)> The default is 3. Set the amount that the interface's metric should be increased. This should be set to a number large enough to change the routing table to use another default gateway. AnywhereUSB Plus User Guide...
  • Page 854 (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> switch_sim: Switches to an alternate SIM. This recovery action is available for WWAN interfaces only. If switch_sim is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 855 Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn ipsec tunnel ipsec_example surelink actions 0)> override_interval int (config vpn ipsec tunnel ipsec_example surelink actions 0)> custom_action: Execute custom recovery commands. AnywhereUSB Plus User Guide...
  • Page 856 (config)> where value is either: one: Only one test needs to pass for Surelink to consider an interface to be up. all: All tests need to pass for SureLink to consider the interface to be up. AnywhereUSB Plus User Guide...
  • Page 857 (config)> vpn ipsec tunnel ipsec_example surelink advanced backoff_ interval value (config)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. For example, to set backoff_interval to ten minutes, enter either 10m or 600s: AnywhereUSB Plus User Guide...
  • Page 858 Type quit to disconnect from the device. Show IPsec status and statistics  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, select Status > IPsec. The IPsec page appears.
  • Page 859  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 860 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 861 The number of days that the certificate enrollment can be renewed, prior to the request expiring.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 862 9. For Renewable Time, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the AnywhereUSB Plus device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 863 Click Enable to enable the CRL. c. For Type, select the type of CRL: URL: The URL to the file name used to access the certificate revocation list from the CA. CRLDP: The CRL distribution point. AnywhereUSB Plus User Guide...
  • Page 864 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 865 (config network scep_client scep_client_name)> f. Set the Organizational Unit: (config network scep_client scep_client_name)> distinguished_name ou value (config network scep_client scep_client_name)> g. Set the Common Name: (config network scep_client scep_client_name)> distinguished_name cn value (config network scep_client scep_client_name)> AnywhereUSB Plus User Guide...
  • Page 866 For example, to set max_poll_time to ten minutes, enter either 10m or 600s: (config network scep_client scep_client_name)> max_poll_time 600s (config network scep_client scep_client_name)> The default is 1d. 13. Set the amount of time that the device should wait between polling attempts, when operating in manual mode: AnywhereUSB Plus User Guide...
  • Page 867 15. Set the number of days that the certificate enrollment can be renewed, prior to the request expiring. This value is configured on the SCEP server, and is used by the AnywhereUSB Plus device to determine when to start attempting to auto-renew an existing certificate. The default is 7.
  • Page 868 For Renewal > Allow renewal x days before the certified is expired, type the number of days that the certificate enrollment can be renewed, prior to the request expiring. The Renewable Time setting on the AnywhereUSB Plus device must match the setting of this parameter.
  • Page 869 Virtual Private Networks (VPN) IPsec 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 870 12. Type the value for each appropriate Distinguished Name attribute. The values entered here must correspond to the DN attributes in the Enrollment Request on the Fortinet server. 13. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 871 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 872 Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. Show SCEP client status and information You can show general SCEP client information for all SCEP clients, and specific information for an individual SCEP client. AnywhereUSB Plus User Guide...
  • Page 873 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 874 Last Update : May 23 13:27:21 2022 GMT > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 875 OpenVPN clients are on the same IP subnet as the OpenVPN server’s LAN interface. This means that devices connected to the OpenVPN client’s LAN interface are on the same IP subnet as devices. The AnywhereUSB Plus device supports two mechanisms for configuring an OpenVPN server in TAP mode:...
  • Page 876 Virtual Private Networks (VPN) OpenVPN OpenVPN managed—The AnywhereUSB Plus device creates the interface and then uses its standard configuration to set up the connection (for example, its standard DHCP server configuration). Device only—IP addressing is controlled by the system, not by OpenVPN.
  • Page 877 Access control list configuration to restrict access to the OpenVPN server through the firewall. Additional OpenVPN parameters.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 878 You must create an OpenVPN authentication group and user. See Configure an OpenVPN Authentication Group and User for instructions. Certificate and username/password: Uses both certificates and a username and password for client authentication. Each client requires a public and private key, AnywhereUSB Plus User Guide...
  • Page 879 11. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. a. Click Enable to enable the use of additional OpenVPN parameters. b. Click Override if the additional OpenVPN parameters should override default options. AnywhereUSB Plus User Guide...
  • Page 880 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 881 80, the first client IP address will be 192.168.1.80. The default is from 80. ii. Set the last address in the range limit: (config vpn openvpn server name)> server_last_ip value (config vpn openvpn server name)> AnywhereUSB Plus User Guide...
  • Page 882 (config vpn openvpn server name)> cacert value (config vpn openvpn server name)> iii. Paste the contents of the public key (for example, server.crt) into the value of the server_cert parameter: (config vpn openvpn server name)> server_cert value (config vpn openvpn server name)> AnywhereUSB Plus User Guide...
  • Page 883 (config vpn openvpn server name)> Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ?to display interface information: (config vpn openvpn server name)> ... network interface ? Interfaces Additional Configuration AnywhereUSB Plus User Guide...
  • Page 884 (config vpn openvpn server name)> Repeat this step to include additional firewall zones. 9. (Optional) Set additional OpenVPN parameters. a. Enable the use of additional OpenVPN parameters: (config vpn openvpn server name)> advanced_options enable true (config vpn openvpn server name)> AnywhereUSB Plus User Guide...
  • Page 885 AnywhereUSB Plus user authentication for more information about creating authentication groups and users.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 886 Click to expand the OpenVPN node. e. Click  to add a tunnel. f. For Tunnel, select an OpenVPN tunnel to which users of this group will have access. g. Repeat to add additional OpenVPN tunnels. AnywhereUSB Plus User Guide...
  • Page 887 Click to expand the Groups node. e. Click  to add a group to the user. f. Select a Group with OpenVPN access enabled. 5. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 888 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 889 Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 890 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 891 8. Save the configuration and apply the change. (config)> save Configuration saved. > 9. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 892 Configure SureLink active recovery for OpenVPN for information about OpenVPN active recovery.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 893 13. Paste the contents of the CAcertificate (usually in a ca.crt file), the Public key (for example, client.crt), and the Private key (for example, client.key) into their respective fields. The contents will be hidden when the configuration is saved. 14. (Optional) Click to expand Advanced Options to manually set additional OpenVPN parameters. AnywhereUSB Plus User Guide...
  • Page 894 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 895 12. Paste the contents of the public key (for example, client.crt) into the value of the public_cert parameter: (config vpn openvpn client name)> public_cert value (config vpn openvpn client name)> 13. Paste the contents of the private key (for example, client.key) into the value of the private_ key parameter: AnywhereUSB Plus User Guide...
  • Page 896 Type quit to disconnect from the device. Configure SureLink active recovery for OpenVPN You can configure the AnywhereUSB Plus device to regularly probe OpenVPN client connections to determine if the connection has failed and take remedial action. Required configuration items A valid OpenVPN client configuration.
  • Page 897 OpenVPN To configure the AnywhereUSB Plus device to regularly probe the OpenVPN connection:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 898 The Interface gateway. If Interface gateway is selected, an initial traceroute is sent to the hostname or IP address configured in the SureLink advanced settings, and then the first hop in that route is used for the ping test. AnywhereUSB Plus User Guide...
  • Page 899 TCP connect host: The hostname or IP address of the host to create a TCP connection to. TCP connect port: The TCP port to create a TCP connection to. Test another interface's status: Tests the status of another interface. If Test another interface's status is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 900 Override wait interval before performing the next recovery action: The time to wait before the next test is run. If set to the default value of 0s, the Test interval is used. Restart interface. If Restart interface is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 901 Powercycle the modem. This recovery action is available for WWAN interfaces only. If Powercycle the modem is selected, complete the following: SureLink test failures: The number of failures for this recovery action to perform, before moving to the next recovery action. AnywhereUSB Plus User Guide...
  • Page 902 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 903 Uses ICMP to determine connectivity. If ping is selected, complete the following: Set the ping_method: (config vpn openvpn client openvpn_client1 surelink tests 1)> ping_method value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is one of: AnywhereUSB Plus User Guide...
  • Page 904 (config vpn openvpn client openvpn_client1 surelink tests 1)> interface_down_time value (config vpn openvpn client openvpn_client1 surelink tests 1)> where value is any number of weeks, days, hours, minutes, or seconds, and takes the format number{w|d|h|m|s}. AnywhereUSB Plus User Guide...
  • Page 905 Set the TCP port to create a TCP connection to. (config vpn openvpn client openvpn_client1 surelink tests 1)> tcp_port port (config vpn openvpn client openvpn_client1 surelink tests 1)> other: Tests the status of another interface. If other is selected, complete the following: AnywhereUSB Plus User Guide...
  • Page 906 The test will pass only if the referenced interface is up and passing its own SureLink tests (if applicable). down: The test will pass only if the referenced interface is down or failing its own SureLink tests (if applicable). f. Repeat for each additional test. AnywhereUSB Plus User Guide...
  • Page 907 Set the type of recovery action. If multiple recovery actions are configured, they are performed in the order that they are listed. The command varies depending on whether the interface is a WAN or WWAN: WAN interfaces: AnywhereUSB Plus User Guide...
  • Page 908 If restart_interface is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config vpn openvpn client openvpn_client1 surelink actions 0)> test_failures int AnywhereUSB Plus User Guide...
  • Page 909 The default is 3. Set the time to wait before the next test is run. If set to the default value of 0s, the test interval is used. (config vpn openvpn client openvpn_client1 surelink actions 0)> override_interval int AnywhereUSB Plus User Guide...
  • Page 910 Execute custom recovery commands. If custom_action is selected, complete the following: Set the number of failures for this recovery action to perform, before moving to the next recovery action: (config vpn openvpn client openvpn_client1 surelink actions 0)> test_failures int AnywhereUSB Plus User Guide...
  • Page 911 All tests need to pass for SureLink to consider the interface to be up. d. Set the number of times that the test must pass after failure, before the interface is determined to be working and is reinstated. AnywhereUSB Plus User Guide...
  • Page 912 For example, to set backoff_interval to ten minutes, enter either 10m or 600s: (config)> vpn openvpn client openvpn_client1 surelink advanced backoff_interval 600s (config)> The default is 300 seconds. AnywhereUSB Plus User Guide...
  • Page 913 You can view status and statistics for OpenVPN servers from either the web interface or the command line:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, select Status > OpenVPN > Servers. The OpenVPN Servers page appears.
  • Page 914 You can view status and statistics for OpenVPN clients from either web interface or the command line:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, select Status > OpenVPN > Clients. The OpenVPN Clients page appears.
  • Page 915 Port : 1194 Type : tun > 4. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 916 Enable the device to respond to keepalive packets. Task One: Create a GREloopback endpoint interface  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 917 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 918 Type quit to disconnect from the device. Task Two: Configure the GRE tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 919 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 920 (config vpn iptunnel gre_example)> save Configuration saved. > 11. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 921 Show GRE tunnels To view information about currently configured GRE tunnels:  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, click Status > IP tunnels. The IP Tunnelspage appears. 2. To view configuration details about a GRE tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 922 Generic Routing Encapsulation (GRE) Example: GRE tunnel over an IPSec tunnel The AnywhereUSB Plus device can be configured as an advertised set of routes through an IPSec tunnel. This allows you to leverage the dynamic route advertisement of GRE tunnels through a secured IPSec tunnel.
  • Page 923 Configure the AnywhereUSB Plus-1 device Task one: Create an IPsec tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 924 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 925 Virtual Private Networks (VPN) Generic Routing Encapsulation (GRE) 5. Set the remote endpoint to public IP address of the AnywhereUSB Plus-2 device: (config vpn ipsec tunnel ipsec_gre1)> remote hostname 192.168.101.1 (config vpn ipsec tunnel ipsec_gre1)> 6. Add a policy: (config vpn ipsec tunnel ipsec_gre1)> add policy end (config vpn ipsec tunnel ipsec_gre1 policy 0)>...
  • Page 926 3. For Zone, select Internal. 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.1/32. 7. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 927 2. For Add IP Tunnel, type gre_tunnel1 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint1). 4. For Remote endpoint, type the IP address of the GRE tunnel on AnywhereUSB Plus-2, 172.30.0.2. AnywhereUSB Plus User Guide...
  • Page 928 (/network/interface/ipsec_endpoint1): (config vpn iptunnel gre_tunnel1)> local /network/interface/ipsec_ endpoint1 (config vpn iptunnel gre_tunnel1)> 4. Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus-2, 172.30.0.2: (config vpn iptunnel gre_tunnel1)> remote 172.30.0.2 (config vpn iptunnel gre_tunnel1)> 5. Save the configuration and apply the change.
  • Page 929 4. For Device, select the GRE tunnel created in Task three (IP tunnel: gre_tunnel1). 5. Click to expand IPv4. 6. For Address, type 172.31.0.1/30 for a virtual IP address on the GRE tunnel. 7. Click Apply to save the configuration and apply the change. AnywhereUSB Plus User Guide...
  • Page 930 Configure the AnywhereUSB Plus-2 device Task one: Create an IPsec tunnel  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 931 6. For Pre-shared key, type the same pre-shared key that was configured for the AnywhereUSB Plus-1 (testkey). 7. Click to expand Remote endpoint. 8. For Hostname, type public IP address of the AnywhereUSB Plus-1 device. 9. Click to expand Policies. 10. For Add Policy, click  to add a new policy.
  • Page 932 (config vpn ipsec tunnel ipsec_gre2)> auth secret testkey (config vpn ipsec tunnel ipsec_gre2)> 5. Set the remote endpoint to public IP address of the AnywhereUSB Plus-1 device: (config vpn ipsec tunnel ipsec_gre2)> remote hostname 192.168.100.1 (config vpn ipsec tunnel ipsec_gre2)>...
  • Page 933 4. For Device, select Ethernet: loopback. 5. Click to expand IPv4. 6. For Address, type the IP address of the local GRE tunnel, 172.30.0.2/32. 7. Click Apply to save the configuration and apply the change.  Command line AnywhereUSB Plus User Guide...
  • Page 934 2. For Add IP Tunnel, type gre_tunnel2 and click . 3. For Local endpoint, select the IPsec endpoint interface created in Task two (Interface: ipsec_ endpoint2). 4. For Remote endpoint, type the IP address of the GRE tunnel on AnywhereUSB Plus-1, 172.30.0.1. AnywhereUSB Plus User Guide...
  • Page 935 (/network/interface/ipsec_endpoint2): (config vpn iptunnel gre_tunnel2)> local /network/interface/ipsec_ endpoint2 (config vpn iptunnel gre_tunnel2)> 4. Set the remote endpoint to the IP address of the GRE tunnel on AnywhereUSB Plus-1, 172.30.0.1: (config vpn iptunnel gre_tunnel2)> remote 172.30.0.1 (config vpn iptunnel gre_tunnel2)> 5. Save the configuration and apply the change.
  • Page 936 7. Click Apply to save the configuration and apply the change.  Command line 1. At the command line, type config to enter configuration mode: > config (config)> 2. Add an interface named gre_interface2: (config)> add network interface gre_interface2 (config network interface gre_interface2)> AnywhereUSB Plus User Guide...
  • Page 937 GRE tunnel directly to the other spoke. The network address of the target spoke is resolved with the use of Next Hop Resolution Protocol (NHRP). This section contains the following topics: Configure a DMVPN spoke AnywhereUSB Plus User Guide...
  • Page 938 Dynamic Multipoint VPN (DMVPN) Configure a DMVPN spoke To configure a DMVPN spoke:  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 939 For Address, type the IP address and netmask of the tunnel. The netmask must be set to /32. 5. Configure NHRP: a. Click Network > Routing Services. b. Enable routing services. c. Click to expand NHRP. d. Enable NHRP. e. Click to expand Network. AnywhereUSB Plus User Guide...
  • Page 940 Click Network > Routing services > BGP. b. Enable BGP. c. For AS number, type the autonomous system number for this device. d. For Best path criteria, select Multipath. e. Click to expand Neighbours. f. Click  to add a neighbour. AnywhereUSB Plus User Guide...
  • Page 941 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 942 And a network interface. For example, to add an interface named dmvpn_tunnel_ interface: (config)> add network interface dmvpn_tunnel_interface (config network interface dmvpn_tunnel_interface)> c. Set the zone to internal: (config network interface dmvpn_tunnel_interface)> zone internal (config network interface dmvpn_tunnel_interface)> AnywhereUSB Plus User Guide...
  • Page 943 (config network route service nhrp network 0)> tunnel /vpn/iptunnel/dmvpn_tunnel (config network route service nhrp network 0)> g. Add a net hop server: (config network route service nhrp network 0)> add nhs end (config network route service nhrp network 0 nhs 0)>- AnywhereUSB Plus User Guide...
  • Page 944 Enable eBGP multihop: (config network route service bgp neighbour 0)> ebgp_multihop true (config network route service bgp neighbour 0)> 9. Repeat to add additional spokes. 10. Save the configuration and apply the change. (config)> save Configuration saved. > AnywhereUSB Plus User Guide...
  • Page 945 Your AnywhereUSB Plus device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). Configure a PPP-over-L2TP tunnel Your AnywhereUSB Plus device supports PPP-over-L2TP (Layer 2 Tunneling Protocol). The tunnel endpoints are known as L2TP Access Concentrators (LAC) and L2TP Network Servers (LNS). Each endpoint terminates the PPP session.
  • Page 946 Virtual Private Networks (VPN) L2TP 1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 947 A range of IP addresses, using the format x.x.x.x-y.y.y.y, for example 192.168.188.1-192.168.188.254. The keyword any, which means that the server will accept connections from any IP address. e. For Local IP address, type the IP address of the L2TP virtual network interface. AnywhereUSB Plus User Guide...
  • Page 948 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 949 Where value is an interface defined on your device. Display a list of available interfaces: Use ... network interface ?to display interface information: (config)> ... network interface ? Interfaces Additional Configuration ------------------------------------------- setupip Setup IP setuplinklocalip Setup Link-local IP eth1 ETH1 eth2 ETH2 AnywhereUSB Plus User Guide...
  • Page 950 (config add vpn l2tp lac name)> where name is the name of the LAC. For example, to add an LAC named lac_tunnel: (config)> add vpn l2tp lac lac_tunnel (config vpn l2tp lac lac_tunnel)> LACs are enabled by default. To disable: AnywhereUSB Plus User Guide...
  • Page 951 Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: dynamic_routes edge external internal ipsec loopback setup Current value: AnywhereUSB Plus User Guide...
  • Page 952 (config vpn l2tp lns lns_server)> This can also be: A range of IP addresses, using the format x.x.x.x-y.y.y.y, for example 192.168.188.1-192.168.188.254. The keyword any, which means that the server will accept connections from any IP address. AnywhereUSB Plus User Guide...
  • Page 953 Use the ?to determine available zones: (config vpn l2tp lns lns_server)> zone ? Zone: The firewall zone assigned to this tunnel. This can be used by packet filtering rules and access control lists to restrict network traffic on this tunnel. Format: AnywhereUSB Plus User Guide...
  • Page 954 L2TP is commonly used in conjunction with IPsec in transport mode (to provide security). Your AnywhereUSB Plus supoorts L2TP with IPsec by configuring a transport-mode IPsec tunnel between the two endpoints, and then an L2TP tunnel with its LNS and LAC configured the same as the IPsec tunnel’s endpoints.
  • Page 955 This means that you cannot restrict traffic on the IPsec tunnel to L2TP traffic (typically UDP port 1701). While multiple L2TP clients are supported on the AnywhereUSB Plus by configuring a separate LNS for each client, multiple clients behind a Network Address Translation (NAT) device are not supported, because they will all appear to have the same IP address.
  • Page 956 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 957 The peer session cookie. The Layer2SpecificHeader type. The Sequence numbering control.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 958 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 959 6. Set the tunnel identifier for this tunnel. This must match the value for peer tunnel ID on the remote peer. (config vpn l2tpeth L2TPv3_example)> tunnel_id value (config vpn l2tpeth L2TPv3_example)> where value is any integer between 1 and 4294967295. AnywhereUSB Plus User Guide...
  • Page 960 1 and 4294967295. 12. (Optional) Set the cookie value to be assigned to the session. (config vpn l2tpeth L2TPv3_example session_example)> cookie value (config vpn l2tpeth L2TPv3_example session_example)> Allowed value is 8 or 16 hex digits. AnywhereUSB Plus User Guide...
  • Page 961 Type quit to disconnect from the device. Show L2TPV3 tunnel status  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, select Status. Under VPN, select L2TPv3 Ethernet. The L2TPv3 Ethernet page appears.
  • Page 962 MACsec tunnel over a wired Ethernet LAN. The MACsec uses keys to provide multiple authentications between hosts in a network. A MACsec tunnel must be tied to a physical interface. You cannot create a MACsec tunnel for a bridge. AnywhereUSB Plus User Guide...
  • Page 963 The local network device to connect to the peer device. When using Manual mode, the connectivity association key and key name.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 964 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 965 Local Area Networks (LANs) on your device. NEMO creates a tunnel between the home agent on the mobile private network and the AnywhereUSB Plus device, isolating the connection from internet traffic and advertising the IP subnets of the LANs for remote access and device management.
  • Page 966 If the local network is set to Interface, identify the local interface to be used.  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a.
  • Page 967 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 968 (config vpn nemo nemo_example)> mtu_discovery false (config vpn nemo nemo_example)> If disabled, set the MTU size. The default MTU size for LANs on the AnywhereUSB Plus device is 1500. The MTU size of the NEMO tunnel will be smaller, to take into account the required headers.
  • Page 969 (config vpn nemo nemo_example)> zone internal (config vpn nemo nemo_example)> The Internal firewall zone configures the AnywhereUSB Plus device to trust traffic going to the tunnel and allows it through the network. 11. Configure the Care-of-Address, the local WAN interface of the internet facing network.
  • Page 970 14. Save the configuration and apply the change. (config)> save Configuration saved. > 15. Type exit to exit the Admin CLI. Depending on your device configuration, you may be presented with an Access selection menu. Type quit to disconnect from the device. AnywhereUSB Plus User Guide...
  • Page 971 NEMO Show NEMO status  Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. On the menu, select Status > NEMO. The NEMO page appears. 2. To view configuration details about an NEMO tunnel, click the  (configuration) icon in the upper right of the tunnel's status pane.
  • Page 972 WireGuard VPN: Client mode: Configure the AnywhereUSB Plus device to act as a client, so it establishes an outbound WireGuard VPN tunnel to a remote server. Server mode: Configure the AnywhereUSB Plus device to act as a server, so one or more remote devices can establish an inbound WireGuard VPN tunnel to the device.
  • Page 973 Local and remote IP addresses  1. Log into Digi Remote Manager, or log into the local Web UI as a user with full Admin access rights. 2. Access the device configuration: Remote Manager: a. Locate your device as described in Use Digi Remote Manager to view and manage your device.
  • Page 974 Click  to add a new peer. Peers If this AnywhereUSB Plus is the WireGuard client, then only add one peer. The peer is the remote Wireguard server to which it connects.
  • Page 975 WireGuard VPN Tunnel setting UI configuration Device managed private key Enable to allow the AnywhereUSB Plus to generate its own public and private keys. If this setting is enabled, it triggers the AnywhereUSB Plus to automatically generate a private key and corresponding public key.
  • Page 976 1. Select the device in Remote Manager and click Actions > Open Console, or log into the AnywhereUSB Plus local command line as a user with full Admin access rights. Depending on your device configuration, you may be presented with an Access selection menu.
  • Page 977 (config)> vpn wireguard name enable true (config)> peer a. Determine if the AnywhereUSB Plus will act as a client or server. If this AnywhereUSB Plus is the WireGuard client, then only add one peer. The peer is the remote Wireguard server to which it connects.
  • Page 978 [Local and Remote] Allowed addresses autogenerate Enable to allow the AnywhereUSB Plus to generate its own public and private keys. If this setting is enabled, it triggers the AnywhereUSB Plus to automatically generate a private key and corresponding public key. To enable: >...
  • Page 979 (config network interface [name]) > zone external (config)> device Add the network device used by this interface. (config network interface [name]) > device /vpn/wireguard/ [name] For example, device /vpn/wireguard/newWGtunnel1. IPv4 a. Add the address and netmask assigned to this interface. AnywhereUSB Plus User Guide...
  • Page 980 Add the IP address of the DNS server. (config network interface [name] ipv4) > dns (config network interface [name] ipv4 dns) > ipv4_ [address]. Address is the IP address of the DNS server. For example, ipv4_10.200.200.1. AnywhereUSB Plus User Guide...
  • Page 981 Available commands Use the scp command Display status and statistics using the show command Device configuration using the command line interface Execute configuration commands at the root Admin CLI prompt Configuration mode Command line reference 1006 AnywhereUSB Plus User Guide...
  • Page 982 You can use an open-source terminal software, such as PuTTYor TeraTerm, to access the device through one of these mechanisms. You can also access the command line interface in the WebUI by using the Terminal, or the Digi Remote Manager by using the Console.
  • Page 983 Type q or quit to exit. Execute a command from the web interface Log into the AnywhereUSB Plus WebUI as a user with full Admin access rights. 1. At the main menu, click Terminal. The device console appears. AnywhereUSB Plus login: 2.
  • Page 984 Display help for commands and parameters The help command When executed from the root command prompt, help displays information about autocomplete operations, how to move the cursor on the AnywhereUSB Plus command line, and other keyboard shortcuts: > help Commands...
  • Page 985 Show SCEP client statistics. scripts Show scheduled scripts. serial Show serial statistics. surelink Show Surelink statistics. system Show system statistics. version Show firmware version. vrrp Show VRRP statistics. web-filter Show web filter information. wifi Show Wi-Fi statistics. > show AnywhereUSB Plus User Guide...
  • Page 986 (config)> serial port1 enable t<Tab> auto-completes to (config)> serial port1 enable true Auto-complete does not function for: Parameter values that are string types. Integer values. File names. Select parameters passed to commands that perform an action. AnywhereUSB Plus User Guide...
  • Page 987 Pings a remote host using Internet Control Message Protocol (ICMP) Echo Request messages. poweroff Powers off the system. reboot Reboots the AnywhereUSB Plus device. Removes a file. Uses the secure copy protocol (SCP) to transfer files between the AnywhereUSB AnywhereUSB Plus User Guide...
  • Page 988 The hostname or IP address of the remote host. The username and password of the user on the remote host. Whether the file is being copied to the AnywhereUSB Plus device from a remote host, or to the remote host from the AnywhereUSB Plus device.
  • Page 989 AnywhereUSB Plus device. To copy a support report from the AnywhereUSB Plus device to a remote host at the IP address of 192.168.4.1: 1.
  • Page 990 > show system show system command displays system information and statistics for the device, including CPU usage. > show system Model : Digi AnywhereUSB Plus Serial Number : AnywhereUSB Plusxxxxxxxxyyyyxx : AnywhereUSB Plus Hostname : AnywhereUSB Plus MAC Address : DF:DD:E2:AE:21:18...
  • Page 991 For example, to disable the SSH service from the root prompt, enter the following command: > config service ssh enable false > The AnywhereUSB Plus device's ssh service is now disabled. Note When the config command is executed at the root prompt, certain configuration actions that are available in configuration mode cannot be performed.
  • Page 992 Remote control snmp SNMP web_admin Web administration > config service 3. Next, display help for the config service ssh command: > config service ssh ? SSH: An SSH server for managing the device. Parameters Current Value ------------------------------------------------------------------------- AnywhereUSB Plus User Guide...
  • Page 993 There are two ways to enter configuration commands while in configuration mode: Enter the full command string from the config prompt. For example, to disable the ssh service by entering the full command string at the config prompt: (config)> service ssh enable false (config)> AnywhereUSB Plus User Guide...
  • Page 994 In configuration mode, configuration actions are available to perform tasks related to saving or canceling the configuration changes, and to manage items and elements in lists. The commands can be listed by entering a question mark (?) at the config prompt. The following actions are available: AnywhereUSB Plus User Guide...
  • Page 995 1. Enter ?at the config prompt: (config)> ? This will display the following help information: (config)> ? Additional Configuration ------------------------------------------------------------------------ application Custom scripts auth Authentication cloud Central management firewall Firewall monitoring Monitoring network Network serial Serial service Services AnywhereUSB Plus User Guide...
  • Page 996 3. Next, to display help for the service ssh command, use one of the following methods: At the config prompt, enter service ssh ?: (config)> service ssh ? At the config prompt: a. Enter service to move to the service node: (config)> service (config service)> AnywhereUSB Plus User Guide...
  • Page 997 (config)> service (config service)> b. Enter ssh to move to the ssh node: (config service)> ssh (config service ssh)> c. Enter enable ?to display help for the enable parameter: (config service ssh)> enable ? (config service ssh)> AnywhereUSB Plus User Guide...
  • Page 998 (config service ssh acl zone)> .. (config service ssh acl)> You can also move back multiples nodes in the configuration by typing multiple sets of two periods: (config service ssh acl zone)> ..(config service)> AnywhereUSB Plus User Guide...
  • Page 999 As demonstrated above, the end keyword is used to add an element to the end of a list. Additionally, the end keyword is used to add an element to a list that does not have any elements. For example, to add an authentication group to a user that has just been created: AnywhereUSB Plus User Guide...
  • Page 1000 Use the show command to verify that the local authentication method was removed: (config)> show auth method 0 tacacs+ 1 radius (config)> Move elementswithin a list Use the move command to reorder elements in a list. For example, to reorder the authentication methods: AnywhereUSB Plus User Guide 1000...

This manual is also suitable for:

Anywhereusb 2 plusAnywhereusb 8 plusAnywhereusb 24 plusAw02-g300Aw02-g300-glbAw08-g300 ... Show all