Digi TransPort User's Guide 90001019_F 15 March 2012 1
Contents Introduction ......................................................................................................... 14 Typographical Conventions ................................................................................... 15 Obtaining Technical Support ................................................................................ 16 Self help ............................................................................................................ 16 Assisted help ....................
Configuration – Network > Interfaces > Mobile ....................................................... 58 Configuration – Network > Interfaces > Mobile > Mobile Settings > Mobile Service Provider Settings ................................................................................................ 58 Configuration – Network > Interfaces > Mobile > Mobile Settings > Mobile Connection Settings.............................................................................................................
Configuration – Network > Interfaces > Serial > Rate Adaption n ............................. 119 Configuration – Network > Interfaces > Serial > Command Mappings ....................... 120 Configuration – Network > Serial > Protocol Bindings.............................................. 120 Configuration – Network > Serial > TRANSIP Serial Ports ........................................ 122 Configuration – Network > Serial > TRANSIP Serial Ports > TRANSIP n .....................
Configuration – Network > IP Routing / Forwarding > Static Routes > Default Route n > Advanced.......................................................................................................... 173 Configuration – Network > IP Routing / Forwarding > RIP........................................ 175 Configuration – Network > IP Routing / Forwarding > RIP > Global RIP Settings ......... 175 Configuration – Network > IP Routing / Forwarding > RIP > Global RIP settings > Access Lists ......................
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 ............ 210 Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2 n ....................................................................................................................... 210 Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2 n > Advanced..........................................................................................................
Configuration – Network > Advanced Network Settings ........................................... 248 Configuration - Network > Advanced Network Settings > Socket Settings .................. 249 Configuration – Network > Advanced Network Settings > XOT Settings ..................... 250 Configuration – Network > Advanced Network Settings > Backup IP Addresses .......... 251 Configuration - Network > Legacy Protocols ...........................................................
Configuration - Network > Protocol Switch > CUD Mappings .................................... 303 Configuration - Network > Protocol Switch > IP Sockets to Protocol Switch ................ 304 Configuration - Network > Protocol Switch > NUA to Interface Mappings.................... 307 Configuration - Network > Protocol Switch > NUA Mappings ..................................... 308 Configuration – Alarms > Event Settings ...............................................................
Configuration – Security > RADIUS ...................................................................... 347 Configuration – Security > RADIUS > RADIUS Client n ............................................ 348 Authorization..................................................................................................... 348 Accounting ........................................................................................................
Management – Event Log .................................................................................... 401 Management – Analyser ...................................................................................... 402 Management – Analyser > Settings ...................................................................... 402 Management – Analyser > Trace .......................................................................... 408 Management – Analyser > PCAP (e.g. Wireshark) traces..................
X.25 PACKET SWITCHING .................................................................................. 460 Introduction ...................................................................................................... 460 B-channel X.25 .................................................................................................. 460 D-channel X.25.................................................................................................. 460 X.28 Commands ..................................
&W Write SREGS.DAT ......................................................................................... 498 &Y Set Default Profile ......................................................................................... 499 &Z Store Phone Number ..................................................................................... 499 \AT Ignore Invalid AT Commands ......................................................................... 500 \LS Lock Speed...............................................
IR2140 & GR2140 .............................................................................................. 524 GR2130 ............................................................................................................ 525 IR2140 ............................................................................................................. 528 IR2420 ............................................................................................................. 531 TA2020B & IR2110B .................
Introduction Thank you for choosing a data communications product from Digi International. Digi products are extremely versatile and may be used in a wide variety of applications. It would not be possible to describe in detail all such applications in a single guide. Consequently, this guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their specific application.
Typographical Conventions Throughout this manual certain typographical conventions are used as follows: Text Type Meaning ... is standard text. Text like this Note: Text like this ... indicates points that are of particular importance. Text like this ... indicates commands entered by the user at the command line. Text like this ... indicates responses from the unit to commands you enter at the command line. Configuration – Network > Interfaces refers to the unit’s web-based menu system.
Obtaining Technical Support Technical support for your Digi Transport router is readily available using the following methods. Self help Visit the Technical Support section of the Digi website at www.digi.com From here, you can gain access to FAQs, knowledge base articles, application guides, quick setup guides, installation guides, software applications, firmware upgrades, product literature, warrantyregistration & a support forum.
Email Email support is available from 2 locations: UK uksupport@digi.com USA support.wizards@digi.com Remember to attach the debug.txt zip file to your email! Telephone Telephone support is available from 2 locations: UK Telephone support is available 09:00 - 17:30 GMT. From within the UK: 0870 350 0035 International: +44 1943 605 055 USA Telephone support is available 07:00 - 17:30 CST (GMT -6 Hours).
Using the Command Line Interface Using a Web browser to modify text box or table values in the configuration pages is the simplest way to configure the unit and this process is described in the next chapter. However, if you do not have access to a Web browser, the unit can be configured using text commands. These commands may be entered directly at one of the serial ports or via a Telnet session. Remote configuration is also possible using Telnet or X.25.
If you have local command echo enabled on your terminal, you may see the AT command displayed as “AATT”. If this happens you may use the “ATE0” command (which will appear as “AATTEE00”), to prevent the unit from providing command echo. After this command has been entered, further commands will be displayed without the echo. The “AT” command prefix and the commands that follow it can be entered in upper or lower case.
Take note that because of the space between ‘Local’ and ‘LAN’, the wording is enclosed in double quotes. To set an IP address on 192.168.1.1 on Ethernet 0: eth 0 ipaddr 192.168.1.1 To set an IP address of 172.16.0.1 on Ethernet 1: eth 1 ipaddr 172.16.0.
The “ATV0” command can be used to select numeric codes if required. The results from the text based commands can be numeric or verbose. A full list of the Result codes is provided in the following table: Numeric code Verbose code Meaning 0 OK Command line executed correctly 1 CONNECT ISDN connection established 2 RING Incoming ring signal detected 3 NO CARRIER X.
Digi application commands (referred to just as text commands or CLI commands throughout the remainder of this guide), can be entered in upper or lower case but unlike “AT” commands, only one command may be entered on a line. After each successful command, the “OK” result code will be issued. An invalid command will cause the “ERROR” result code to be issued.
The Reboot Command The reboot command is used to reboot the unit after altering the configuration. It has three modes of operation: reboot - will reboot the unit after any FLASH write operations have been completed.
Configuring your TransPort router This section describes the various configuration parameters for the unit and how to set or change them using the built-in web pages or the text commands. Configuration using the Web pages is achieved by entering the required values into text boxes or tables on the page, or by turning features on or off using checkboxes. The same results can be achieved entering the appropriate text commands via one of the serial ports.
Correct entry of the username and password will display the main operations page similar to that shown below. Clicking on the Click to load Applet graphics! button will display a representation of the front panel of your unit that will be updated every few seconds to show the actual status of the LED indicators. The model number of your unit will be shown at the top of the screen. The unit’s serial number and ID are shown below the front panel representation.
Note: The signal strength is shown in “negative dB”, which means that the stronger the signal, the lower the number. As a guide -51dB would be a very strong signal, only normally obtained very close to a cell site. -115dB represents no signal. If your unit reports -115dB try reorienting the antenna or consider adding an external antenna.
LEDs lit Signal Strength None Under -113 dBm (effectively no signal) 1 -112 dBm to -87 dBm (weak signal) 2 -86 dBm to -71 dBm (medium strength signal) 3 -70 dBm to -51 dBm (strong signal) The minimum recommended strength indication is 2 LEDs. If you have no or 1 LEDs lit, it is recommended that you fit an external antenna to the unit.
Wizards This page contains wizards that simplify common configuration tasks. These wizards will change the minimum number of parameters to complete the required configuration task. However, due to the generic nature of the wizards they may not be suitable for all circumstances. Quick Start Wizard The Quick Start Wizard will display the options required for basic configuration of the Eth 0, WLAN and WWAN interfaces.
Configuration – Network > Interfaces > Ethernet Underneath the Ethernet sub menus, there are configuration parameters for: Physical Ethernet interfaces Logical Ethernet interfaces MAC address filtering MAC address bridging between routers Spanning Tree Protocol (RSTP) VLANs The Configuration - Network > Interfaces > Ethernet folder opens to list configuration pages for each of the available Ethernet instances on the unit.
Use the following IP address Selecting this option enables manual configuration of the IP addressing parameters IP Address This parameter specifies the IP address of this Ethernet port on your LAN. Mask This parameter specifies the subnet mask of the IP subnet to which the unit is attached via this Ethernet port. Typically, this would be 255.255.255.0 for a Class C network. Gateway This parameter specifies the IP address of a gateway to be used by the unit.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter eth n descr Free text field Description eth n ipaddr Valid IP address IP Address eth n mask Valid Subnet Mask Mask eth n gateway IP address Gateway eth n dnsserver IP address DNS Server eth n secdns IP address Secondary DNS Server on, off On = Get an IP address automatically using DHCP eth n dhcpcli Off = Use the following IP address Configuration - Interfaces > Ethernet > ETH n > Advanced
Ethernet Hub group On units with a built-in hub/switch, the Ethernet Hub Group parameter for each port is normally set to 0. This means that all ports “belong” to the same hub. If required however, the Hub Group parameter may be used to isolate specific ports to create separate hubs.
Max Tx rate On models with multiple Ethernet interfaces, this parameter may be used to specify a maximum data rate in kbps that the unit will transmit on this interface. This may be useful in applications where separate Ethernet interfaces are allocated to separate LANs and it is necessary to prioritize traffic from one LAN over another. TCP transmit buffer size When set to a non-zero value, this parameter sets the TCP buffer size of transmitted packets in bytes.
IP address and Port This mode behaves like NAT but in addition to changing the source IP of the packet from the private host it can also change the source port number. This is required if more than one private host attempts to connect using the same local port number to the same Internet host on the same remote port number. If such a scenario were to occur with NAT the router would be unable to determine which private host to route the returning packets to and the connection would fail.
Multihome additional consecutive addresses This parameter defines how many additional (consecutive) addresses the ethernet driver will “own”. For example, if the IP address of the interface was 10.3.20.40, and Multihome additional consecutive addresses was set to 3, the IP addresses 10.3.20.41, 10.3.20.42 and 10.3.20.43 would also belong to the Ethernet interface. Enable IGMP on this interface This parameter is used to enable or disable the Internet Group Management Protocol for this Ethernet interface.
Send n byte pings to IP host a.b.c.d every h hrs m mins s seconds Where: n specifies the payload size of a ping packet when used with the auto ping feature. Leaving this parameter blank will use the default value. a.b.c.d specifies the destination IP address for auto-ping ICMP echo request. h, m & s specifies how often the router will transmit “Auto-ping” packets to the specified destination in (h) Hours, (m) Minutes and (s) Seconds. Switch to sending pings to IP host a.b.c.d after n failures Where: a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter eth n tcptxbuf value in bytes TCP transmit buffer size eth n linkdeact 0 - 86400 Take this interface out of service after n seconds when the link is lost eth n do_nat 0,1,2 Enable NAT on this interface 0 = Disabled 1 = IP address 2 = IP address and Port eth n ipsec 0,1 Enable IPsec on this interface eth n ipsecent blank,ETH,PPP Use interface x,y for the source IP address of IPsec packets x = Interface type eth n ipseca
Entity Instance Parameter Values Equivalent Web Parameter Heartbeat message eth n hbgps 0,1 Include GPS information in the Heartbeat message eth n pingsiz value in bytes Send n byte pings to IP host a.b.c.d every h hrs m mins s seconds eth n pingip IP address Send n byte pings to IP host a.b.c.d every h hrs m mins s seconds eth n pingint 0 - 86400 Send n byte pings to IP host a.b.c.d every h hrs m mins s seconds This CLI value is entered in seconds only.
Priority This column contains drop-down menu boxes which are used to assign a priority to the selected queue. The priorities available are: “Very High”, “High”, “Medium”, “Low”, and “Very Low”.
Configuration - Interfaces > Ethernet > ETH n > VRRP VRRP (Virtual Router Redundancy Protocol) allows multiple physical routers to appear as a single gateway for IP communications in order to provide back-up WAN communications in the event that the primary router in the group fails in some way. It works by allowing multiple routers to monitor data on the same IP address. One router is designated as the “Master” of the address and under normal circumstances it will route data as usual.
The routing code is used to determine which interface should be used. This allows the unit to test other interfaces and adjust the VRRP priority according to the status of that interface. For example, the user may wish to configure probing in such a way that the Digi router WAN interface is tested, and adjust the VRRP priority down if the WAN is not operational.
Entity Instance Parameter Values Equivalent Web Parameter eth n vprobebackint 0 - 32767 every n seconds when in Backup state eth n vprobemastint 0 - 32767 every n seconds when in Master state eth n vprobeadj 0 - 255 Adjust priority n dir after x probe failures eth n vprobeadjup eth n vprobefailcnt 0 – 255 Adjust priority n dir after x probe failures eth n vprobesuccesscnt 0 - 255 Reset probe failure count after n probe successes eth n vprobeent Auto, ETH, PPP Use interfa
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter eth n macfilt on, off Enable MAC filtering on Ethernet interfaces macfilt n mac MAC address with no separators. Partial MAC address are allowed. MAC Address Configuration - Interfaces > Ethernet > ETH n > MAC Bridging The Ethernet MAC bridge function will create an Ethernet bridge between two physically separate Ethernet networks.
Port The TCP port that the remote router is listening on. Listen on Port The TCP port that the router will listen on for incoming bridged packet from the remote router. MAC Address The Ethernet destination MAC address of packets to be bridged. It is possible to allow a range of MAC addresses by configuring only the significant part of the MAC address. E.g. “00042d” will allow all Ethernet packets with a source MAC address starting with “00:04:2d”.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter stp 0 enable on, off Enable RSTP stp 0 prio 0 – 65535 Priority stp 0 group - Group stp 0 debug 0, 1 Not available on the WEB interface. Port status To view the status of RSTP/STP on a router’s Ethernet ports, the following commands can be used.
locking A port that would cause a switching loop, no user data is sent or received but it may go into forwarding mode if the other links in use were to fail and the spanning tree algorithm determines the port may transition to the forwarding state. BPDU data is still received in blocking state. The RSTP port states are Learning The port does not yet forward frames but it does learn source addresses from frames received and adds them to the MAC address table. The port processes BPDU’s.
Source Mask The source IP subnet mask. This parameter is optional. If configured, only packets from this IP subnet mask will have VLAN tagging applied.
Configuration - Network > Interfaces > Wi-Fi This is the section of the web interface that contains the configuration options required in order to configure and enable the Wi-Fi features. Configuration - Network > Interfaces > Wi-Fi > Global Wi-Fi settings Due to national restrictions on the channels available for use, the correct country should be selected from the drop down list to restrict the channels that are legal to use by the router.
Brunei Japan Singapore Bulgaria Jordan Slovak Republic Canada Kazakhstan Slovenia Chile Kenya South Africa China North Korea Spain Colombia South Korea Sweden Costa Rica Kuwait Switzerland Croatia Latvia Syria Cyprus Lebanon Taiwan Czech Republic Libya Thailand Denmark Liechtenstein Trinidad and Tobago Dominican Republic Lithuania Tunisia Ecuador Luxembourg Turkey Egypt Macau U.A.E.
Configuration - Network > Interfaces > Wi-Fi > Global Wi-Fi settings > WiFi Hotspot This section enables the configuration of the global parameters that are applicable if using any Wi-Fi node as a hotspot. Enable Wi-Fi Hotspot on Click the checkbox to enable Wi-Fi Hotspot support on a particular Wi-Fi node. Splashscreen filename This selects an ASP web file that will be presented to the client’s internet browser when they connect for the first time.
MAC Address MAC addresses of Wi-Fi client that you wish to allow access to. A valid MAC address has the format: 11:22:33:44:55:66. When entering this parameter, omit the ‘:’ separators. For example 112233445566 NOTE: Carefully review settings before applying changes. Incorrect settings can make the TransPort device inaccessible from the Wi-Fi network.
When the Wi-Fi interface is configured to be an Access Point, in order to forward packets to and from the Wi-Fi interface it must be bridged with an Ethernet interface using a Bridge instance. Interface The interfaces that are currently members of the selected Bridge instance. Note that multiple Wi-Fi interfaces can be members of the same Bridge instance.
If using multiple Wi-Fi interfaces at the same time then the interfaces will need to use the same security settings (except for the pre-shared key (PSK)). The only alternative is that the Wi-Fi is be used with no security. Use the following security on this Wi-Fi interface Selects the security that is used on this Wi-Fi interface.
The password of the RADIUS server. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter none wep wifinode 0 security wpapsk wpa2psk Use the following security on this Wi-Fi interface wparadius wpa2radius wifinode 0 weptype open, sharedkey Not available on the WEB.
The table below details the authentication and encryption algorithms and the CLI commands needed to configure them. Network Data Encryption CLI Commands Authentication Open Disabled wifinode 0 security none Shared Disabled Not supported wifinode 0 security wep wifinode 0 weptype open Open wifinode 0 wepkeylen <64 | 128> WEP wifinode 0 wepkeyindex <1..
Network Authentication Data Encryption CLI Commands wifinode 0 sharedkey <8..63 char key> wifinode 0 security wpa2psk WPA2-PSK wifinode 0 wpatype aes AES wifinode 0 sharedkey <8..
Configuration - Network > Interfaces > Wi-Fi > Rogue Scan In Rogue Scan mode, the router will perform a scan of the Wi-Fi channels and will report what Wi-Fi Access Points it detects. This feature can be used to detect unauthorised Access Points that might be trying to get unsuspecting Wi-Fi clients to connect them. When an authorised Access Point is detected, an event log entry is created and an alarm (e.g. email, SMS, SNMP Trap) can be triggered.
Configuration – Network > Interfaces > Mobile Wireless WAN functionality is only available on models that are fitted with a wireless WAN module ,such as CDMA, GPRS, 3G, HSPA etc. This module is connected to one of the ASY ports (and USB controller on some models) and is controlled by the router using “AT” commands (in the same way as a modem). Any further references to W-WAN technologies such as CDMA, GPRS, 3G etc. will be referred to as GPRS, GSM, 3G or simply ‘wireless’ networks.
e.g. “your.apn” This parameter may be used to specify an alternative service APN for use in the event that the unit cannot connect using the primary APN specified by the APN parameter. The unit will only use this APN if the primary APN fails and the Use backup APN parameter is enabled. Retry the main APN after n minutes If the Use backup APN parameter is enabled, this parameter is used to define how long the unit will use the backup APN before attempting to revert to the primary APN.
Configuration – Network > Interfaces > Mobile > Mobile Settings > Mobile Connection Settings Re-establish connection when no data is received for a period of time. This checkbox opens to show the following parameters:Inactivity Timeout: h hrs m mins s seconds This parameter specifies the amount of time the unit will wait without receiving any PPP packets before disconnecting. An inactivity timeout reset with each received PPP packet.
Note: If the firewall is enabled on an interface and with the absence of any firewall rules, the default action is to block ALL traffic.
MSL: Master subsidy lock (MSL) code. Obtain this from the mobile operator. PTN: Personal Telephone Number. Obtain this from the mobile operator. MSID: Mobile Station Identifier. Obtain this from the mobile operator.
AAA shared secret: 0xn (Hex strings must start 0x) Enter the AAA shared secret HA SPI: Enter the HA SPI AAA SPI: Enter the AAA SPI Enable Reverse tunnelling: Enable Reverse tunnelling if required.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter provision 0 string1 Free text field MSL provision 0 string20 Free text field PRL Filename Configuration – Network > Interfaces > Mobile > Advanced SIM PUK: (Optional) If known, the SIM PUK code can be entered in these fields. If the router detects that a PUK is required due to a locked SIM, this number will be sent to the SIM. A SIM PIN must also be configured for the PUK parameter to take effect.
Reset the module after n unsuccessful connection attempts The router will normally make multiple attempts to connect to the wireless network in the event that the signal is lost. In some cases, this can result in a “lock-up” situation where the wireless network is unable to attach the wireless device due to the multiple attempts. This parameter specifies the number of attempts at connection that the unit should make before power cycling the internal wireless module.
Entity Instance Parameter Values Equivalent Web Parameter attachment attempts modemcc 0 link_retries 0 - 2147483647 Reset the module after n unsuccessful connection attempts modemcc 0 stat_retries 0 - 2147483647 Reset the module after n unsuccessful status retrieval attempts modemcc 0 ss_interval 0 - 2147483647 Create a signal strength event every n minutes If registration is lost for 5 minutes 0 = do not reset the module modemcc 0 check_reg 0,1,2 1 = reset the module if the GSM regi
Entity Instance Parameter Values Equivalent Web Parameter every n minutes If registration is lost for 5 minutes 0 = do not reset the module modemcc 0 check_reg_2 0,1,2 1 = reset the module if the GSM registration is lost 2 = reset the module if the GPRS registration is lost Preferred System modemcc 0 Psys_ 0,1,2 0 = Auto 1 = GSM 2 = WCDMA Configuration – Network > Interfaces > Mobile > Advanced > Mobile Network Settings Metric: This parameter specifies the connected metric of the mobile inter
Send n byte pings to IP host a.b.c.d every h hrs m mins s secs If this parameter is set, the router will automatically generate a “ping” of n size to the IP host specified (IP address or hostname) at the interval specified. Deleting the IP host value disables the monitoring ping facility. This parameter in conjunction with “Reset the link if no response is received within s seconds” can be used to configure the unit to use a back-up interface automatically should there be a problem with this interface.
Use the ETH 0 IP address as the source IP address Enabling this parameter causes the unit to use the IP address of ETH0 (instead of the current IP address of the mobile interface), as the source address for the auto PING packets. Note: This parameter is useful if you want to send the monitoring pings down a VPN tunnel where the source IP address needs to match the LAN. Defer sending pings if IP traffic is being received When enabled, the timer configured in the “Send n byte pings to IP host a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter ppp 1 pingip2 IP address Switch to sending pings to IP host a.b.c.d after n failures ppp 1 ip2count number Switch to sending pings to IP host a.b.c.
Use this SMS message centre number n instead of the network default This setting is not usually required. It is the number of the SMS message center (sometimes referred to as the Service Centre Address), to be used to relay SMS messages or alarms. This number must include the international dialling code, e.g. 44 for the UK, but not the “+” prefix or leading 0’s, e.g. 44802000332. SMS alarms are generated when the SMS trigger priority is greater than 0 and an event of this priority or higher occurs.
Entity Instance Parameter Values 5 = HighLow 6 = HighMedium 7 = CheckPar modemcc 0 sms_cmd_sep Free text field modemcc 0 sms_callerid Mobile telephone number modemcc 0 sms_callerid_1 to 9 Mobile telephone number Equivalent Web Parameter Use as a command separator (default is CR) Allow CLI commands from the following SMS numbers. (First SMS number) Allow CLI commands from the following SMS numbers.
Configuration – Network > Interfaces > DSL Router models incorporating a DSL broadband interface will include a configuration page having the title shown above. By default, the configuration in this section will be suitable for the majority of ADSL service providers in the UK. However, advanced users or users outside of the U.K. may wish or need to adjust some of the parameters. Enable DSL This checkbox gives the facility to enable or disable the use of DSL/ADSL functionality on the router.
Entity Instance apvc apvc Parameter Values Equivalent Web Parameter 0 0-255 VPI 0 0-65535 VCI Configuration – Network > Interfaces > DSL > DSL Network Settings This DSL PVC is using PPP 1 The default interface for DSL is PPP 1 Description Enter a description for the DSL if required Username Enter ADSL Username Password Enter the password for the DSL account Confirm password Enter the password for the DSL account Enable NAT on this interface This parameter is used to select whether IP Network Add
This mode behaves like NAT but in addition to changing the source IP of the packet from the private host it can also change the source port number. This is required if more than one private host attempts to connect using the same local port number to the same Internet host on the same remote port number. If such a scenario were to occur with NAT the router would be unable to determine which private host to route the returning packets to and the connection would fail.
This parameter is used to set the maximum amount of data that may be transferred before the unit will “lock” the interface and prevent further transfer. As with the Issue a warning event after parameter it is used on networks where the tariff is based on the amount of data transferred to help prevent excess charges being incurred. You have the option to select Kbytes, Mbytes or GBytes via the drop-down box.
Each ATM PVC may now be configured with a service category: UBR (unspecified bit rate, the default) VBR-nrt (variable bit rate, non-real-time) VBR-rt (variable bit rate, real-time) CBR (constant bit rate) Additional traffic parameters may be specified: PCR (peak cell rate in cells/sec) SCR (sustained cell rate in cells/sec) MBS (maximum burst size in cells) The four service categories are characterised by the various traffic parameters as follows: UBR: PCR, which may be zero for no limit VBR-nrt: PCR, SCR,
Configuration – Network > Interfaces > DSL > Advanced Operational mode This parameter is used to specify the connection mode for the DSL link. The following options are available (default is Multi mode). Values Equivalent Web Parameter Multi-mode For Annex A models (i.e. PSTN / POTS) this option provides automatic selection between G.dmt, G.lite and ANSI (in the order listed). For Annex B models (i.e. ISDN) this option provides automatic selection between G.
Configuration - Network > Interfaces > GRE Generic Routing Encapsulation (GRE) is a means of transporting IP packets from one device to another through an unencrypted point-to-point IP tunnel. Multiple tunnels may be configured to multiple devices. Below the GRE Interfaces sub menu you will find the individual tunnel configuration. When configured, a GRE tunnel will be created between 2 devices.
Send a keepalive every s seconds When configured to a non-zero value, keepalive packets will be sent to the remote end of the tunnel and the response is monitored to detect if the tunnel is up or down. If the tunnel is detected as down, the routing table metric will be altered. Value is configured in seconds. If this value is set to zero then keepalives will not be used.
MTU: Maximum Transmission Unit. The value entered here will be the greatest amount of data that can be transferred in one physical packet. Default value is 1400 Tunnel Key: Normally used with multi GRE (mGRE), the tunnel key adds an extra field to the GRE header where a key number can be applied. When used, incoming GRE packets must have a matching tunnel key number to be accepted by this tunnel. When the Tunnel key parameter is used the IP address parameter is not required.
Please note that under the CLI commands for GRE Tunnels you will find parameters specifically relating to RIP. Please see the Configuration – Network > IP Routing / Forwarding > RIP > Interfaces > Ethernet / PPP / GRE section on RIP routing for configuration of these sub parameters.
Configuration - Network > Interfaces > ISDN > ISDN Answering This page allows you to configure the ISDN interface to receive incoming calls. Button:- Load answering defaults Clicking this button resets the default answering PPP interface (PPP 0) to the factory answering defaults. Description: This parameter allows you to enter a name for this PPP instance, to make it easier to identify it.
Mask: This specifies the IP netmask for the Remote network. This can be used to create a dynamic route to the remote network whenever the ISDN interface is active. Primary DNS server: The answering ISDN interface would normally supply its own PPP IP address to the peer for DNS requests. This allows you to specify an alternative DNS IP address. Secondary DNS server: This parameter can supply a secondary DNS server IP address to the peer for DNS requests if required.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ppp 0 name Free text field Description: ppp 0 cingnb number ending with ppp 0 msn number with ISDN MSN ending with ppp 0 sub number with ISDN sub-address ending with ppp 0 ipaddr IP address Local IP Address: ppp 0 mask Network mask Mask: ppp 0 ipmin IP address Assign remote IP addresses from a.b.c.d to a.b.c.d ppp 0 iprange 1 - 255 Assign remote IP addresses from a.b.c.d to a.b.c.
Configuration - Network > Interfaces > ISDN > ISDN Answering > Advanced These are the advanced settings for the ISDN interface. Metric: This parameter specifies the connected metric of the mobile interface. The default metric of a connected interface is 1. By allowing the interface to have a higher value (lower priority), static routes can take preference to interfaces. For normal operation, leave this value unchanged.
if it has been up for n minutes in a day This parameter specifies the maximum time that this ISDN interface may remain connected during any one day. After this time, the ISDN link is deactivated. If the link has been idle for n seconds The ISDN interface will close the connection if the link is inactive for the length of time specified by this parameter.
Stop data from being transmitted after n units The value in this text box specifies the total amount of data that may be transmitted by this PPP instance before the link is blocked for further traffic, and the value in the dropdown list specifies the units which are; KBytes, MBytes, GBytes. Reset the data limit on the n day of the month The value in this text box defined the day of the month on which the data limit is reset to zero.
Entity Instance Parameter Values Equivalent Web Parameter interface has been up for m mins ppp n dlwarnkb 0 – 2147483647 Issue a warning after n units ppp n dlstopkb 0 – 2147483647 Stop data from being transmitted after n units ppp n dlrstday 0 – 255 Reset the data limit on the n day of the month Configuration – Network > Interfaces > ISDN Dialling This section of the web interface appears when the router is fitted with an optional internal ISDN MODEM card.
Try to negotiate a.b.c.d as the local IP address for this router If it would be useful, but not essential, to have a predefined IP address for the interface, the second radio button should be selected and the desired IP address entered into the text box to the right. Use a.b.c.d as the local IP address for this router If it is essential that the PPP interface has a specific IP address, this radio button should be selected and the IP address entered into the text box.
Enable IPsec on this interface When checked, this checkbox will cause the router to encrypt traffic on this interface using the IPsec protocol. The following two additional configuration parameters are revealed when this box is checked. Keep Security Associations (SAs) when this ISDN interface is disconnected When checked, this checkbox causes the router to maintain (i.e. not flush) the SA when the interface becomes disconnected.
Entity Instance Parameter Values Equivalent Web Parameter ppp n secDNS Valid IP address a.b.c.d Use the following DNS servers if not negotiated Secondary DNS server a.b.c.d ppp n IPmin Valid IP address a.b.c.d Assign remote IP addresses from a.b.c.d to a.b.c.d ppp n IPrange 0 - 255 Assign remote IP addresses from a.b.c.d to a.b.c.d ppp n transDNS Valid IP address a.b.c.d Primary DNS server a.b.c.d ppp n sectransDNS Valid IP address a.b.c.d Secondary DNS server a.b.c.
Put this interface “Out of Service” when an always-on connection attempt fails Normally, always-on interfaces will not go out of service unless they have connected at least once. When checked, this checkbox causes the router to put the interface out of service even if the first connection attempt fails.
If the negotiation is not complete in s seconds The value in this textbox specifies the maximum time (in seconds) allowed for the PPP negotiation to complete. If negotiations have not completed within this period, the interface is deactivated. Generate an event after this interface has been up for m minutes The value in this text box specifies the number of minutes (if any) after which the router should create an event in the event log that states that the interface has been active for this period.
Entity Instance Parameter Values Equivalent Web Parameter ppp n tband 0-4 Control when this interface can connect using Time Band n ppp n minup 0 – 2147483647 Keep this interface up for at least s seconds ppp n maxup 0 – 2147483647 Close this interface after s seconds ppp n maxuptime 0 – 2147483647 if it has been up for m minutes in a day ppp n timeout 0 – 2147483648 if the link has been idle for s seconds ppp n timeout2 0 – 2147483648 Alternative idle timer for static rout
Configuration - Network > Interfaces > ISDN > LAPD > LAPD n This page allows you to configure the ISDN LAPD interfaces. Link Access Protocol D (LAPD) is the protocol used for ISDN D-channel signalling and call setup. LAPD 0 and LAPD 1 can be used as required for SAPI 16 traffic (i.e. X.25 over D-channel). LAPD 2 is normally reserved for ISDN call control. Enable LAPD n Un-checking this parameter will disable the LAPD instance.
Note: Note that if multiple PAD or IP instances are sharing this LAPD instance, the maximum transmission rates of all instances will be limited. Rx Throughput The Rx Throughput parameter is used in conjunction with the Tx Throughput parameter to limit the maximum data throughput on a LAPD link in bits per second. If this parameter is set to 0, the unit will transmit data across the LADP link as fast as possible whilst observing hardware or software flow control if enabled.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter LAPD n enabled off, on Enable LAPD n LAPD n dtemode off, on Mode LAPD n n400 1 - 255 N400 Counter LAPD n tnoact 1000 - 60000 RR Timer n msecs LAPD n t1time 1 - 60000 T1 Timer n msecs LAPD n t200 1 – 60000 T200 Timer n msecs LAPD n tei 0 - 255 TEI LAPD n window 1-7 D-channel X.
Dial out using numbers These four text boxes contain the telephone numbers that should be used, in sequence, to make an outgoing connection. Prefix n to the dial out number The value in this text box specifies the dialling prefix to use, if needed. This may be necessary when using a PABX. Username The text string text box is the username that should be used when using the PPP instance to connect to the remote peer. This will normally be provided by an ISP for use with a dial-in Internet access service.
Use the following DNS servers if not negotiated Primary DNS server The value in this text box is the IP address of the primary DNS server to use if a DNS server is not assigned as part of the PPP negotiation and connection process. It is fairly common practice for the DNS server to be assigned automatically by the ISP when making a connection. Secondary DNS server The value in this text box specifies the IP address of the secondary DNS server to use if one is not automatically assigned by the remote peer.
Use interface x,y for the source IP address of IPsec packets If it is required to use another interface (i.e. not the interface currently being configured) as the source address for IPsec packets, this may be achieved by selecting the desired interface from the drop-down list and typing the desired interface instance number into the adjacent text box. Enable the firewall on this interface When checked, this checkbox applies the firewall rules to traffic using this interface.
Entity Instance Parameter Values Equivalent Web Parameter ppp n transDNS Valid IP address a.b.c.d Primary DNS server a.b.c.d ppp n sectransDNS Valid IP address a.b.c.d Secondary DNS server a.b.c.
Attempt to re-connect after s seconds The parameter in this text box specifies the length of time in seconds that the router should wait after an “always-on” PPP connection has been terminated before trying to re-establish the link. If an inhibited PPP interface is connected, attempt to re-connect after s seconds The value in this text box takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected.
Generate an event after this interface has been up for m minutes The value in this text box specifies the number of minutes (if any) after which the router should create an event in the event log that states that the interface has been active for this period.
Entity Instance Parameter Values ppp n maxup 0 – 2147483647 Close this interface after s seconds ppp n maxuptime 0 – 2147483647 if it has been up for m minutes in a day ppp n timeout 0 – 2147483648 if the link has been idle for s seconds ppp n timeout2 0 – 2147483648 Alternative idle timer for static routes s seconds ppp n rxtimeout 0 – 2147483648 if the link has not received any packets for s seconds ppp n maxneg 0 – 2147483648 if the negotiation is not complete in s second
Configuration – Network > Interfaces > DialServ The Dialserv option module mimics a telephone exchange in that it supplies the required voltages on the line, generates a RING signal and has off-hook detection circuitry. It can be used to provide similar functionality to dialling into an ISP using an analogue MODEM. The card also contains an analogue MODEM to handle data on the line.
Confirm Password Type the password into this text box to enable the router to confirm that the password has been entered identically in both boxes. Allow the remote device to assign a local IP address to this router When this radio button is selected, the remote peer will assign this PPP interface an IP address. Try to negotiate a.b.c.
Enable NAT on this interface When checked, this checkbox will enable Network Address Translation to operate on this interface. This is the same as for other PPP interfaces. IP address/IP address and Port These radio buttons select whether IP address translation only should be applied or whether port number translation should also be applied to IP packets. Enable IPsec on this interface When checked, this checkbox will cause the router to encrypt traffic on this interface using the IPsec protocol.
Entity Instance Parameter Values use of specified IP address Equivalent Web Parameter ppp n DNSserver Valid IP address a.b.c.d Primary DNS server ppp n secDNS Valid IP address a.b.c.d Secondary DNS server ppp n IPmin Valid IP address a.b.c.d Assign remote IP addresses from a.b.c.d to a.b.c.d ppp n IPrange 0 - 255 Assign remote IP addresses from a.b.c.d to a.b.c.d ppp n transDNS Valid IP address a.b.c.d Primary DNS server a.b.c.d ppp n sectransDNS Valid IP address a.b.c.
Attempt to re-connect after s seconds The parameter in this text box specifies the length of time in seconds that the router should wait after an “always-on” PPP connection has been terminated before trying to re-establish the link. If an inhibited PPP interface is connected, attempt to re-connect after s seconds The value in this textbox takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected.
Generate an event after this interface has been up for m minutes The value in this text box specifies the number of minutes (if any) after which the router should create an event in the event log that states that the interface has been active for this period.
Entity Instance Parameter Values ppp n maxup 0 – 2147483648 Close this interface after s seconds ppp n maxuptime 0 – 2147483647 if it has been up for m minutes in a day ppp n timeout 0 – 2147483648 if the link has been idle for s seconds ppp n timeout2 0 – 2147483648 Alternative idle timer for static routes s seconds ppp n rxtimeout 0 – 2147483648 if the link has not received any packets for s seconds ppp n maxneg 0 – 2147483648 if the negotiation is not complete in s second
Configuration – Network > Interfaces > Serial Digi routers support a variety of serial interfaces, either inbuilt or as optional add-on modules. Each asynchronous serial (ASY) port may be configured to operate at different speed, data format etc. These parameters may be changed using the web interface or from the command line using AT commands and S registers. The Configuration – Network > Interfaces > Serial menu item opens out when clicked, to show the list of supported serial interfaces.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter asy n/a descr Free text – description of interface Description Where n = 3 = 115200 4 = 57600 5 = 38400 6 = 19200 7 = 9600 8 = 4800 S31=n n/a n/a S23=n n/a n/a Baud rate Data Bits / Parity &Kn n/a n/a Where n = 0 = None 1 = Hardware 2 = Software 3 = Both &En n/a n/a Where n = 0 = No echo 1 = echo Enable echo on this interface &Vn n/a n/a Where n = 0 = numeric 1 = verbose CLI result codes Flow Cont
DTR Control This drop-down selection box controls how the router responds to the DTR signal. The available options are; None, Drop call, Drop line and call, Drop call on transition or Drop line & call on transition. Selecting “None” configures the router to ignore the DTR signal (this is equivalent to “AT&D0”).
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter S0=n n/a n/a Where n = 0 - 255 Answer V.
Configuration – Network > Interfaces > Serial > Serial Port n > Profiles Each serial port can have two profiles which can be configured differently. Which profile is in force when the router powers-up is selected here. Power-up profile n Select “0” from the drop-down selection box to choose profile 0 to be active when the router powers-up. Select “1” from the selection box to make profile 1 the active profile. Load Profile n Select “0” from the drop-down selection box and click the button to load profile 0.
Configuration – Network > Interfaces > Serial > Sync The most common form of serial communications these days is asynchronous. Synchronous serial communications links are still in use and the Digi routers can support these. HDLC is a synchronous protocol that is still in use and can be used with Digi routers. This section describes how to configure the synchronous communications interfaces.
Configuration – Network > Interfaces > Serial > Rate Adaption The router supports two rate adaptation protocol (Adapt) instances. Each instance enables the selection and configuration of the protocol to be used for rate adaptation over an ISDN B channel. The supported protocols are; V.110, V.120 and X.75. Depending on which protocol is selected, there may be an associated LAPB instance (distinct from the two general purpose LAPB instances), as for example, when V.
Entity Instance Parameter adapt 0,1 lip_port Values number Equivalent Web Parameter Port n valid TCP port number Listen on Port n Configuration – Network > Interfaces > Serial > Command Mappings The router supports a number of command “aliases” which specify strings to be substituted for commands entered at the command line. The table on this page contains two text entry boxes and an “Add” button. Up to 23 command mappings may be specified. An example may make this clear.
By default, if no specific protocol has been bound to a serial interface, a PPP instance will automatically be associated with that port. This means that PPP is treated as the default protocol associated with the serial ports. Protocol Select the desired protocol from this drop-down list. Bound to Select the desired serial port from this drop-down list. Add Click this button to add the binding.
Configuration – Network > Serial > TRANSIP Serial Ports TransIP is a way of using virtual serial ports for serial connections over an IP socket, in effect multiplying the number of concurrent serial connections to a router. TransIP can be configured to actively connect on a TCP socket (i.e. make outgoing connections). Configuration – Network > Serial > TRANSIP Serial Ports > TRANSIP n The message at the top of this page states which serial interface is being used for the TransIP connection.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter transip n port Valid port number 0 – 65535 Listen on port transip n host Valid IP address a.b.c.d or hostname Connect to IPaddress a.b.c.
Configuration – Network > Serial > RealPort Digi devices use the patented RealPort COM/TTY port redirection for Microsoft Windows. RealPort software provides a virtual connection to serial devices, no matter where they reside on the network. The software is installed directly on the host PC and allows applications to talk to devices across a network as though the devices were directly attached to the host. Actually, the devices are connected to a Digi device somewhere on the network.
This configures the interval in seconds between device initiated connection attempts. Send TCP Keep-Alives every s seconds This configures the interval at which TCP Keep-Alives are sent over the RealPort connection. A value of 0 means that Keep-Alives are not sent. Send RealPort Keep-Alives every s seconds This configures the interval at which RealPort Keep-Alives are sent over the RealPort connection. A value of 0 means that Keep-Alives are not sent.
Configuration - Network > Interfaces > Advanced Point-to-Point Protocol (PPP) is a standard protocol for transporting data from point to multipoint networks (such as IP) across point-to-point links (such as a serial or ISDN connection). This functionality is essential for dial-up Internet access. As data is transferred across IP networks in synchronous format, the router supports asynchronous to synchronous PPP conversion.
Configuration – Network > Interfaces > Advanced > PPP n > Multilink PPP As mentioned above, the routers may support multilink PPP – this section describes the configuration of MLPP functionality. The PPP interface must be configured with “Always On” mode enabled and an AODI NUA. Desired local ACCM c The value in this textbox defines the Asynchronous Control Character Map (ACCM). The default value of 0x00000000 should work in most cases. Changing this value is for advanced users only.
When the data rate is less than n bytes/sec for s seconds When this radio button is selected, the above two text boxes are enabled. The value in the left-hand one specifies the data rate below which the traffic must fall before the secondary B-channel will be deactivated. The second box contains the time in seconds for which the data rate must be below threshold before the second B-channel is deactivated. Note: The following parameters are for use with “Always On Dynamic ISDN”.
Entity Instance Parameter Values Equivalent Web Parameter mlppp 0 ddown_rate 0 – 2147483648 Default 500 When data rate is less than n bytes/sec mlppp 0 ddown_delay 0 – 2147483648 Default 5 for s seconds Configuration – Network > Interfaces > Advanced > PPP n This section contains those parameters which may need to be adjusted when setting up a PPP connection but in general can be left at their default values.
The following three radio buttons control how the IP address for the router is assigned. Allow the remote device to assign a local IP address to this router When this radio button is selected, the remote peer will assign this PPP interface an IP address. Try to negotiate a.b.c.
Allow the PPP interface to answer incoming calls When checked, this checkbox will cause the PPP instance to answer an incoming call. Only allow calling numbers ending with n When set to answer calls, the value in this textbox provides a filter for ISDN subaddresses. This value is blank by default but when the PPP instance is set to answer calls, only numbers having trailing digits that match the sub-address value in this test will be answered.
Use interface x,y for the source IP address of IPsec packets If it is required to use another interface (i.e. not the interface currently being configured) as the source address for IPsec packets, this may be achieved by selecting the desired interface from the drop-down list and typing the desired interface instance number into the adjacent text box. Enable the firewall on this interface Checking this checkbox causes the router to apply the firewall settings to traffic using this interface.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ppp n name Free text field Description ppp n phonenum up to 25 digits Dial out using numbers ppp n ph2 “ “ ppp n ph3 “ “ ppp n ph4 “ “ ppp n prefix 0 – 9999999999 Prefix n to the dial out number ppp n username Valid username Username ppp n password Valid password Password ppp n epassword The encrypted password None – this parameter is not configurable ppp n IPaddr Default 0.0.
Entity Instance Parameter Values Equivalent Web Parameter ppp n sub up to 17 digits with ISDN sub-address ending with n ppp n maxup 0 – 2147483648 Close the PPP connection after s seconds ppp n maxuptime 0 – 2147483647 if it has been up for m minutes in a day ppp n timeout Default 300s (5 minutes) if it has been idle for h, m, s ppp n timeout2 0 – 2147483648 Alternative idle timer for static routes s seconds ppp n rxtimeout 0 – 2147483648 if the link has not received any pa
Detach W-WAN between connection attempts This checkbox controls whether or not the module stays attached to the network if multiple connection attempts are required to establish a connection. This functionality may be useful if the connection to the mobile telephone network is not very reliable. Connecting to the mobile telephone network to send and receive data is a two-stage process. The first stage is where the module signals its wish to join the network and is accepted by the local cell.
Attempt to re-connect after s seconds The parameter in this textbox specifies the length of time in seconds that the router should wait after an “always-on” PPP connection has been terminated before trying to reestablish the link. If a PPP interface that would be inhibited by this PPP is connected, attempt reconnection after s seconds The value in this textbox takes precedence over the previous parameter when another PPP instance that is usually inhibited by this one is connected.
Generate Heartbeats on this interface When checked, this checkbox reveals the configuration options that control how the router sends heartbeat packets. Generating a valid configuration enables the router to send heartbeat packets to the specified destination. Heartbeat packets are UDP packets that contain various items of information about the router and which may include status information that may be used to locate its current dynamic IP address.
Ping responses are expected within s seconds When the value in this text box is set to a non-zero value, the router will wait for that specified interval for a response from a ping request before applying the timeout specified in the “Send pings every ... if ping responses are not being received” setting above. If the value is set to 0 (the default) then the router applies the timeout without modification.
Reset the data limit on the n day of the month The value in this text box defined the day of the month on which the data limit is reset to zero. Reset this interface if n packets are transmitted and the connection has been up for at least s seconds The values in these text boxes control the circumstances under which the link may be reset.
Attempt to negotiate DEFLATE compression on this interface When checked, this checkbox causes the router to compress the data transferred over this link. When unchecked, compression is disabled. The effectiveness of data compression will vary with the type of data but a typical ratio achieved for a mix of data such as web pages, spreadsheets, databases, text files and (uncompressed) image files would be between 2:1 and 3:1. Using compression has the effect of increasing the effective throughput.
Entity Instance Parameter Values immediately Equivalent Web Parameter ppp n immoos ON, OFF Put this interface “Out of Service” when an always-on connection attempt fails ppp n aodi_dly 0 – 2147483647 Attempt to reconnect after s seconds ppp n aodi_dly2 0 – 2147483647 If a PPP interface that would be inhibited by this PPP is connected, attempt to reconnect after s seconds ppp n pwr_dly 0 - 2147483647 Wait s seconds after power-up before activating this interface ppp n minup 0 - 21
Entity Instance Parameter Values Equivalent Web Parameter ppp n hbgps OFF, ON Include GPS information in the Heartbeat message ppp n pingsiz 0 - 2147483648 Send n byte ping to IP host a.b.c.d every h hrs, m mins, s secs Send n byte ping to IP host a.b.c.d every h hrs, m mins, s secs ppp n pingip Valid IP address a.b.c.d ppp n pingint 0 - 2147483648 Send n byte ping to IP host a.b.c.
Entity Instance Parameter Values ppp n lscnt 0 - 2147483648 Reboot the router after n consecutive resets ppp n rebootfails 0 - 2147483648 Reboot the router after n consecutive connection failures 0 - 255 Allow this PPP interface to attempt to connect n times before allowing other PPP interfaces inhibited by this interface to connect 0 - 255 If this PPP interface gets disconnected, allow it to attempt to reconnect n times before allowing other PPP interfaces inhibited by this interface to co
Entity Instance Parameter Values Equivalent Web Parameter ppp n tcptxbuf 0 - 2147483648 TCP transmit buffer size n bytes Configuration – Network > Interfaces > Advanced > PPP n > PPP Negotiation When PPP starts up, the devices at both ends of the link negotiate the link parameters, in order to find a common subset that both devices can use.
As with PAP above, this checkbox controls whether or not the router should authenticate itself with the remote device using CHAP. The connection will fail if authentication fails. Generally, this parameter is enabled for outgoing connection and disabled for inbound connections. Request local (VJ) compression When checked, this checkbox causes the router to request the use of Van Jacobson compression which compresses TCP/IP headers to about 3 rather than the standard 40 octets.
When checked, this checkbox will allow the router to authenticate with a remote unit using version 2 of Microsoft’s MS-CHAP algorithm.
Entity Instance Parameter Values Equivalent Web Parameter ppp n r_md5 0,1 0 = Off 1 = On Allow remote unit to authenticate using CHAP-MD5 Allow this unit to authenticate using MS-CHAP ppp n l_ms1 0,1 0 = Disabled 1 = Enabled 2 = Preferred ppp n r_ms1 0,1 0 = On 1 = Off Allow remote unit to authenticate using MS-CHAP Allow this unit to authenticate using MS-CHAPv2 Allow remote unit to authenticate using MS-CHAPv2 ppp n l_ms2 0-2 0 = Disabled 1 = Enabled 2 = Preferred ppp n r_ms2 0,1
Entity Instance Parameter Values Equivalent Web Parameter qos n q0prof 0 - 11 Queue 0 Profile 0–4 0 = Very high 1 = High 2 = Medium 3 = Low 4 = Very Low Queue 0 Priority qos n q0prio qos n q1prof qos n q1prio qos n q2prof 0 - 11 Queue 2 Profile qos n q2prio 0–4 Queue 2 Priority qos n q3prof 0 - 11 Queue 3 Profile qos n q3prio 0–4 Queue 3 Priority qos n q4prof 0 - 11 Queue 4 Profile qos n q4prio 0–4 Queue 4 Priority qos n q5prof 0 - 11 Queue 5 Profile q
The value in this text box is the username that should be used when authenticating with the remote system and is usually only required for outgoing PPP calls. Password The value in this text box is the password used for authentication with the remote system. Confirm When changing the password, it should be entered into this text box also to allow the router to check for simple typing errors. Dialout Number The value in this text box is the ISDN number used to make outgoing calls.
Configuration – Network > DHCP Server Digi routers incorporate one or more Dynamic Host Configuration Protocol (DHCP) servers, one for each Ethernet port. DHCP is a standard internet protocol that allows a DHCP server to dynamically distribute IP addressing and configuration information to network clients. This section contains a web page for each of the DHCP servers. Additionally, there is a separate page for mapping MAC addresses to fixed IP addresses.
Only send offers to Wi-Fi clients When checked, this checkbox causes the router to only send DHCP offers to Wi-Fi clients. This is useful if the router is being used as an access point and there is a separate DHCP server on the Ethernet LAN. DHCP Relay Forward DHCP requests to a.b.c.d The values in these two text boxes specify the IP addresses of the two supported DHCP relay agents.
Entity Instance Parameter dhcp n fwdip2 Values a.b.c.d Equivalent Web Parameter a.b.c.d Valid IP address a.b.c.d Forward DHCP requests to a.b.c.d Configuration – Network > DHCP Server > DHCP Server for Ethernet n > Advanced Next Bootstrap Server a.b.c.d The value in this text box specifies the IP address of a secondary configuration server. This server does not have to be on the same logical subnet as the client.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dhcp n NBNS Valid IP address a.b.c.d NetBIOS Name Server a.b.c.d dhcp n NBNS2 Valid IP address a.b.c.d Secondary NetBIOS Name Server a.b.c.d dhcp n tftp Valid IP address a.b.c.d TFTP Server Address a.b.c.d dhcp n ftp Valid IP address a.b.c.d FTP Server Address a.b.c.
Configuration – Network > DHCP Server > DHCP Options The DHCP Option pages allow custom (or non-standard) DHCP options to be configured and sent to the DHCP client when requesting an IP address and other DHCP parameters. This is useful for devices such as IP telephones that use specific strings. On the web page, these (up to ten) options are configured using a table. The table contains the following fields: Option The value in this box specifies the DHCP option number.
Configuration – Network > DHCP Server > Static Lease Reservations The table on this web page controls the configuration of MAC address to IP address mappings and is used to assign a specific IP address to a particular Ethernet MAC address. This is particularly useful for mobile applications, e.g. W-WAN where a particular item of mobile equipment should be issued with the same IP address regardless of when it was last connected to the network. Up to ten MAC to IP address reservations may be specified.
Configuration – Network > Network Services The web page described here collects together a number of services that are provided by the router into one section to enable the user to quickly enable or disable these services without having to navigate to multiple sections of the menu. Detailed configuration is performed within the specific section. Enable Network Management Protocol (SNMP) Click on this checkbox to enable and disable remote management of the router using SNMP.
Enable Web Server (HTTP) Much of the configuration of the router may be performed using the web GUI as described here. However, HTTP is an insecure protocol and so for security reasons, this service may be disabled by deselecting this radio button and hence, enabling the following secure web server. If security is not such an issue, selecting this option allows the simpler and slightly more convenient web server to be used.
Configuration – Network > DNS Servers This section describes the parameters used to configure the DNS server functionality of the router. Configuration – Network > DNS Servers > DNS Server n The DNS server selection parameters give the ability to specify a DNS server based on the DNS query. For example, DNS lookups for internal servers can be directed to an internal DNS server and all other DNS requests can be sent direct to an external DNS server managed by the ISP.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dnssel n pattern *.domain.com For DNS requests matching pattern, send the request to dnssel n svr Valid IP address DNS Server a.b.c.d dnssel n secsvr Valid IP address Secondary DNS Server a.b.c.
Also send an update every h hrs, m mins, s secs The values in these text boxes specify the interval at which the unit will issue update messages to the DNS server. The DNS server should delete all previous records When checked, this checkbox causes the DNS server to delete all records of previous addresses served to the unit. DNS Server Username The value in this text box is the username that has been allocated by the Dynamic DNS service provider.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dnsupd 0 server Valid IP address a.b.c.d Send an update to DNS Server a.b.c.
Configuration – Network > Dynamic DNS The Dynamic DNS client (DynDNS) is used to update DNS hostnames with the current IP address of a particular interface. It operates in accordance with the specification supplied by dyndns.com (go to http://www.dyndns.com/developers/specs/). When the interface specified by the interface and interface instance number parameters connects, the client checks the current IP address of that interface and if it differs from that obtained from the previous connection, www.dyndns.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dyndns 0 hostname1 Up to 40 characters Host and Domain Name(s) dyndns 0 hostname2 Up to 40 characters Host and Domain Name(s) dyndns 0 hostname3 Up to 40 characters Host and Domain Name(s) dyndns 0 hostname4 Up to 40 characters Host and Domain Name(s) dyndns 0 hostname5 Up to 40 characters Host and Domain Name(s) dyndns 0 port 0 - 65535 Destination port # dyndns 0 username Up to 20 characters
Configuration – Network > Dynamic DNS > Advanced The parameters in this section do not normally need changing from their defaults. Update interval d days The value in this text box specifies the number of days between dynamic DNS updates. Supply the IP address in the update When checked (the default), this checkbox cause the router to supply the IP address as part of the dynamic DNS update.
Configuration – Network > IP Routing / Forwarding - An introduction to TransPort routing The configuration pages and command line commands that are described in this section control the routing behaviour of the router. The TransPort’s routing table can be viewed by navigating to Management - Network Status > IP Routing Table.
Routing modes The TransPort has 2 routing modes available, these are: TransPort routing mode This is the original routing method and may be seen on existing installations. CIDR routing mode Now enabled by default on new TransPort routers. The CLI command to switch between the 2 modes is: ip 0 cidr [off|on] TransPort routing mode CIDR routing is disabled When the TransPort receives an IP packet to route, the routing table is used to decide through which interface to send the packet.
Route metrics can be altered automatically according to various circumstances. This is in order to provide automatic backup connection paths. Routes and interfaces can be put out of service. Whenever an interface is out of service (oos) any route pointing at the interface will also be out of service. Whenever a route is out of service, the metric value will be set to 16 in TransPort routing mode and 17 in CIDR mode.
When an “Always On” route becomes “In Service”, wait s seconds before using it The value in this text box specifies the delay that the router should apply to a route before passing traffic on it once it has come into service.
Destination Network a.b.c.d The value in this text box is the IP address of the destination subnet, network or IP address for the route. If the router receives a packet with a destination IP address that matches the Destination Network/Mask combination it will route the packet through the interface specified below. Mask a.b.c.d The value in this text box is the network mask that is used in conjunction with the above destination network address to specify the. Gateway a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter route n ll_add 0 – 2147483647 Interface x,y route n upmetric 0 – 2147483647 Metric Configuration – Network > IP Routing / Forwarding > Static Routes > Route n > Advanced Use metric n when the interface is not active The value in this text box specifies the routing metric to use when the interface is not active.
If the interface fails to connect, try again in s seconds If an interface is requested to connect by this route (due to IP traffic being present) and it fails to connect, the route will be marked as out of service but the router will continue to attempt to connect at the interval specified by the value in this text box. If the interface does connect, the router will clear the out of service status for the route.
Entity Instance Parameter Values Equivalent Web Parameter route n inrip on,off Include this route in RIP advertisements route n doinact2 on,off Make PPP n interface use the alternative idle timeout when this route becomes available route n inact2add 0 – 2147483647 Make PPP n interface use the alternative idle timeout when this route becomes available route n pwr_dly 0 - 255 Wait for s seconds after power up before allowing this route to activate the interface route n actooslim 0
Configuration – Network > IP Routing / Forwarding > Static Routes > Default Route n The following two web pages and associated command line commands are used to set up default IP routes that will be used to route non-local IP addresses not specified in a static route. The parameters are identical to those on the static route pages with the exception that there are no IP address or Mask parameters. Description The text in this text box is used to assign a convenient and memorable description for the route.
Wait for s seconds after power up before allowing this route to activate the interface As per equivalent parameter in Routes n. If the interface is configured for “dial on demand” Mark this route as “Out Of Service” if the interface fails to connect after n consecutive attempts As per equivalent parameter in Routes n. If the interface fails to connect, try again in s seconds As per equivalent parameter in Routes n.
Entity Instance Parameter Values Equivalent Web Parameter def_route n actooslim 0 – 2147483647 Mark this route as “Out Of Service” if the interface fails to connect after n consecutive attempts def_route n chkoos_int 0 – 2147483647 If the interface fails to connect, try again in s seconds def_route n chkoos_deac t 0 – 2147483647 Deactivate the interface after it successfully connects Do not allow this interface to be activated by this route for s seconds after the last activation attempt
Send RIP advertisements every s seconds The value in this text box specifies the interval between sending RIP packets. These packets contain the current routes held by the router (e.g. any active PPP routes), static routes and the default route. A value of 0 disables sending. Mark routes as unusable if we don’t get advertisements for s seconds The value in this text box specifies the time for which an updated metric will apply when a RIP update is received.
IP Address a.b.c.d The value in this text box is the IP address to be added to the list of IP addresses that RIP packets must come from if they are to modify route metrics. Up to ten IP addresses may be added. The Add and Delete buttons work in the usual way for configuration tables. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter riprx 0-9 IPaddr Valid IP address a.b.c.d IP Address a.b.c.
Entity Instance Parameter Values Equivalent Web Parameter ripauth 0–9 smon 0 - 12 Valid from d,m,y ripauth 0–9 syear 0 – 65535 Valid from d,m,y ripauth 0–9 eday 0 - 31 Expires d,m,y ripauth 0–9 emon 0 - 12 Expires d,m,y ripauth 0-9 eyear 0 – 65535 Expires d,m,y Configuration – Network > IP Routing / Forwarding > RIP > Interfaces > Ethernet / PPP / GRE The configuration in these three sub-menus is identical.
Plain password: When set to “Plain password (V1+V2)”, the interface will use the first valid key it finds (set on the Configuration – Network > IP Routing / Forwarding > RIP > Global RIP settings > Authentication Keys > Authentication Key n pages), and use the plaintext RIP authentication method before sending the packet out. If no valid key can be found, the interface will not send any RIP packets. When receiving a RIP packet, a valid plaintext key must be present in the packet before it will be accepted.
Configuration – Network > IP Routing / Forwarding > OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed for IP networks based on the shortest path first or link-state algorithm. The router uses link-state algorithms to send routing information to all nodes in a network by calculating the shortest path to each node based on a topography of the network constructed by each node.
Use Interface IPsec source IP When checked, this checkbox will cause OSPF functions to use the source IP address of the interface specified in Configuration – Network > Interfaces > Advanced > PPP n : Use interface x,y for the source IP address of IPsec packets on the interface being used. When unchecked, OSPF will use the source IP address of the interface being used for its source address.
Configuration – Network > IP Routing / Forwarding > BGP The Border Gateway Protocol (BGP) routing protocol is supported by TransPort routers. This page contains the configuration parameters used to control the behaviour of BGP. Most of the configuration is controlled by a configuration file (raw text) named bgp.cnf. This file would normally be created in a text editor on a computer and loaded onto the router. The router contains a simple editor that can be used to modify the file.
Configuration – Network > IP Routing / Forwarding > IP Port Forwarding / Static NAT Mappings The router supports Network Address Translation (NAT) and Network Address and Port Translation (NAPT). NAT or NAPT may be enabled on a particular interface such as a PPP instance. When operating with NAT enabled, this interface has a single externally visible IP address. When sending IP packets, the local IP addresses (for example on a local area network) are replaced by the single IP address of the interface.
Configuration – Network > IP Routing / Forwarding > Multicast Routes Digi TransPort routers support multicast routes, allowing them to route packets to multicast group addresses. Up to 20 different static multicast routes may be configured. Static multicast routes must be used in conjunction with the IGMP parameter on the outbound interface.
Configuration – Network > Virtual Private Networking (VPN) > IPsec IPsec (Internet Protocol security) refers to a group of protocols and standards that may be used to protect data during transmission over the internet (which is inherently insecure). Various levels of support for IPsec can be provided on the router depending on the model. The web pages located under the Configuration – Network > Virtual Private Networking (VPN) > IPsec are used to set the various parameters and options that are available.
IP Address Use this IP address for the local LAN subnet. This is usually the IP address of the router’s Ethernet interface or that of a specific device on the local subnet (such as a PC running a client or host application). Mask Use this IP mask for the local LAN subnet. The mask sets the range of IP addresses that will be allowed to use the IPsec tunnel. Use interface x,y Use the IP address and mask of the specified interface.
Our ID type This defines how the remote peer is to process the Our ID configuration. IKE ID FQDN User FQDN The Our ID parameter is a simple key ID (e.g. vpnclient1). The Our ID parameter is a Fully Qualified Domain Name (e.g. vpnclient1.anycompany.com) The Our ID parameter is a Fully Qualified Domain Name with a user element (e.g. joe.bloggs@anycompany.com) Remote ID When Aggressive mode is On, this parameter is a string of up to 20 characters which is used to identify the remote peer.
Bring this tunnel up This controls how the IPsec tunnel is brought up. The options are • • • All the time Whenever a route to the destination is available On demand If the tunnel is down and a packet is ready to be sent Defines the action that is performed when the IPsec tunnel is down and a packet needs to be sent.
Entity Instance Parameter Values Equivalent Web Parameter eroute n remnetid String Remote Subnet ID eroute n authmeth off, preshared, rsa Use the following security on this tunnel eroute n ourid String Our ID 0 = No eroute n idisfqdn 1 = FDQN Our ID type 2 = User FQDN eroute n peerid String Remote ID eroute n privkey Filename RSA Key File eroute n espenc off, null, des, 3des, aes Use enc encryption on this tunnel eroute n enckeybits 128, 192, 256 Use enc encryptio
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IPsec Tunnels > IPsec n > Tunnel Negotiation Enable IKE tracing This will enable the router to write IKE negotiation information in the analyser trace. Negotiate a different IP address and Mask The IPsec tunnel can be configured to negotiate a different local LAN IP address and mask. The firewall can then be used to translate the source addresses of the packets to a value that lies within the negotiated range.
The compression algorithm to use with this IPsec tunnel. The options are: • • No (None) DEFLATE Delete SAs when this tunnel is down When selected, all SAs associated with the IPsec tunnel are deleted when the tunnel goes out of service. Delete SAs when router is not a VRRP master When selected, at least one Ethernet interface must be set as VRRP Master before the router can create SAs. If the router switches away from VRRP Master state, the SAs will be deleted.
IKE negotiation source IP address is taken from the This defines which IP address IKE uses as the source IP address during the negotiation. Interface Use the IP address of the interface over which the IKE packets will be transmitted. Secondary IP address Use the IP address configured in the Secondary IP address parameter on the Configuration – Network > Advanced Network Settings page. Interface x,y Use the IP address of the specified interface.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter eroute n mode tunnel, transport IPsec Mode eroute n ahauth off, md5, sha1 Use a AH authentication on this tunnel eroute n ipcompalg off, deflate Use c compression on this tunnel eroute n oosdelsa on, off Delete SAs when this tunnel is down eroute n ifvrrpmaster on, off Delete SAs when router is not a VRRP master eroute n nosaoos on, off Go out of service if automatic establishment fails eroute
Entity Instance Parameter Values Equivalent Web Parameter eroute n toslist Comma separated list of Integers IP packets with ToS values n must use this tunnel eroute n locport 0 - 65535 Only tunnel IP packets with source TCP/UDP port eroute n remport 0 - 65535 Only tunnel IP packets with destination TCP/UDP port eroute n locfirstport 0 - 65535 Only tunnel IP packets with source TCP/UDP port in the range of n1 to n2 eroute n loclastport 0 - 65535 Only tunnel IP packets with source
Host Router Remote Router 1 Peer ID: Remote* Peer ID: Host1 Our ID: Host1 Our ID: Remote01 Username: Remote* Username: Host1 Password: mysecret Password: mysecret Remote Router 2 Peer ID: Host1 Our ID: Remote02 Username: Host1 Password: mysecret Remote Router 3 195 Peer ID: Host1 Our ID: Remote03 Username: Host1 Password: mysecret
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IPsec Default Action Like a normal IP routing set-up, IPSec Tunnels have a default configuration that is applied if no specific tunnel can be found. This is useful when, for instance, you wish to have a number of remote users connect via a secure channel (perhaps to access company financial information) but also still allow general remote access to other specific servers on your network or the Internet.
Basic Concept The router with the IPsec Group/MySQL configuration will be the VPN Concentrator. The remote sites will normally not require an IPsec group configuration as they will normally only need to connect to a single peer, the VPN Concentrator. The VPN Concentrator will normally need only a single IPsec group configured. The local and remote subnet parameters need to be set up wide enough to encompass all the local and remote networks. The VPN Concentrator can act as an initiator and/or a responder.
VPN Concentrator acting as a responder to a session initiated from the remote site When a remote site needs to create an IPsec SA with the VPN Concentrator it will send an IKE request to the VPN Concentrator. The VPN Concentrator needs to be able to confirm that the remote device is authorised to create an IPsec tunnel. The remote site will supply its ID to the host during the IKE negotiations.
All other fields should be configured as usual. It is possible to set up other IPsec groups linked with other IPsec tunnels. This would be done if there is a second group of remote sites that have a different set of local and remote subnets, or perhaps different encryption requirements. The only real requirement is that this second group uses peer IDs that do not match up with those in use by the first IPsec group.
Password / Confirm Password The password to use when logging into the MySQL Server. Database name The name of the database to connect to. Database table The name of the table when the remote site information is stored. Remote subnet IP The name of the field in the table where the ‘remip’ data is stored. Remote subnet Mask The name of the field in the table where the ‘remmsk’ data is stored. Peer IP Address The name of the field in the table where the ‘peerip’ data is stored.
Entity Instance Parameter Values Equivalent Web Parameter egroup n fbakpeerip IP Address Backup Peer IP Address egroup n fpeerid String Peer ID egroup n fourid String Our ID egroup n fpwd String Password Configuration – Network > Virtual Private Networking (VPN) > IPsec > Dead Peer Detection When Dead Peer Detection (DPD) is enabled on an IPsec tunnel, the router will send an IKE DPD request at regular intervals.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter dpd 0 inact Integer Mark the IPsec tunnel as suspect if there is no traffic for n seconds dpd 0 okint Integer Send a DPD request on a healthy link every n seconds dpd 0 failint Integer Send a DPD request on a suspect link every n seconds dpd 0 maxfail Integer Close the IPsec tunnels after no response for n DPD requests Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE The Configurat
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter 0 = Off 1 = Low ike 0 deblevel 2 = Medium Debug Level 3 = High 4 = Very High ike 0 ipaddfilt Comma separated list of IP addresses Debug IP Address Filter ike 0 debug on, off Forward debug to port Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE > IKE n Use the following settings for negotiation Defines the settings used during the IKE negotiation Encryption Defines the encryption algori
Aggressive mode was developed to allow the host to identify a remote unit (initiator) from an ID string rather than from its IP address. This means that it can be used over the Internet via an ISP that dynamically allocates IP addresses. It also has two other noticeable differences from main mode. Firstly, it uses fewer messages to complete the phase 1 exchange (3 compared to 5) and so will execute a little more quickly, particularly on networks with large turn-around delays such as GPRS.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ike n encalg des, 3des, aes Encryption ike n keybits 0, 128, 192, 256 Encryption (AES Key length) ike n authalg md5, sha1 Authentication ike n aggressive on, off Mode ike n ikegroup 1, 2, 5 MODP Group for Phase 1 ike n ipsecgroup 1, 2, 5 MODP Group for Phase 2 ike n ltime 1 - 28800 Renegotiate after h hrs m mins s secs This CLI value is entered in seconds only.
RSA private key file The name of a X.509 certificate file holding the router’s private part of the public/private key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’ section for further explanation. SA Removal Mode Determines how IPsec and IKE SAs are removed. ‘Normal’ operation will not delete the IKE SA when all the IPsec SAs that were created by it are removed and will not remove IPsec SAs when the IKE SA that was used to create them is deleted.
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE > IKE Responder This page displays the various parameters for IKE 0 when used in Responder mode. Enable IKE Responder Allows the router to respond to incoming IKE requests. Accept IKE Requests with Defines the settings that the router will accept during the negotiation Encryption The acceptable encryption algorithms. Authentication The acceptable authentication algorithms. MODP Group between x and y The acceptable range for MODP group.
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKE > IKE Responder > Advanced Stop IKE negotiation if no packet received for n seconds The period of time in seconds after which the unit will stop the IKE negotiation when no response to a negotiation packet has been received. Enable NAT-Traversal Enables support for NAT Traversal within IKE/IPsec. When one end of an IPsec tunnel is behind a NAT box, some form of NAT traversal may be required before the IPsec tunnel can pass packets.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ike 0 inactto 0 – 255 Stop IKE negotiation if no packet received for n seconds ike 0 natt on, off Enable NAT-Traversal ike 0 initialcontact on, off Send INITIAL-CONTACT notifications ike 0 respltime on, off Send RESPONDER-LIFETIME notifications ike 0 keepph1 on, off Retain phase 1 SA after failed phase 2 negotiation ike 0 privrsakey Filename RSA private key file 0 = Normal ike 0 delmode 1 =
External Port The lowest destination port number to be matched if the packet is to be redirected. Forward to Internal IP Address An IP address to which packets containing the specified destination port number are to be redirected. Forward to Internal Port A port number to which packets containing the specified destination port number are to be redirected. Port Range Count The number of ports to be matched.
Authentication Defines the authentication algorithm used. The options are • • • None MD5 SHA1 PRF Algorithm Defines the PRF (Pseudo Random Function) algorithm used. The options are • • MD5 SHA1 MODP Group for Phase 1 Sets the key length used in the IKE Diffie-Hellman exchange to768 bits (group 1) or 1024 bits (group 2). Normally this option is set to group 1 and this is sufficient for normal use.
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2 n > Advanced Retransmit a frame if no response after n seconds The amount of time in seconds that IKEv2 will wait for a response from the remote unit before transmitting the negotiation frame. Stop IKE negotiation after n retransmissions The maximum number of times that IKEv2 will retransmit a negotiation frame as part of the exchange before failing.
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2 Responder This page displays the various parameters for IKEv2 0 when used in Responder mode. Enable IKEv2 Responder Allows the router to respond to incoming IKE requests. Accept IKEv2 Requests with Defines the settings that the router will accept during the negotiation Encryption The acceptable encryption algorithms. Authentication The acceptable authentication algorithms.
Configuration – Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2 Responder > Advanced Stop IKE negotiation if no packet received for n seconds The period of time in seconds after which the unit will stop the IKEv2 negotiation when no response to a negotiation packet has been received. Enable NAT-Traversal Enables support for NAT Traversal within IKE/IPsec.
Configuration – Network > Virtual Private Networking (VPN) > L2TP The Layer 2 Tunnelling Protocol (L2TP) provides a means for terminating a logical PPP connection on a device other than the one which terminates the physical connection. Typically, both the physical layer and logical layer PPP connections would be terminated on the same device, a Digi Router for example.
Bring this tunnel up All the time/On demand This parameter only applies to tunnels initiated from this router. Bring this tunnel down if it is idle for h hrs, m mins, s secs These radio buttons select whether or not the tunnel is permanently available or not. When set to On demand, the tunnel will not activate automatically but will wait until it is triggered by PPP.
Entity Instance Parameter Values Equivalent Web Parameter interface x,y l2tp n rnd_srcport OFF, ON Source Port l2tp n name Up to 30 characters Name l2tp n auth OFF,ON Authentication Off/Secret l2tp n secret Up to 80 characters Authentication Off/Secret Configuration – Network > Virtual Private Networking (VPN) > L2TP > L2TP n > Advanced Retransmit interval s milliseconds The value in this text box specifies the amount of time in milliseconds that the router will wait before retransm
Entity Instance Parameter Values Equivalent Web Parameter l2tp n ans OFF,ON Allow this L2TP tunnel to answer incoming ISDN calls l2tp n msn Up to 9 digits MSN l2tp n sub Up to 17 digits Sub-address Configuration – Network > Virtual Private Networking (VPN) > PPTP The Point-to-Point tunnelling protocol (PPTP) is a common way of creating a VPN tunnel to a Microsoft Windows™ server.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter pptp 0-9 name Up to 30 characters Description pptp 0-9 remhost Valid IP address a.b.c.d Remote Host a.b.c.
Configuration – Network > Virtual Private Networking (VPN) > OpenVPN OpenVPN can be used for connecting to the router for secure management as well as access to services on the LAN side of the TransPort router, such as corporate messaging services, file servers and print servers for example.
Destination host a.b.c.d Only required when configured as an OpenVPN client. This is the IP address of the OpenVPN server. Link socket interface x,y If configured, OpenVPN sockets will only be allowed to/from this interface and the routing table will be ignored. When set to Auto, the OpenVPN sockets will use the routing table to identify the best interface to use.
TLS auth password / Confirm TLS auth password This allows the OpenVPN instance to use an extra level of security by having a TLS password configured. Push IP address #1/#2/#3 When configured as an OpenVPN server, these parameters can be used to push subnets to the client that need to be routed via the OpenVPN server. Used in conjunction with the Push Mask parameter below. Push mask #1/#2/#3 Used with the Push IP address parameter above to define subnets that should be routed via the OpenVPN server.
Key renegotiation packets If non-zero, a key renegotiation will take place after this many packets have travelled through the data channel. Inactivity timeout (seconds) The tunnel is disconnected after the tunnel becomes inactive (no IP traffic) for this many seconds. Note that the timer is only restarted with RX traffic, not TX traffic. Data channel cipher Sets the cipher used for data channel encryption/decryption. Select from the dropdown list.
Entity Instance Parameter Values Equivalent Web Parameter ovpn n autoup OFF,ON Automatically connect interface ovpn n server OFF,ON Server mode (listener) ovpn n port 0 - 65535 Link socket port ovpn n proto TCP,UDP Link socket protocol ovpn n tls_auth_key Up to 30 characters TLS auth password ovpn n etls_auth_key ovpn n puship Valid subnet a.b.c.d Push IP address #1 a.b.c.d ovpn n pushmask Valid netmask a.b.c.d Push mask #1 a.b.c.d ovpn n puship2 Valid subnet a.
Entity Instance Parameter Values Equivalent Web Parameter ovpn n reneg_bytes 0 - 2147483647 Key renegotiation bytes ovpn n reneg_packets 0 - 2147483647 Key renegotiation packets ovpn n inact_timeout 0 - 2147483647 Inactivity timeout (seconds) ovpn n cipher See cipher list below Data channel cipher ovpn n digest See digest list below Data channel digest ovpn n debug OFF,ON Debug Supported Cipher and Digest values for OpenVPN Cipher values Digest values DES-EDE-CBC md2Wit
Configuration – Network > SSL The secure socket layer (SSL) that provides a secure transport mechanism is supported by Digi’s TransPort routers. The configuration of the client-side and server are described in the following pages. Configuration – Network > SSL > SSL Clients Some sites require client side authentication when connecting to them. The router’s SSL client handles the authentication for SSL connections using certificates signed by a Certificate Authority (CA).
Cipher List The cipher list in this text box is a list of one or more cipher strings separated by colons. Commas or spaces are also accepted as separators but colons are normally used. The actual cipher string can take several different forms. It can consist of a single cipher suite such as RC4-SHA. It can represent a list of cipher suites containing a certain algorithm or cipher suites of a certain type.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter sslsvr 0 certfile Up to 12 characters (DOS 8.3 format) Server Certificate Filename sslsvr 0 keyfile Up to 12 characters (DOS 8.
Configuration – Network > SSH Server The secure shell (SSH) server allows remote peers to access the router over a secure TCP connection using a suitable SSH client. The SSH server provides a Telnet-like interface and secure file transfer capability. SSH uses a number of keys during a session. The host keys are used for authentication purposes. Keys unique to each SSH session are also generated and are used for encryption/authentication purposes. The router supports SSH v1.5 and SSH v2.
Allow up to n connections The value in this text box specifies the number of sockets listening for new SSH connections (default 1). Host Key 1 Filename The value in this text box is the filename of either an SSH V1 or V2 host key. It is highly recommended that the filename be prefixed with “priv” to ensure that the key cannot be easily accessed and compromised. This key may be generated using the facilities described in the Certificates section of this manual.
Enable support for SSH v2.0 When checked, this checkbox allows the server to negotiate SSH V2. The router must also have a SSH V2 key present and the filename entered into the SSG configuration. Actively start key exchange This option applies to V2 SSH. Some SSH clients wait for the server to initiate the key exchange process when a new SSH session is started unless they have data to send to the server, in which case they will initiate the key exchange themselves.
Enable Debug The router supports logging and output of debugging information for situations where there are problems establishing a SSH connection. When checked, this checkbox causes the router to trace and output information that should be helpful in diagnosing and resolving the problem.
Configuring SSH In order to fully configure SSH, a version1 SSH key and a version 2 SSH key need to be generated and the router configured to use them. This procedure will be described below. Note: SSH version 2 is more secure than version 1 and so is the recommended version to use. However, some SSH clients may only support version 1 keys and so the router supports both version 1 and version 2 SSH. Configuration using the web interface Navigate to Administration – X.
SSH Authentication with a public/private keypair Once SSH access has been configured and confirmed to be working, RSA key pair authentication can be added and used to replace password authentication. This process will involve the use of PuTTYgen to create public and private keys. Please see the Technical Notes section on the Digi website for full details on how to perform this procedure.
Configuration – Network > FTP Relay The FTP Relay agents allow any files to be transferred onto the router by a specified user using the File Transfer Protocol to be temporarily stored in memory and then relayed to a specific FTP host. This is useful when the router is being used to collect data files from a locally attached device such as a webcam which must then be to a host system over a slower data connection such as W-WAN. In effect, the router acts as a temporary data buffer for the files.
Wait s seconds between attempts The value in this text box specifies the interval (in seconds) that the router should wait in between successive connections attempts. Remain connected for s seconds after a file has been transferred The value in this text box specifies how long (in seconds) that the router will maintain the connection to the FTP host after transferring a file.
Entity Instance Parameter Values Equivalent Web Parameter frelay n norename OFF,ON Rename file frelay n ascii OFF,ON Transfer Mode frelay n appe OFF,ON Transfer Command frelay n retries 0 - 2147483647 Attempt to connect to the FTP Server n times frelay n retryint 0 - 2147483647 Wait s seconds between attempts frelay n timeout 0 - 2147483647 Remain connected frelay n savemode OFF,ON Delete/Retain file frelay n smtp_temp Up to 40 characters Use Email Template File
Configuration - Network > IP Passthrough IP passthrough is a useful feature if a host computer or server on the local area network needs to have access to it from the Internet with a public IP address. With IP passthrough configured, all IP traffic, not just TCP/UDP is forwarded back to the host computer. This feature can be useful for applications that do not function reliably through network address translation.
Ping When checked, this checkbox excludes the ICMP echo request from passthrough. Other Ports The list of TCP and UDP port numbers in this text box will be added to the list that will not be forwarded to the local PC (comma-separated). Other Protocols The list of protocol numbers in this text box will be added to the list that will not be forwarded on to the local PC (comma-separated).
Configuration – Network > UDP Echo When enabled, the UDP echo client generates UDP packets that contain the router’s serial number and ID and transmits them to the IP address specified by the configuration. When the remote router receives a UDP packet on a local port and UDP echo server is configured, it will echo the packet back to the sender. There may be more than one UDP echo instance available on the unit. Instance 0 is used when specifying the local port to listen on.
Entity Instance Parameter Values Equivalent Web Parameter udpecho n locport 0 - 65535 Use local port n udpecho n userouting OFF,ON Route via Routing table udpecho n ifent PPP,ETH Interface x,y udpecho n ifadd Valid interface instance 0 - 4294967296 Interface x,y udpecho n onlyis OFF,ON Only send packet when the interface is “In Service” udpecho n nodata OFF,ON Do not send any data with the UDP packet 241
Configuration – Network > QoS The Quality of Service (QoS) functionality provides the means of prioritising different types of IP traffic. It is generally used to ensure that low priority applications do not “hog” the available bandwidth to the detriment of those having a higher priority. For example, this might mean that EPOS transactions carried out over XOT will be prioritised over HTTP-type traffic used for Internet access. Without some form of QoS, all IP packets are treated as being equal, i.e.
When configuring QoS, be aware that the router supports ten queues, numbered from 0 to 9 and that DSCP codes range from 0 to 64. Configuration – Network > QoS > DSCP Mappings Each DSCP value must be mapped to a queue. These mappings are set up using this page. Default This drop-down list selects the default queue. When this is changed, any DSCP codes that are set to use the default will have their queue number changed.
Maximum kbps The value in this text box sets the maximum data transfer rate in kilobits/second that the router will try to attain for this queue. This means that if the router determines that bandwidth is available to send more packets from a queue that has reached its Minimum kbps setting, it will send more packets from that queue until the Maximum kbps setting is reached.
WRED Queue Length Weight factor The value in this text box specifies a weighting factor to be used in the WRED algorithm when calculating the weighted queue length. The weighted queue length is based on the previous queue length and has a weighting factor that may be adjusted to provide different transmit characteristics.
Configuration – Network > Timebands Digi TransPort routers support “Time Bands” which are used to determine periods of time during which PPP interfaces allowed or prevented from activating. For example, a router in an office could be configured so that the ADSL PPP interface is only raised on weekdays. Time Bands may only be applied to PPP instances. Time Bands are specified by a series of “transition” times. At each of these times routing is either enabled or disabled.
The following screenshot shows a PPP instance configured so that routing is allowed on weekday from 09:00 to 17:00. Clicking the Add button adds the entry into the table. Once an entry has been added to the table, it may be removed by clicking the associated Delete button. As mentioned previously, this Time Band instance is activated by navigating to the associated PPP Time Band (previous page) configuration page and clicking the Enable checkbox, or by entering the equivalent command line command.
Configuration – Network > Advanced Network Settings The settings described in this web page are “advanced” in the sense that in the vast majority of configurations and implementations they should not require changing. Secondary IP Address a.b.c.d The value in this text box assigns an additional IP address to the router that is not associated with any particular interface. The router will respond directly to incoming traffic for this address, i.e.
Configuration - Network > Advanced Network Settings > Socket Settings Default source IP address interface x,y The values in these two text boxes define the interface (None,PPP,ETH) and the instance number of the interface to use as a source address for IP when not using the interface that the socket was created on. The router creates general-purpose sockets automatically when the controlling application requests them. As, for example, when TPAD calls are made over IP or XOT.
Configuration – Network > Advanced Network Settings > XOT Settings Default source IP address interface x,y The values in these two text boxes specify the interface (None,PPP,ETH) and instance number of that interface that IP address that XOT sockets should use instead of the interface that the socket was created on. Note: Even when this parameter is not configured, the IP address from the interface on which the socket was created will be used.
Configuration – Network > Advanced Network Settings > Backup IP Addresses This page contains a table that is used to specify alternative IP addresses to use when the router fails in an attempt to open a socket. These addresses are used only for socket connections that originate from the router and are typically used to provide back-up for XOT connections, TANS (TPAD answering) connections or any application in which the unit is making outgoing socket connections.
Chaining IP Addresses It is possible to chain backup IP addresses by making multiple entries in the table. For example, if the backup IP address for the original IP address appears as the IP address in the next row, along with a new backup IP address for that IP address, then when, the original IP address becomes unavailable, the router will try the backup IP address and if that is unavailable, the router will try its backup IP address and so on.
Configuration - Network > Legacy Protocols Older protocols that existed before TCP/IP became dominant are often referred to as legacy protocols. Examples of legacy protocols are X.25, SNA and LAPB. Digi TransPort routers are capable of connecting to legacy networks such as X.25. They are also capable of simulating a legacy network so that equipment that in the past would have connected to a legacy network can connect to the Digi TransPort router instead.
Configuration - Network > Legacy Protocols > SNA over IP > SNAIP 0 Description This parameter allows you to enter a name for this SNAIP instance, to make it easier to identify. Send SNAIP traffic over interface This setting determines which physical interface is to be used for carrying SNAIP data. This can be set to either “ISDN”, “Serial Port” or “SharedPort”. If “ISDN” is selected then SNAIP data is carried over the ISDN BRI physical interface.
Assume station exists (Do not send TEST frames) When this parameter is enabled TEST frames are not transmitted and the TEST response is not expected. Instead the unit assumes the station exists and proceeds with the protocol as if the DLSw has received the TEST response. Toggle DCD output each time the DLSw protocol enters the DISCONNECTED state When this parameter is set to “On”, the DCD (Data Carrier Detect) output will turn off briefly each time the DLSw protocol enters the DISCONNECTED state.
RR Timer This is a standard LAPB/LAPD “Receiver Ready” timer. The default value is 10,000ms (10 seconds) and it should not normally be necessary to change this. T1 timer This is a standard LAPB timer. The default value is 1000 milliseconds (1 second) and under normal circumstances, it should not be necessary to change it. T200 timer This is the standard LAPB re-transmit timer. The default value is 1000 milliseconds (1 second) and under normal circumstances, it should not be necessary to change it.
DLSw Role When this parameter is set to “Active”, and the unit is in SNA mode, then this DLSw switch will actively connect to the remote DLSw switch. DLSw Window This parameter is used to set the DLSw window size. The value range is from 10 to 100 with the default being 20. UDP Capable This controls the UDP transmission of DLSw SSP packets. Reception is always enabled for version 2 support.
Entity Instance Parameter Values RAW_NOHDR Equivalent Web Parameter snaip x ans 1 = enabled, 0 = disabled Allow this unit to answer calls snaip x msn text Only accept calls with MSN ending with snaip x sub text Only accept calls with sub-address ending with snaip x autocontact 1 = enabled, 0 = disabled Assume station exists (Do not send TEST frames) snaip x dcd_toggle 1 = enabled, 0 = disabled Toggle DCD output each time the DLSw protocol enters the DISCONNECTED state Sync port
Entity Instance Parameter Values Equivalent Web Parameter snaip X srcipent auto, eth, ppp Use interface for source IP address snaip x srcipadd 0 - 255 Use interface for source IP address snaip x sock_inact 0 - 2147483647 Close TCP connection if it is idle for x secs snaip x ver 0-2 DLSw Ver snaip x passive 0 = active, 1 = passive DLSw Role snaip x dlswwindow 1 - 100 DLSw Window snaip x udp_cap 1 = enabled, 0 = disabled UDP Capable snaip x use1sock On, Off, Compatib
Configuration - Network > Legacy Protocols TPAD TPAD is a simplified version of the X.25 PAD specification that is commonly used for carrying out credit-card clearance transactions. Digi units support the use of TPAD over: ISDN B and D-channels TCP UDP SSL XoT Automatic back-up between any two of these “layer 2 interfaces” or “transport protocols” is supported. For further information on using TPAD please refer to Digi technical support and ask for a copy of “TG2 - Introduction to TPAD and X.25”.
Use suffix x The Suffix # parameter may be set to contain additional numbers that are dialled after the number specified by B-channel ISDN #. For example, if B-channel ISDN # was set to 123456 and Suffix # was set to 789, the actual number dialled would be 123456789. On the main interface Deactivate LAPB session x seconds after TPAD X.25 call has been cleared Once a TPAD X.25 call has been cleared, the unit will keep a LAPB instance active for the length of time set by this parameter.
LCN direction This parameter determines whether the X.25 LCN used for outgoing TPAD calls is incremented or decremented from the starting value when multiple TPAD instances share one layer 2 (LAPB or LAPD), connection. The default is “DOWN” and LCNs are decremented, i.e. if the first CALL uses 1024, the next will use 1023, etc. Setting the parameter to “UP” will cause the LCN to be incremented from the start value.
Create an event when reply from X.25 host matches This parameter can be used to generate a “Data Trigger” event (code 47) when the reply from the X.25 host contains the string specified in this parameter. It is possible to configure the unit to generate an email alert message when this event occurs. See “LOGCODES.TXT” for a complete list of events.
The polling character set is c This parameter is a string that specifies a character or set of characters to be treated as polling characters. The unit will respond to any of these characters using ACK. This parameter should normally be left blank. Enable Message Numbering When this check box is ticked the unit will override the message numbering of the local equipment and substitute its own message numbering in the APACS 30 data.
Do not transmit ENQ characters Under the TPAD protocol the ENQ character is normally used to indicate that a call has connected and that the TPAD terminal may proceed with the transaction. Enabling this parameter will prevent the router from transmitting ENQ characters to the TPAD terminal when a connection is made.
Acknowledge TPAD data packets This parameter causes the unit to acknowledge TPAD data packets from the terminal. This parameter should normally be enabled. Note that this parameter is only used if no polling characters (see above) are defined. Convert leading STX character to SOH Enabling this parameter will cause the unit to convert the leading STX character in a transaction to an SOH character. Terminate TPAD call is EOT only A TPAD call is normally terminated with a DLE EOT sequence.
Entity Instance Parameter Values Equivalent Web Parameter tpad n bnumber text (valid ISDN number) Use number x to make outgoing ISDN calls tpad n prefix text (numeric) Use prefix x tpad n prefix_rem text (numeric) Remove prefix x from number in ATD command tpad n suffix text (numeric) Use suffix x 0 - 10000 On the main interface Deactivate LAPB session x seconds after TPAD X.
Entity Instance Parameter Values Equivalent Web Parameter tpad n IPaddr IP address Connect to remote IP address tpad n iphdr tpad n termid text Use Terminal ID (TID) tpad n dotermid 1 = enabled, 0 = disabled Replace TID provided by connected terminal with configured TID tpad n tid text Use TID xxxxxxxxx with incoming APACS 50 polling calls tpad n merchnum text Use merchant Number tpad n useconstr 1 = enabled, 0 = disabled Use Connect String tpad n constr text Use Co
Entity Instance Parameter Values Equivalent Web Parameter tpad n tackdel 0 – 10000 Wait for x milliseconds for an ACK before retransmitting the data tpad n dsync 1 = enabled, 0 = disabled Transmit TPAD transactions directly in a Synchronous frame tpad n inclrc 1 = enabled, 0 = disabled Include LRC tpad n incllrc 1 = enabled, 0 = disabled Include LRC line tpad n fpar 1 = enabled, 0 = disabled Force parity when sending data to the terminal tpad n lrpar 1 = enabled, 0 = disable
When answering a X.25 call, use the addresses from CALL packet in the CALL CNF packet When this setting is enabled when answering a call the called and calling addresses from the CALL packet are used in the X25 CALL CNF (call confirm packet) that the unit sends to answer the call. This setting can be enabled on a per “interface type” basis, (LAPD, LAPB or XoT) Reset XOT PVC if the router is the Initiator When this parameter is enabled the unit is responsible for resetting the links when an XOT PVC comes up.
Configuration - Network > Legacy Protocols > X.25 > LAPB LAPB (Link Access Procedure Balanced) is a standard subset of the High-Level Data Link Control (HDLC) protocol. It is a bit-oriented, synchronous, link-layer protocol that provides data framing, flow control and error detection and correction. LAPB is the link layer used by X.25 applications. On Digi TransPort routers LAPB can be used over ISDN or over a synchronous serial port. Configuration - Network > Legacy Protocols > X.
Send X.25 Restart packet on receipt of SABM frame This parameter can be set to “No” or “Immediate”. When set to “Immediate”, the LAPB instance will send an X.25 restart packet immediately on receipt of an SABM (Set Asynchronous Balanced Mode) frame. If the parameter is set to “No”, then no X.25 restart is sent. Configuration - Network > Legacy Protocols > X.25 > LAPB n > ISDN Parameters Allow this unit to answer calls When this parameter is enabled this instance of LAPB will answer incoming ISDN calls.
Configuration - Network > Legacy Protocols > X.25 > LAPB n > Async Mux 0710 Parameters For certain W-WAN modules LAPB is used to perform multiplexing of serial channels. If using LAPB for X.25 over ISDN or serial then these settings should be ignored. These settings should not be changed unless under the instruction of technical support. Mux 0710 mode When enabled configures the LAPB instance to be used for multiplexing of serial channels instead of X.25.
Entity Instance Parameter Values disabled Equivalent Web Parameter lapb n msn text Only accept calls from calling number ending with lapb n sub text Only accept calls with sub-address ending with lapb n ptime 0 - 60000 Wait x milliseconds before attempting to establish the LAPB link after Bchannel becoming active lapb n cli text Only answer calls from numbers whose trailing digits match lapb n mux_0710 1 = enabled, 0 = disabled Mux 0710 mode lapb n mux_mode 0 = Basic, 1 = Er
Configuration - Network > Legacy Protocols > X.25 > NUA / NUI Interface Mappings For PAD and TPAD instances, this table can be used to override the following: • Interface • Backup interface • IP address • TCP/UDP port number Based upon data in the call request matching the following comparison fields: • NUA called • NUI called • X.25 Call Data • PID All the comparison fields, NUA, NUI, Call Data and PID can use the wildcard matching characters “?” and “*”.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter nuaip N nua text NUA nuaip N nui text NUI nuaip N cud text Call Data nuaip n pid text PID nuaip n IPaddr IP address IP Address nuaip n ip_port 0 - 65535 IP Port nuaip n swto 0 -15 Interface nuaip n buswto 0 -15 Backup Interface The interface and backup interface values are as follows: Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD x (instanc
could be given the name “X25test” and then executed simply by entering: CALL X25test To create a macro, enter a name for the macro in the left column of the Call Macros table and in the right column enter the appropriate command string (excluding the ATD). Then click Add. Macro The name of the macro, this can be any text. Command The X.25 call command.
Configuration - Network > Legacy Protocols > X.25 > IP to X.25 Calls This page contains a table that allows you to enter a series of IP Port numbers and X.25 Call strings as shown below. It is used to configure the unit so that IP data can be switched over X.25. For example data that is received on a TCP connection can be answered by a PAD as if it is an X.25 call.
RFC 1086 Mode: RFC 1086 specifies a mode of operation in which the IP socket answers and then with a simple protocol in the socket identifies the X.25 address and other X.25 call setup parameters to be used. Then when the X.25 call parameters have been identified the X.25 call is made and if successful then data is then switched between the X.25 call and the IP socket. The protocol will select whether incoming or outgoing support is required.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ipx25 n ip_port 0 - 65535 IP Port ipx25 n nb_listens 0 – software dependant max Number of Sockets ipx25 n x25call ipx25 n pid hex numbers PID ipx25 n cnf_mode 1 = enabled, 0 = disabled Confirm Mode ipx25 n rfc1086_mode 1 = enabled, 0 = disabled RFC 1086 Mode NUA, NUI or X.
X.25 Settings Default X.25 packet size This parameter determines the default X.25 packet size. This may be set to “16”, “32”, “64”, “128”, “256”, “512” or “1024”, but the actual values permitted will normally be constrained by your service provider. Answer incoming calls from NUA This is the NUA that the unit responds to for incoming X.25 calls. Only answer calls with CUG The PAD will only answer calls with this Call User Group (CUG) specified. Use X.
On the backup interface NUI/NUA selection If both an NUI and an NUA are included in the call string, this parameter allows the unit to filter one of these out of the X.25 call request. Enable X.25 Restart Packets It is normally possible to make X.25 CALLs immediately following the initial SABM-UA exchange. In some cases however, the X.25 network may require an X.25 Restart before it will accept X.25 CALLs. The correct mode to select depends upon the particular X.25 service to which you subscribe.
Enable Leased Line Mode When this parameter is set to “On”, it causes the PAD to always attempt to be connected using the Auto macro setting as the call command. Send ENQ on Connect When this parameter is set to “On” the PAD will send an ENQ character on the ASY link when an outgoing call has been answered. Enable STX / ETX Filtering When this parameter is “On”, the PAD will ignore data that is not encapsulated between ASCII characters STX (Ctrl+B) and ETX (Ctrl+C).
Entity Instance Parameter Values Equivalent Web Parameter pad n amacro text Use X.25 Call Macro macroname to an ATD command pad n cingnua text (valid NUA) Use NUA pad n lcn 1 - 4095 LCN pad n lcnup 1 = up, 0 = down LCN Direction pad n nuaimode 0 = NUI and NUA, 1 = NUA only, 2 = NUI only NUI/NUA selection pad n dorest 1 = enabled, 0 = disabled Enable X.
Entity Instance Parameter Values pad n inactevent 0 - 2147483647 Equivalent Web Parameter PAD Create an event when there has been no activity on the PAD for x seconds Stopping and starting PADs PAD instances can be stopped and started using the following CLI commands: stoppads gopads The stoppads command stops all PAD instances from accepting and performing any PAD commands. The gopads command resumes processing of PAD commands.
When a call is in progress and you need to actually transmit the character that is currently defined as the PAD recall character, simply enter it twice. The first instance returns you to the PAD> prompt; the second resumes the call and transmits the character to the remote system.
5 Ancillary Device Control This parameter determines method of flow control used by the PAD to temporarily halt and restart the flow of data from the DTE during a call. Option Description 0 No flow control 1 XON/XOFF flow control 3 RTS/CTS flow control (not a standard X.3 parameter) 6 Suppression of PAD Service Signals This parameter determines whether or not the “PAD>” prompt and/or Service/Command signals are issued to the DTE.
8 Discard Output This parameter determines whether data received during a call is passed to the DTE or discarded. It can only be directly set by the remote system and may be used in a variety of circumstances when the remote DTE is not able to handle a continuous flow of data at high speed.
13 LF Insertion (after CR) Controls the automatic generation of a Line Feed by the PAD. Option Description 0 No line feed insertion 1 Line Feeds inserted in data passed TO the DTE 2 Line Feeds inserted in data received FROM the DTE 4 Line Feeds inserted after CRs echoed to DTE The line feed values can be added together to select Line Feed insertion to any desired combination.
20 Echo Mask This parameter defines characters that are NOT echoed when echo mode has been enabled using parameter 2. Option Description 0 No echo mask (all characters are echoed) 1 CR 2 LF 4 VT, HT or FF 8 BEL, BS 16 ESC,ENQ 32 ACK,NAK,STX,SOH,EOT,ETB,ETX 64 No echo of characters set by parameters 16, 17 & 18 128 No echo of characters set by parameters 16, 17 & 18 Combinations of the above sets of characters are possible by adding the respective values together.
Configuration - Network > Legacy Protocols > X.25 > X.25 PVCs A Permanent Virtual Circuit (PVC) provides the X.25 equivalent of a leased line service. With a PVC there is no call setup or disconnect process; you can just start sending and receiving X.25 data on a specified LCN. For each X.25 service connection you may setup up multiple PVCs each of which uses a different LCN (or a mixture of PVCs and SVCs). Digi routers support up to four PVCs numbered 0-3. Configuration - Network > Legacy Protocols > X.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter pvc n l2iface Blank or lapb, lapd, tcp Enable this PVC pvc n lcn 0 - 4096 LCN pvc n uliface pad, tpad, xsw Connect this PVC to PAD x 0=default 4=16 5=32 pvc n psize 6=64 7=128 Use packet size 8=256 9=512 10=1024 pvc n window 1-7 Use window size pvc n ipaddr IP address Remote IP address pvc n srcipent auto, eth, ppp Use the source IP address from interface x,y pvc n srcipadd 0 - 255 Use
Idle Gap When receiving an modbus response from a station when this idle gap (pause with no reception of characters) is detected the message (currently received from the station) is at that staged forwarded on as the complete response. Fix slave address The address of the slave is fixed at this value. An address conversion will take place if a message that does not contain this address is received from the TCP master. If not used the TCP master must use the correct slave address.
Configuration - Network > Protocol Switch The Protocol Switch software available on some models provides X.25 call switching between the various protocols and interfaces that may be available including: Interface / Protocol Description Off/None Data will not be switched from / backed-up to this protocol LAPD Data will be switched from / backed-up to LAPD using the X.25 service. LAPD X As above but the actual LAPD instance used will be determined by the NUA.
When this optional feature is included, the unit may be configured to pass X.25 calls or data received in a TCP connection to another protocol or interface. In addition, it is possible to specify a backup protocol or interface so that if an outgoing call on one interface fails, then the backup interface is automatically tried. LAPB can be used to switch to either ISDN or X.25 over serial depending on the configuration of the LAPB instance chosen.
Parameters TCP or XoT This parameter controls the switching of incoming X.25 calls received via TCP or XOT. Select the interface to which data should be switched from the drop down list, or select “Off” and the protocol switch will not respond to any incoming XOT or TCP connections. LAPD This parameter controls the switching of incoming X.25 calls received via ISDN LAPD.
LAPB X backup to interface If any of the Switch from parameters has been set to LAPB X, and LAPB X is unavailable, this parameter may be used to specify an alternative interface to switch the X.25 call to. Any of the other interfaces may be chosen, or “None”. If “None” is chosen, then no backup call will be attempted. VXN backup to interface If any of the Switch from parameters has been set to VXN, and VXN is unavailable, this parameter may be used to specify an alternative interface to switch the X.
Enable ENQ Char: When this parameter is set to “On”, when an incoming call on LAPB is switched and the unit connects to it, the X.25 switch sends a data packet on the LAPB X.25 SVC containing the ENQ character. LAPB 0 Default Packet Size: 128 256 512 1024 This is the default packet size for calls being switched onto LAPB 0. The default packet size is 128, other possible values are 256, 512 or 1024 bytes.
However, this means that if you are routing traffic from the local subnet across a VPN tunnel you would have to set up two Eroutes; one to match the local subnet address and one to match the XOT source address (i.e. the address of the PPP interface associated with to the wireless network). By setting this parameter to “Ethernet” the unit will use the IP address of the Ethernet port instead of that of the PPP interface so that you need only set up on Eroute. X.
Entity Instance Parameter Values Equivalent Web Parameter X25sw 0 swfrlapb2 0-10,13-15 (see below) Switch from LAPB 2 to X25sw 0 swfrlapb2pvc 0-10,12, 14, 15 (see below) Switch from LAPB 2 PVC to X25sw 0 swfrlapd 0, 2-10,12-15 (see below) Switch from LAPD to X25sw 0 swfrxot 0-3,5-10,12-15 (see below) Switch from XOT (TCP) to X25sw 0 swfrxotpvc 0-7,9,10,12-15 (see below) Switch from XOT PVC to X25sw 0 callprefix Calling Prefix X25sw 0 dlcn 0-65535 D-Channel LCN X
Entity Instance Parameter Values Equivalent Web Parameter LAPB 2 Default Packet Size X25sw 0 lapb2ppar 7,8,9,10 7=128 8=256 9=512 10=1024 X25sw 0 lapb2wpar 1-7 LAPB 2 Default Window Size X25sw 0 ipaddr IP address IP Stream or XOT Remote IP Address X25sw 0 buipaddr IP address IP Stream or XOT Backup IP Address X25sw 0 ip_port 0-65535 IP Stream Port IP Length Header X25sw 0 iphdr 0,1,2 0=Off 1=On 2=8583 Ascii 4 byte X25sw 0 srcipadd Interface number 0-65535 Source IP addr
Parameter value Interface type 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL Configuration - Network > Protocol Switch > CUD Mappings Protocol Switch CUD mappings allow you to map an incoming call’s CUD (call user data) from one value to another. The PID (protocol identifier) portion of the CUD (if present) is maintained from input to output and is not involved in the comparison.
Configuration - Network > Protocol Switch > IP Sockets to Protocol Switch This page contains a table that allows you to enter a series of IP Port numbers and X.25 Call strings as shown below. It is used to configure the unit so that IP data can be switched to any of the protocols support by the protocol switch includingX.25. For example data that is received on a TCP connection can be forwarded over SSL, XoT or a UDP stream. The only columns that must be filled out are “Port” and “Number of Sockets”.
Confirm Mode When confirm mode is set to “On” then the incoming TCP socket will not be successfully connected until the corresponding outgoing call has been connected. The incoming TCP socket will trigger the corresponding outgoing call either to a local PAD instance or to whatever is configured. The effect of this mode is that the socket will fail if the outbound call fails and so may be useful in backup scenarios. In addition it will ensure that no data is sent into a “black hole”.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ipx25 n ip_port 0 - 65535 IP Port ipx25 n nb_listens 0 – software dependant max Number of Sockets ipx25 n x25call ipx25 n pid hex numbers PID ipx25 n cnf_mode 1 = enabled, 0 = disabled Confirm Mode ipx25 n rfc1086_mode 1 = enabled, 0 = disabled RFC 1086 Mode NUA, NUI or X.
Configuration - Network > Protocol Switch > NUA to Interface Mappings This page contains a table that allows you to enter a series of X.25 NUA or NUI values along with IP addresses/Ports to which they should be mapped if you need to override the default settings in the Configuration - Network > Legacy Protocols > X.25 > NUA/NUI Interface Mappings page.
Interfaces are coded as follows: Parameter Value Interface Type 0 Default 1 LAPD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X (actual instance determined by NUA) 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream 12 LAPB 2 13 LAPB 2 PVC 14 VXN 15 SSL Configuration - Network > Protocol Switch > NUA Mappings Protocol switch NUA mappings allow you to redirect specified NUAs to alternative NUAs for switched X.25 calls. Up to twenty “NUA In” to “NUA Out” mappings are available.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter X25map 0-19 nuafrom 0-65536 NUA In X25map 0-19 nuato 0-65536 NUA Out interface 0,1,2,3,4,12 0=Any 1=LAPD 2=LAPB 0 3=LAPB 1 4=XOT 12=LAPB 2 Interface ca_or_ci 0,1,2 0=Both 1=Called 2=Calling Called / Calling X25map X25map 0-19 0-19 309
Configuration – Alarms > Event Settings The router maintains a log of events in the “LOGCODES.TXT” pseudo file. When an event of a specified (or lower priority) level occurs, a syslog message, an email alert or SMS alert (on W-WAN models) can be sent to a pre-defined address.
Configuration – Alarms > Event Settings > Email Notifications To use the email alert facility, you must first ensure that a valid Dial-out number, Username and Password have been specified and that the SMTP parameters have been set correctly. The Dial-out number, Username and Password parameters are to be found in the Configuration – Network > Interfaces > Advanced > PPP n pages where n is the relevant interface number. The SMTP parameters are to be found under Configuration – Alarms > SMTP Account.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter event n etrig 0–9 0 disables sending alerts Send an email notification when the event priority is at least n event n emax 0 – 255 Send a maximum of n emails per day event n etemp The name of a template file. Default is EVENT.EML Use email template file event n to A valid email address, e.g. Email To you@yourdomain.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter event n trap_trig 0–9 0 disables sending alerts Send a SNMP Trap when the event priority is at least n event n trap_max 0 – 255 Send a maximum of n SNMP traps per day Configuration – Alarms > Event Settings > SMS Messages Note: This option is only available on routers with W-WAN capability. This section has three identical rows, each of which controls the setting of the SMS alert messages.
Entity Instance Parameter Values e.g. 447871445677 Equivalent Web Parameter event n sms_trig3 0–9 If the event priority is at least n event n sms_temp A valid mobile number e.g. 447871445677 Use SMS template event n sms_max 0 – 255 Send a maximum of n SMS messages per day Configuration – Alarms > Event Settings > Local Logging A secondary log file can be created on a USB flash drive and events will be appended to this log file.
Configuration – Alarms > Event Settings > Syslog Messages As well as logging events to an internal log file and to a file on a USB flash drive, the router can log events to a Syslog server. This section describes how to configure the router to send Syslog messages to a Syslog server. Send Syslog messages When this checkbox is checked, the following options are displayed: Send a Syslog message when the event priority is at least n This is the lowest priority event that will generate a syslog message.
These radio buttons selects which method of establishing a route to the server should be used. Routing table When this radio button is selected, the routing table is used to determine the interface that will be used to transmit the syslog message. Interface x,y If the routing table is not to be used, an interface type (PPP or Ethernet) may be selected from the drop-down selection box and the interface instance number may be typed into the adjoining text entry box.
Configuration – Alarms > Event Logcodes This page allows you to edit the logcodes used to describe events entered in the “EVENTLOG.TXT” pseudo file. If a change is made to the logcodes.txt file, the changes will be saved in the file logcodes.dif so when a firmware upgrade is performed the changes to the logcodes are retained. The page that appears under the blue bar initially shows a table containing the Event descriptions and reason.
Configuration – Alarms > Event Logcodes > Configuring Events This page controls the configuration of the event that is displayed in bold font at the top of the page, just below the blue title bar. Do not log this event When checked, this checkbox disables logging of the event. Note: This parameter is not saved in the logcodes.txt file but in the config.dan file.
Freeze the Analyser trace This selection will cause the analyser to be “frozen”, i.e. no more logging will take place until the email has been sent. Delete the Analyser trace This selection will cause the analyser trace to be deleted once the email has been sent. Attach a snapshot of the Event Log Selecting this checkbox will cause the eventlog to be attached to the email. After this event Leave the Event Log Selecting this radio button will leave the event log unchanged.
Configuration - Alarms > SMTP Account In order for the router to successfully send emails, an email account (SMTP) must be available. This section describes the configuration of the router in order to use the email account that has been set up for it. Hostname or IP address of your SMTP server This parameter sets the IP address or hostname of the SMTP mail server, e.g. smtp.myisp.com.
If the “Route using routing table” option is not selected, the settings in the interface and interface instance text boxes are used to determine the outbound interface and source IP address. These are selected from the drop-down selection box and are None, PPP and Ethernet. Resend the email after s seconds if the first attempt fails This checkbox and associated text entry box enable the retry mechanism.
Configuration – System > Device Identity This configuration section describes how to configure the identity of the router. Description This free-form text input field is for entering a description of the router that can be used to uniquely identify it. This is useful where there are a large number of routers on a site and a descriptive name would be easier to use when referring to the router, rather than having to use the serial number or other unique parameter.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter snmp n Name Free text field Description snmp n Contact Free text field Contact snmp n Location Free text field Location cmd n Unitid Free text field Router Identity cmd n Hostname Free text field Hostname cmd n sec_hostname Free text field Secondary Hostname Configuration – System > Date and Time The router keeps track of calendar time using an internal real time clock (RTC) device.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter n/a n/a time hh [mm [ss [DD [MM [YYYY]]]]] Manually set the time Configuration – System > Date and Time > Autoset Date and Time Do not auto-set the system time This is the system default and this radio button will appear filled in when the unit is new unless a different default configuration has been supplied. Click this radio button to close the SNTP or NTP configuration pages.
End Month Use this drop-down selection box to select the desired month in which to switch back to GMT (UTC). Day Use this drop-down selection box to select the desired day on which to switch back to GMT. Hour Use this drop-down selection box to select the desired hour at which to switch back to GMT. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter sntp n server Valid hostname or IP address sntp.timeserve.
Up to 4 remote peers can be configured, all the peers are polled at intervals and the “best” peer is selected for using as the time source. SNTP should be configured prior to using NTP. The router will calculate the accuracy of the NTP time servers over a period of time (up to 2 hours), once the drift compensation is calculated the NTP client will be used. The drift compensation value will be stored in NVRAM and written to the config.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter ntp n driftppm -10000 - +10000 Initial Drift Compensation ntp n precision -10 - 0 Clock Precision Limit ntp n inhibit_int Blank,PPP,Ethernet Disable NTP when interface x,y is out of service x = Interface type ntp n inhibit_add 0 - 255 Disable NTP when interface x,y is out of service y = interface number ntp n server Valid IP address or hostname, e.g. ntp1@timeserver.
Entity Instance Parameter Values Equivalent Web Parameter ntp n server3 Valid IP address or hostname, e.g. ntp3@timeserver.org NTP Server ntp n bcast3 0,1 Broadcast Mode 0 = disabled 1 = enabled ntp n minpoll 3 - 14 Poll Interval s1, s2 See ‘minpoll’ for values ntp n maxpoll 3 - 14 Poll Interval s1, s2 See ‘minpoll’ for values ntp n burstint3 0 – 255 Startup burst Interval s seconds ntp n server4 Valid IP address or hostname, e.g. ntp4@timeserver.
Configuration – System > General This section describes the configuration of router functionality that applies to the router in general rather than specific features. Configuration – System > General > Autorun Commands The router may be configured to run a number of commands once it has booted. These commands are associated with specific asynchronous serial interfaces. Configuration of this facility is via a table on this web page. As an example, it may be required that a Script Basic script, sample.
Configuration - System > General > Web / Command Line Interface The router may be configured using several different methods. This section describes how to configure the web GUI and CLI (Command Line Interface) options. Automatically log user out if idle for h hours m minutes s seconds In order to limit the probability of unauthorised users gaining access to the router, login timeouts are applied. These cause an existing connection to be closed after a predefined period. The default is 20 minutes.
Entity Instance Parameter Values Equivalent Web Parameter 1 = High 2 = Medium 3 = Low 4 = None 8 = Read only local n tlocto Free text field Never, h hrs, m mins, s secs cmd n noremecho 0,1 Enable Remote command echo 0 = Off (default) 1 = On cmd n prebanner Valid filename e.g. “welcome1.txt” CLI Pre-Login Banner cmd n postbanner Valid filename e.g. “welcome2.txt” CLI Post-Login Banner cmd n cmdnua 0 - 1023 Allow CLI access from X.
SNMP Enterprise number This parameter specifies the value of the OID (Object IDentifier) to be used by SNMP management tools when accessing the MIB (Management Information Block). This number must form part of the OID used to access individual items in the MIB as a prefix. For example: SNMPv2-SMI::enterprises.16378.10001. SNMP Enterprise Name This is the name corresponding to the above Enterprise Number.
Configuration – Remote Management > iDigi > Connection Settings iDigi is a hosted remote configuration and management system that has been designed to facilitate the management of large numbers of routers. Before this service can be used, an iDigi account must be set up. Applying for an account is a straightforward procedure; the local sales representative will have details. The iDigi homepage is to be found at www.idigi.com.
Configuration – Remote Management > iDigi > Advanced The settings in the previous section, along with the system defaults are sufficient to establish a connection to the iDigi server. The settings in the advanced section allow the connection to be fine-tuned. The parameters described here are concerned with detecting loss of connection. When the router first connects to the iDigi server, the link parameters are sent to it.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter idigi n idledisconn 0,1 Disconnect when iDigi server is idle 0 = Do not disconnect 1 = disconnect idigi n disconnsecs 0 - 28800 Idle Timeout h,m,s This CLI value is entered in seconds only.
TCP MIB (RFC2012) UDP MIB (RFC2013) VRRP MIB (RFC2787) SNMP MPD MIB (RFC3412) SNMP USM MIB (RFC3414)** * The following groups/tables in RFC2233 are not supported: ifXTable, ifStackTable, ifRcvAddressTable. ** The following groups/tables in RFC3414 are not supported: usmUserTable. Other MIBs may be available on request. Enable SNMPv1 Ticking this checkbox enables support for version 1 of the protocol. Enable SNMPv2c Ticking this checkbox enables support for version 2c of the protocol.
Configuration – Remote Management > SNMP User > SNMP User n This page controls the configuration of the SNMP users. SNMPv1 / SNMPv2c Community The text in this text entry box specifies the community string for Version 1 and Version 2c SNMP packets. Confirm Community The community string is echoed as dots in the text entry box and so having a second confirmation field where the string is retyped, allows a simple check to be performed for correct entry. SNMPv3 Username This field is the name of the SNMP user.
Configuration – Remote Management > SNMP Filters SNMP filters allow the system administrator to control access to the router MIBs via SNMP. This functionality is controlled by a table on the web configuration page. This table has three columns, two main headed columns as described below and a control column containing button widgets. The table has a capacity of ten entries, snmp filter instances range from 0 to 9.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter snmp n enterprisetraps 0,1 Generate Enterprise traps 0 = Off 1 = On snmp n generictraps 0,1 Generate Generic traps 0 = Off 1 = On snmp n authtraps 0,1 Generate Authentication traps 0 = Off 1 = On snmp n vrrptraps 0,1 Generate VRRP traps 0 = Off 1 = On Configuration – Remote Management > SNMP Traps > SNMP Trap Server n Digi TransPort routers support two SNMP trap servers.
Trap Server Engine ID This item will be configured within the application and is the SNMP server software engine ID which is used for authentication and encryption. SNMP User This is the username that should be associated with the trap server. This should match a user from one of the previously configured SNMP users (Configuration – Remote Management > SNMP > Users). User Security Level Select the desired security level from this drop-down selection box.
Configuration – Security > Users > User n These pages allow you to configure a number of authorised users. The number of users available depends on the firmware build the router is running. Each user has a password and access level that determines what facilities the user has access to. Username The name of the user. Up to 14 characters are allowed. There are some special usernames that can also be used, these are: %s This uses the serial number of the router as the username.
Configuration – Security > Users > User n > Advanced Allow this user to log in over a PPP network Enabling this will allow the user to log in to the router using PPP. Disabling this will disable PPP login for the user no matter what the user’s access level is. Use this number x when PPP dial-back is required for this user The telephone number for the user in the event that “dial-back” is required.
Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter user 0 dun_en on, off Allow this user to log in over a PPP network user 0 phonenum Number Use this number x when PPP dialback is required for this user user 0 newpwd user 0 fieldip IP Address Remote Peer IP address user 0 ipaddr IP Address Remote Peer IP subnet user 0 mask IP Mask Remote Peer IP subnet mask user 0 keyfile Filename Public Key file String (up to 14 chars) 343 Alternate IKE Ke
Configuration – Security > Firewall All Digi TransPort routers incorporate a comprehensive firewall facility. A firewall is a security system that is used to restrict the type of traffic that the router will transmit or receive based on a combination of IP address, service type, protocol type, port number and IP flags.
Restore If, after reviewing changes to the table it is decided that the edit should be abandoned, clicking this button will restore the original “fw.txt” to the table, provided that they have not been saved. Below the firewall editor table is another table that controls which interfaces the firewall rules apply to. Interface This column is simply a list of the available interfaces to which the firewall rules may be applied.
UDP s seconds The value in this text box specifies the length of time that a stateful inspection rule will remain in place following the receipt of UDP packet. The timer is restarted each time packets matching the rule pass in each direction. As a consequence, rules based on UDP should only be used if it anticipated that packets will travel in both directions. ICMP s seconds Some ICMP packets – for instance the ECHO request – generate response packets.
Configuration – Security > RADIUS The RADIUS client may be used for authentication purposes at the start of remote command sessions, SSH sessions, FTP sessions, HTTP sessions and Wi-Fi client connections (PEAP & EAP-TLS). Depending on how the RADIUS client is configured, the router may authenticate with one or two RADIUS servers, or may authenticate a user locally using the existing table configured on the router.
Configuration – Security > RADIUS > RADIUS Client n The following pages describe the configuration parameters available for setting up a RADIUS client on the router. Authorization Primary Authorization Server IP Address a.b.c.d The value in this text box specifies the IP address of the primary authorisation NAS. NAS ID The value in this text box is an identifier which is passed to the primary authorisation NAS and is used to identify the RADIUS client.
Password The value in this text box is the password that is supplied by the primary accounting NAS administrator and is used in conjunction with the primary accounting NAS ID to authenticate RADIUS packets. Confirm Password Type the above password into this text box to enable the router to check that they are identical. Secondary Accounting Server IP Address The value in this text box is the IP address of the secondary accounting NAS.
Entity Instance Parameter Values characters Equivalent Web Parameter Password radcli 0,1 aserver2 Valid IP Address a.b.c.
Configuration – Security > TACACS+ The Digi TransPort range of routers support Terminal Access Controller Access-Control System Plus (TACACS+) for controlling access to the router. TACACS+ provides authentication, authorisation and accounting (AAA) services. TACACS+ can be used to control the following access methods: Secured asynchronous serial (ASY) ports, Telnet, SSH, FTP, HTTP/HTTPS and SNMP.
Primary TACACS+ Server Hostname or IP address of Server a.b.c.d Port n The IP address or hostname of the primary TACACS+ server is entered into the left-hand text box. If required a port number may also be specified using the right-hand text box. TACACS+ uses TCP port 49 by default. Entering a different number into this text box will cause the router to use that port instead. The port number is used by both the primary and secondary TACACS+ servers.
Entity Instance Parameter Values characters Equivalent Web Parameter tacplus 0 svr2 Up to 64 characters or valid IP address a.b.c.
Configuration – Security > Command Filters When this feature is enabled, commands will not reach the router’s command interpreter unless they are defined in the Command Filters table. Terminal devices may send commands that the router will not necessarily understand but that require a basic “OK” or “ERROR” response.
Configuration – Security > Calling Numbers Note: This feature is for use by experienced personnel for network testing and fault diagnosis. It should not be required for normal use. To use this feature, the ISDN circuit must support the Calling Line Identification (CLI) facility. If CLI is supported, incoming calls from specified numbers may be answered normally or alternatively rejected with an optional reject code.
Configuration - Position > GPS One of the options available on some models is the ability to connect a GPS receiver which enables the router access to geographical position information. The module may be internal or external. In either situation, an internal asynchronous serial (ASY) port will be used for the connection. The standard way that GPS modules send the data is using National Marine Electronics Association (NMEA) standard 0183 messages. This protocol is usually simply referred to as NMEA.
IP Connection 1 GPS data may be sent to up to two IP destinations. These are specified in the following two sections of the web page. Send GPS messages to IP address a.b.c.d This text entry box holds the IP address that the GPS data should be sent to. Port n The required TCP/UDP port number that the GPS data should be sent to is specified here. Every n interval(s) The number entered into this text entry box controls how often the GPS data is transmitted to the specified host.
Entity Instance Parameter Values GPS receiver gps 0 gga_on 0,1 0 = Off 1 = On Fix data (GGA) gps 0 gll_on 0,1 0 = Off 1 = On Position (GLL) gps 0 gsa_on 0,1 0 = Off 1 = On Active Satellites (GSA) gps 0 gsv_on 0,1 0 = Off 1 = On Satellites in view (GSV) gps 0 rmc_on 0,1 0 = Off 1 = On Position and time (RMC) gps 0 vtg_on 0,1 0 = Off 1 = On Course over Ground (VTG) gps 0 zda_on 0,1 0 = Off 1 = On UTC and local date/time (ZDA) gps 0 oth_on 0,1 0 = Off 1 = On All other
Entity Instance Parameter Values Equivalent Web Parameter gps 0 IPprefix2 Free text Prefix the message with gps 0 IPsuffix2 Free text Suffix the message with The following CLI parameters are not available on the web interface: Entity Instance Parameter Values Equivalent Web Parameter gps 0 gga_int s seconds 0 – 255 n/a gps 0 gll_int s seconds 0 - 255 n/a gps 0 gsa_int s seconds 0 – 255 n/a gps 0 gsv_int s seconds 0 – 255 n/a gps 0 rmc_int s seconds 0 – 255 n/a gp
Applications > Basic > ScriptBasic In order to allow end users to extend and enhance the functionality of the TransPort routers, scripting support is provided. ScriptBasic is a scripting language supported by Digi TransPort routers. This section describes how to run simple ScriptBasic scripts. The main configuration entity is a table containing a list of reference numbers and associated user parameters. The second is a text box containing the name of the script to run.
To execute a script from the CLI, enter the command: bas To kill a running script from the CLI, enter the command: Basic 0 kill Application – Python > Python Files Some of the Digi TransPort routers support the Python scripting language which gives users the facility to extend and enhance the basic functionality of the router. The routers contain a Python interpreter which may be invoked from the command line. This can be useful for developing scripts.
Management – Network Status > Interfaces > Ethernet > ETH n This page displays the current status and statistics of the selected Ethernet interface. IP Address The IP address of the Ethernet interface. This could be either manually configured or assigned via DHCP. Mask The mask of the Ethernet interface. This could be either manually configured or assigned via DHCP. DNS Server / Secondary DNS Server The primary and secondary DNS Server IP addresses of the Ethernet interface.
Rx Overruns The number of receive overruns that have occurred on the Ethernet interface. An Rx overrun occurs when there are not enough buffers to receive incoming packets which results in the received packets being dropped. Collisions The number of times the router has detected a packet collision on the Ethernet network when transmitting a packet. Late Collisions The number of times the router has detected a late packet collision on the Ethernet network when transmitting a packet.
Management – Network Status > Interfaces > Wi-Fi Module Detected This indicates that the Wi-Fi hardware has been detected by the router. Admin Status The current administrative state of the Wi-Fi interface. It indicates whether there is sufficient configuration to bring the Wi-Fi interface up. It can be either “Up” or “Down”. Operational Status The current operational state of the Wi-Fi interface. It can be either “Up” or “Down”. Channel Mode The Wi-Fi channel mode that is being used.
The MAC address of the connected Wi-Fi client. Wi-Fi Node The Wi-Fi node on the router the client is connected to. RSSI The signal strength experienced by the Wi-Fi client. Flags The state information for the Wi-Fi client connection. Power Save The current power saving state of the Wi-Fi client. The possible values are “Awake” and “Sleep”. Neg. Rates (Mbps) The transmission rates that have been negotiated with the Wi-Fi client.
Management > Network Status > Interfaces > Mobile The Mobile status page displays the current mobile connection, network and module information.
Mobile Connection Registration Status The GSM registration status of the mobile module with respect to the GSM network. It may be one of the following • Not Registered, not searching • Not registered, searching • Registered, home network • Registered, roaming • Registration denied • Unknown • ERROR The registration status may sometimes be followed by additional information about the Location Area Code (LAC) and the Cell Identifier (CI).
• • HSUPA CDMA Manufacturer The manufacturer of the mobile module. Model The model of the mobile module. IMEI The International Mobile Equipment Identification (IMEI) of the mobile module. ESN The Electronic Serial Number (ESN) of the mobile module. MEID The Mobile Equipment Identifier (MEID) of the mobile module. IMSI The International Mobile Subscriber Identity (IMSI) of the mobile module. ICCID The Integrated Circuit Card Identifier (ICCID) of the SIM card.
Network The current network reported by the mobile module. Signal strength 1xRTT The signal strength in dBm being received by the mobile module from 1xRTT networks. Signal strength EVDO The signal strength in dBm being received by the mobile module from EVDO networks. Manufacturer The manufacturer of the mobile module. Model The model of the mobile module. MDN The Mobile Directory Number (MDN) of the mobile module. MIN The Mobile Identification Number (MIN) of the mobile module.
Command Option Equivalent Web Parameter modemstat s Scan for Networks pppstat n Mobile Statistics (where n is the PPP interface being used by the mobile interface) 370
Management – Network Status > Interfaces > DSL This page displays the current status and statistics of the DSL interface. Modem Status The current status of the DSL modem. On the DR64 platform, the values can be one of the following • Idle • Activating • Ghs • Training • Up Link Uptime The amount of time the modem has been in the Up state. Firmware Version The version of the firmware running on DSL modem. Operational Mode The operational mode that the DSL modem is in when in the Up state.
Remote Vendor ID The remote vendor ID of the DSLAM that the DSL interface connected to. Speed The current speed the downstream and upstream DSL channels in Kbps. Channel The channel type being used. It can be either “Fast” or “Interleaved”. Relative Capacity The current relative capacity on the downstream and upstream DSL channels. The relative capacity is the percentage of your overall available bandwidth used to obtain your ATM service rate.
Overrun Cells The number of cells lost because of overrun errors. Idle Cells The number of idle cells received. Related CLI Commands Command Instance Equivalent Web Parameter adslst n/a Displays the current DSL interface status. at\mibs=adsl.0.stats n/a Displays the current DSL interface statistics. at\mibclr=adsl.0.stats n/a Clears the current DSL interface statistics. pppstat n DSL Statistics (where n is the PPP interface being used by the DSL PVC).
Management > Network Status > Interfaces > GRE This page displays a summary table of the configured GRE interfaces. # This indicates GRE interface number. Description The configured GRE interface description. Oper. Status The current operational status of the GRE interface. It can be one of the following values Up Lower Layer Down The GRE interface is up. The GRE interface has keepalives enabled but is not getting any response from the configured destination.
Keepalives Sent The number of GRE keepalive packets that have been sent on the GRE interface. Rx Errors The number of receive errors that have occurred on the GRE interface. These can include the received being an invalid GRE packet. Tx Errors The number of transmit errors that have occurred on the GRE interface. These can include an internal error due to no packet buffers being available. Rx Unknown The number of packets that have been received with an unknown IP protocol and have been dropped.
Management – Network Status > Interfaces > PSTN This section contains the network status information for the PSTN interface. Link Name If a description of the interface has been assigned during the configuration, it will appear here. This PSTN interface is using PPP n When configuring the PSTN module, a PPP instance is assigned – the instance number of the assigned PPP interface appears here. IP Address The IP address assigned to the interface is shown here.
Related CLI Commands The CLI commands are the same as for other interfaces and are described in the PPP status section. The command to obtain the status is: pppstat where is the interface number for the PPP interface assigned to the PSTN module and is shown at the top of the web page. Management – Network Status > Interfaces > Serial > Serial n This page displays the current status and statistics of the selected Serial interface. DTR The current status of the Data Terminal Ready (DTR) signal.
Management – Network Status > Interfaces > Advanced > PPP > PPP n This page displays the current status and statistics of the selected PPP interface.
Name The name assigned to the PPP interface. Uptime The amount of time the PPP interface has been up. MRU The maximum receive unit (MRU) that has been negotiated by each peer on the PPP connection. ACCM The Asynchronous Control Character Map (ACCM) that has been negotiated by each peer on the PPP connection. VJ Compression The Van Jacobson (VJ) compression that has been negotiated by each peer on the PPP connection. Link with Active Entity The entity that this PPP interface is using for connectivity.
IPCP Packets Received The number of IP Control Protocol (IPCP) packets that have been received on the PPP interface. IPCP Packets Sent The number of IP Control Protocol (IPCP) packets that have been sent on the PPP interface. BACP Packets Received The number of Bandwidth Allocation Control Protocol (BACP) packets that have been received on the PPP interface. BACP Packets Sent The number of Bandwidth Allocation Control Protocol (BACP) packets that have been sent on the PPP interface.
Route OOS Count The number of Route “Out Of Service” messages sent by the firewall to the routing code. These messages put routes out of service for a period of time and are sent when enough failed PPP transactions have occurred. Related CLI Commands Command Instance Parameter Equivalent Web Parameter ppp n status Displays the current status of PPP interface n. at\mibs=ppp.n.stats n/a n/a Displays the statistics for PPP interface n. at\mibclr=ppp.n.
Management > Network Status > IP Routing Table This page displays the IPv4 routing table. Destination The destination IP network of the route. The destination needs to match the destination IP address of an IP packet for the route to be used. For default routes, the destination IP network is always 0.0.0.0/0. Default routes are used when no other route matches the destination IP address of an IP packet.
Status The current status of the route. It can be one of the following UP DOWN OOS The route is up and can be used for routing. The interface that the route uses is currently down. The interface can be activated if the route is required. The interface that the route uses is currently “Out of Service”. Related CLI Commands Command Options Equivalent Web Parameter route print Displays the IPv4 routing table. route printsrc Displays the IPv4 routing table with the src addr information.
Management > Network Status > IP Hash Table The router uses a routing hash table to improve IPv4 routing performance by reducing route lookup times. The IP hash table contains information on recently routed IP packets such as source and destination IP address, IP protocol, etc. It also contains information on the interface and gateway used when routing the IP packet. When the router receives an IP packet to route, it will look in the IP hash table before looking in the IPv4 routing table.
Idx The index in the IP hash table of the entry. Usage The number of times the entry has been used. Related CLI Commands Command Options Equivalent Web Parameter route hash Displays the IP hash table. route flush Flushes the IP hash table.
Management – Network Status > Port Forwarding Table This page displays the Port Forwarding / NAT table. The Port Forwarding table is used by the router to keep track of IP packets that have been modified via NAT or NAPT in to order to be routed over a particular network. When the router receives a response to a previously modified IP packet, it will look up the matching entry in the Port Forwarding table in order to correctly modify the response IP packet.
Management > Network Status > Firewall This page displays the current Firewall statistics and the Firewall Stateful Inspection table. Passed Packets The number of packets the firewall has passed. Blocked Packets The number of packets the firewall has blocked. Logged Packets The number of packets the firewall has logged. Stateful Packets The number of packets that have matched a stateful rule. Undersized Packets The number of packets received by the firewall that are too small.
Hits The number of times an IP packet has been matched against the firewall rule. Direction The direction of the IP packets that match the firewall rule. Src IP Addr The source IP address of the IP packets that match the firewall rule. Src Port The source TCP/UDP port of the IP packets that match the firewall rule. Dest IP Addr The destination IP address of the IP packets that match the firewall rule. Dest Port The destination TCP/UDP port of the IP packets that match the firewall rule. Trans.
Management > Network Status > Firewall Trace The firewall trace output is appended to when the log keyword is used in the firewall. Most commonly, the log keyword is used in the last rule in form block log break end to log a summary of all packets that did not match one of the preceding allow rules. The log keyword is much more versatile in its usage and what can be logged. For more information see “log:” in the Firewall Scripts section.
Src Port: 12200 Dst Port: 8118 ‘Src Port’ is the source TCP or UDP port number of the packet that was logged. ‘Dst Port’ is the destination TCP or UDP port number of the packet that was logged. ‘block log break end’ This is the actual rule that caused the packet to be logged. Related CLI Commands Command Options Equivalent Web Parameter type fwlog.txt n/a Displays the current Firewall trace. Management – Network Status > DHCP Status This page displays the current DHCP status table.
Management – Network Status > DNS Status This page displays DNS status table. Hostname The hostname that has been resolved. IP Address The IP address of the hostname. TTL The time to live in seconds for the DNS entry. When the TTL reaches zero, the entry is deleted. Related CLI Commands Entity Instance Parameter Equivalent Web Parameter dns 0 status Displays the current status of the DNS table. dns 0 clear Deletes all the entries in the DNS table.
Management – Network Status > QoS This page displays the current QoS status table for a particular interface. Priority Q The priority queue in the table. TX rate (kbps) The current transmit rate in kbps of the queue. Limit The current transmit rate limit in kbps of the queue. Weighted Q length The weighted queue length using the Weighted Random Early Discard (WRED) algorithm. Q length The number of packets on the queue.
Management – Connections > IP Connections This page displays the current status of the TCP sockets on the router. The router has two types of sockets TCP Sockets Reserved for WEB and FTP connections. General Purpose Sockets Can be used by any application for TCP connections. TCP Sockets ID The TCP socket identifier. SID An internal socket identifier. State The current state of the socket. Local IP Addr The IP address on the router that is being used for the TCP connection.
Related CLI Commands Command Options socks Description Displays the current status of the TCP sockets. General Purpose Sockets ID The ID of the general purpose socket. Owner The software task that created the socket.
Protocol The protocol being used by the socket. Mode The mode of operation of the socket. State The current state of the socket. Local Port The port of the router that is being used by the socket. Remote IP Addr The IP address of the remote device that has a TCP connection with the socket. Remote Port The TCP port being used by the remote device. Inactivity Timeout The socket’s inactivity timeout (in seconds). If the timer reaches zero seconds, the TCP connection is closed.
Local Network The local IP network of the IPsec tunnel that is connected to the router. Remote Network The remote IP network of the IPsec tunnel that is connected to the remote device. First Rem. IP / Last Rem. IP For IPsec tunnels that have been negotiated using IKEv2, this is the range IP addresses available on the remote IP network. First Loc. IP / Last Loc. IP For IPsec tunnels that have been negotiated using IKEv2, this is the range IP addresses available on the local IP network.
Related CLI Commands Command Options sastat [dyn] Description Displays the current status of all of the IPsecs tunnels. sastat sastat The optional “dyn” parameter can be used to display the status of the dynamic IPsec tunnels. [dyn] Displays the current status of the IPsec tunnels in the range from to . e.g. sastat 0 49 or sastat dyn 0 49 [dyn] peer Displays the current status of the IPsec tunnels that match the given peer.
Management – Connection > Virtual Private Networking (VPN) > IKE SAs This page displays the current status of the IKE Security Associations (SA). Our ID The ID of the router. Peer ID The ID of the remote device with which the IKE SA has been negotiated. Peer IP Address The IP address of the remote device. Our IP Address The IP address the router used to negotiate the IKE SA. Time Left The time remaining (in seconds) for the IKE SA to remain in force. Session ID The ID of the IKE SA.
Management – Position > GPS This page displays a summary of the most recent information received from the GPS module (if fitted) and the status of the IP connections. Longitude The current longitude contained in the last GGA, GLL or RMC message from the GPS module. Latitude The current latitude contained in the last GGA, GLL or RMC message from the GPS module. No of Satellites The current number of satellites being used as indicated in the last GGA message from the GPS module.
Related CLI Commands Command at\mibs=gps.0.stats Options Description Displays the current status of the GPS receiver.
Management – Event Log This page displays the current contents of the event log on the router. The event log is stored in a pseudo-file called “eventlog.txt”. It acts as a circular buffer so that when there is no space available for new entries, the oldest entries are overwritten. Each entry in the log normally consists of a single line containing the date, time and a brief description of the event. In some case it may also identify: the type/number of the protocol instance the generated the message (e.g.
Management – Analyser The router can be configured to capture a trace of the data being transmitted and received on the various interfaces. It is able to capture the layer 1, 2 and 3 protocol data and present it in an easily read format. Management – Analyser > Settings Enable Analyser This checkbox is used to enable or disable the analyser. Maximum packet capture size The number of bytes that are captured and stored for each packet.
The checkboxes shown under this heading are used to select the Ethernet interfaces over which packets will be captured and included in the analyser trace. Raw SYNC Sources The checkboxes shown under this heading are used to select the synchronous sources over which packets will be captured and included in the analyser trace. DSL PVC Sources The checkboxes shown under this heading are used to select the ADSL ATM PVCs over which packets will be captured and included in the analyser trace.
Conversely, you may wish to only capture traffic to and from particular IP hosts. To do this, use a tilde (~) symbol before the list of IP addresses. For example, to only capture packets to and from IP host 192.168.47.1, enter “~192.168.47.1” for this parameter.
Entity Instance Parameter Values Equivalent Web Parameter eth n ethanon on, off Ethernet Interfaces eth n ipanon on, off IP Sources ovpn n ipanon on, off IP Sources ppp n ipanon on, off IP Sources ppp n pppanon on, off PPP Interfaces tun n ipanon on, off GRE IP Sources tun n tunanon on, off GRE Tunnel Interfaces Related CLI Commands not available via the Web Interface Entity Instance Parameter Values Description ana 0 fcon on, off Enable serial flow control t
Entity Instance ana 0 Parameter Values logsizek Description The maximum size in Kbytes of the file on the alternate drive. Value in Kbytes When set to 0, the file size is only limited by the flash device.
Interface Value Serial 12 4096 To enable the analyser on multiple serial interfaces, add the appropriate values together. For example, to enable the analyser on serial interfaces 2 and 3, the value should 12 (4 + 8). The number of Serial interfaces can vary on different depending on which hardware and software options are available.
Management – Analyser > Trace This displays the current analyser trace. Related CLI Commands Command Options Description type ana.txt Displays the contents of the event log. ana 0 anaclr Clears the contents of the event log. Management – Analyser > PCAP (e.g. Wireshark) traces The traffic captured by the Analyser is also available in PCAP format. This format can be read by a network protocol analyser such as Wireshark.
Option PCAP File Contents IP anaip.pcap IP traffic captured from all enabled IP sources. Ethernet anaeth.pcap Ethernet traffic captured from all enabled Ethernet sources. PPP anappp.pcap PPP traffic captured from all enabled PPP sources. Wi-Fi anawifi.pcap Wi-Fi traffic captured from the enabled Wi-Fi source. Wireshark is free software and can be obtained from http://www.wireshark.
Management – Top Talkers The router can be configured to monitor the data being transmitted and received on the various interfaces. It is able to report which IP hosts are generating the most traffic over a period of one minute and 30 minutes. Top Talkers also allows you to block particular IP traffic flows to stop them from using bandwidth.
Management – Top Talkers > Trace This displays the current top talkers trace.
Administration – System Information This page gives an overview of the status of the router. Model This describes the model of the router. Part Number This describes the Digi part number of the router. Ethernet 0 MAC Address This describes the MAC address of the Ethernet 0 interface. Firmware Version This describes the firmware version that is currently running on the router. SBIOS Version This describes the SBIOS firmware version that is currently running on the router.
Up Time This describes the amount of time since the router booted up. Date and Time This describes the current date and time on the router. Total Memory This describes the total amount of RAM that is fitted on the router. Used Memory This describes the amount of RAM that is currently being used on the router. Free Memory This describes the amount of RAM that is currently free on the router. Mobile Module This describes which mobile module is fitted on the router.
Administration - File Management > FLASH Directory This page displays the contents of the router’s flash file system. The unit has its own FLASH memory fling system that uses DOS-like filenames of up to 12 characters long (8 characters followed by the “.” separator and a 3-character extension). The filing system is used to store the system software, Web pages, configuration information and statistics in a single root directory.
File The name of the file in the flash file system. Size (bytes) The size of the file in bytes. Access The access settings for the file. rw ro Read / Write access Read Only access Last Modified The date and time of when the file was last modified.
Related CLI Commands Command Options dir Equivalent Web Parameter Displays the entire contents of the router’s flash file system. Displays a filtered view of the router’s flash file system. The filter can contain wildcards using the *. dir e.g. dir *.pem to display all the files ending in “.pem”. dir u: Displays the contents of an USB flash stick if inserted into the USB port of the router.
File The name of the file in web file. Size (Bytes) The size of the file in bytes. Compressed Size (Bytes) The compressed size of the file in bytes. Administration - File Management > File Editor The file editor allows the user to edit text files on the router. Filename The name of the file to edit. It is possible to create a new file by typing in the filename and clicking on the “Save File” button. Load File Load the file specified in “Filename” into the editor box.
Administration > X.509 Certificate Management The X.509 Certificate Management pages are for loading and managing X.509 certificates and public/private host key pairs that are public key infrastructure (PKI) based security. There are separate pages of settings for the certificate databases and key management. Administration > X.509 Certificate Management > Certificate Authorities (CAs) A certificate authority (CA) is a trusted third party which issues digital certificates for use by other parties.
Application The SCEP application running on the server. CA identifier The identifier for the CA server. The CA identifier to use to identify a particular CA when multiple CAs might be running on the server. Related CLI Commands Entity Instance Parameter Values Equivalent Web Parameter scep 0 host IP Address SCEP Server IP address scep 0 port 0 - 65535 Port scep 0 path String Path scep 0 app String Application scep 0 caident String CA Identifier Administration > X.
Upload Certificate or Private Keys Certificates and private key files can be uploaded from a host PC onto the router using the “Browse” and “Upload” buttons. Enrolment The following parameters allow the user to create a certificate request, enroll them and to install the certificates on the router. SCEP Server IP address The IP address of the SCEP server / CA server. Port The port on which SCEP server is listening. If the port is 0, the default port of 80 will be used.
CA signature certificate Sometimes when you get a CA certificate, a CA signature certificate is installed on the router at the same time. You can identify a CA signature certificate by looking at the X.509 Key Usage section in the certificate. It should say something like the following X509v3 Key Usage: critical Digital Signature, Non Repudiation If a CA signature certificate has been installed by the CA you wish to use for the certificate request, the CA signature certificate should be entered.
Ignore NONCE in SCEP response The parameter instructs the router to ignore the NONCE field in the SCEP response. The NONCE is primarily used to prevent replay attacks.
Administration > X.509 Certificate Management > Key Generation This page allows you to generate a private key. A private key must be created before a certificate can be requested as it is used in the request. Key filename Enter a name for the private key (the filename must be prefixed with “priv” and have a “.pem” extension). Key size The size of the private key in bits.
Key generated, saving to FLASH file privkey.pem Closing file Private key file created All tasks completed Private key files - Splitting Certificates For increased security there is the option of splitting the private key file between the Digi flash and an USB memory stick. Once a private key has been split and stored in 2 parts, the USB memory stick must be present for any successful IKE negotiations that involve the private key.
Administration – Update Firmware This page allows the user to update the router’s firmware. The router will download a zip file onto the router, uncompress it, validate each file within the zip file and then update the files in its flash file system. The zip file containing the latest firmware version is available from the Digi website (http://transport.digi.com/digi/firmware/ftp/). The zip file should be downloaded to your PC before starting the firmware update.
Model This indicates which model this router is. Firmware Version This indicates the current firmware version running on the router. Select Firmware Select the zip file on your PC containing the firmware version to you wish to update to. Once the firmware update is complete, the router has to be rebooted before the new firmware version can run.
Administration – Factory Default Settings This page allows you to reset the router’s configuration back to the factory defaults. The router must be rebooted before the configuration changes take effect. Keep network settings Selecting this option will mean that certain network settings will be preserved and not reverted back to the factory defaults.
Administration – Execute a command This page allows CLI commands to be entered via the web browser. Almost all of the CLI commands detailed in this reference guide can be entered via this page. The corresponding output will be shown when the ‘Execute’ button is pressed. Administration – Save configuration Once you have configured the router, your chosen settings must be saved to non-volatile memory to avoid losing them when the power is removed.
Administration – Reboot The reboot page is used to reboot the router immediately or at a scheduled time. A reboot will be performed after any FLASH write operations have been completed. Also, one second each is allowed for the following operations to be completed before reboot will take place: • IPSec SA delete notifications have been created and sent • TCP sockets have been closed • PPP interfaces have been disconnected Immediately Selecting this option will cause the router to reboot after a few seconds.
Further information on the filing system & system files The dir command described below is used to display a list of the currently stored files. A typical file directory will include the following files: Filename Description ana.txt Pseudo file for Protocol Analyser output config.da0 Data file containing Config.0 settings direct File directory eventlog.txt Pseudo file for Event Log output fw.txt Firewall script file fwstat.txt Firewall script status file image Main system image *.
You may select which of the two config files is loaded when the unit is powered-up or rebooted by setting the parameter Configuration - System > General > Miscellaneous > Use Config n when the router powers up as required (or by using the config n powerup CLI command). Note: The CONFIG files only contain details of settings that have been changed from the default values. SREGS.DAT A combined set of AT command and S register settings are referred to as a “profile”.
DEL Delete File The del command is used to delete files from the filing system. The format is: del where is the name of an existing file. You can also use wild cards in the filename in order to delete several files at once. The * character can represent one or more characters in the filename. For example, del fw*.txt will delete fw.txt and fwstat.txt. The del command returns OK if files have been deleted, or ERROR if no matching files have been found.
MOVE Move File The move command is used to replace one file with another whilst retaining the original filename. The format is: move For example, the command: move fw-temp.txt fw.txt will delete the file called “fw.txt” and then rename the file called “fw-temp.txt” as “fw.txt”. REN Rename File The ren command is used to rename files in the filing system.
XMODEM File Transfer The xmodem command is used to initiate an XMODEM file upload from the port at which the command is entered. The format is: xmodem where is the name under which the file will be saved when the upload is complete. After entering the xmodem command the unit will wait for your terminal program to start transmitting the file. When the upload is complete and the file has been saved, the unit will respond with the OK result code.
USB Filing System Commands The USB storage device will respond to any of the standard filing system commands. For all filing system commands, the USB storage device is regarded as drive u:. Note: The unit does not support sub-directories. Any sub-directories on the USB device will appear with a size of 0 bytes on the Administration - File Management > FLASH Directory page. Example 1: To display the contents of the USB storage device, you would enter the command: dir u: SERIALS.TXT 1843 EVENTL~1.
Using USB devices to upgrade firmware Functionality available from firmware version 4891 onwards. The firmware of a TransPort can be upgraded using the USB storage device. To do this procedure, using the information given above, a simple batch file called pb2.bat should created and the relevant files placed into the root directory of the USB storage device. Then, when the USB device is inserted into the TransPort and the reset button is pressed twice, the upgrade is performed. ERROR_EXIT del *.
For example, to create a key you would enter the command: usbcon 0 flashkey In order to encode this key onto a file called “autoexec.bat” on the USB storage device, you would enter the command: uflash autoexec.bat put In order to remove a key from a file, you would use the clr parameter of the uflash command, thus: uflash autoexec.bat clr Note: You must be logged onto the unit with Super access level in order to use the uflash command. By default, an autoexec.
Note that the final -2 is important in both cases as otherwise the command would disable the internal USB devices which could include connections to the wireless module or other components. To disable Serial devices from using either external USB port on a DR64x0, or on a port connected to a hub on either these ports... usbcon 0 dislist "usb-1-2*.SERIAL,usb-2-2*.SERIAL" or usbcon 0 dislist usb-?-2*.SERIAL The enalist takes the same format but when matches it causes the device to be specifically enabled.
DR6410 HIA DSL2 2+ Router dr6410 8W NOVATEL_3G ISDN OK Example scenario: A single configuration file is required for a range of DR6410 routers, there is a mix of 3 types of 3G WWAN modules and some have GPRS modules installed. Different W-WAN modules need different modemcc commands to correctly configure the ASY ports. All these modules can have their own specific commands in one config file. Example configuration using tagged sections: Comments are in red and prefixed with a # symbol.
modemcc 0 asy_add 7 modemcc 0 info_asy_add 11 #End of DR6410-E0A config #Rest of generic config goes below here modemcc 0 apn internet” eth 0 ipaddr 192.168.0.
Web GUI Access via Serial Connection To access the web interface through one of the unit’s serial ports (using Windows dial-up networking) follow the steps below. Note: To use Dial-up Networking you must have the TCP/IP > Dial-up adapter installed in the Network Configuration for Windows. Check this by selecting Settings > Control Panel > Network > Configuration. Installing the Driver File You will need to install the “Digi_MULTI_PORT.
3. Check the Don’t detect my modem, I will select it from a list option before clicking Next > to display the following dialog screen: This screen lists the manufacturers and models of modem currently available on your system. 4. Insert the CD supplied into the CD drive and click on Have Disk….
Use the Browse button to locate the Digi_MULTI_PORT.INF file on the driver CD supplied with your unit or downloaded from the Digi support website. This will be in the appropriate Windows version sub-directory of the drives folder, e.g. win95-98. A list of routers will appear in the Models list: Each entry in the list is the same driver, set up for a different COM port. 5. Choose the entry corresponding to the COM port your router is connected to, and click Next >.
Click on the OK button if you are satisfied with the installation. Note: During the installation you may receive a warning that the driver is not digitally signed. Click on Continue Installation to install the driver.
Creating A New Dial-Up Network Connection You now need to create a new DUN connection through which you can access your unit. If you are planning to connect the unit directly to your PC for configuration purposes, connect it to the appropriate COM port now using a suitable serial cable. If you wish to configure a remote unit, make sure it is connected to a suitable ISDN line and make a note of the ISDN number. 1.
4. From the Select a Device dialog, select the unit you have just installed and make sure that any other devices in the list are unchecked. Click Next >. 5. You must now enter a name for the connection. It is helpful to choose a name that you will easily remember such as “My Digi Router” or “DR64 - Bristol Office”. Click Next >.
If the connection is being created for direct local access using a COM port, you should set the phone number to 123. This number will be intercepted by the unit and recognized as an attempt to connect locally. If the connection is being created for remote access, enter the correct ISDN telephone number (including the area code) for the remote unit. When you have done this click Next >.
Configuring the New DUN Connection The new DUN connection that you have just created may now be used to connect to the unit but before you do this, you will need to check some of the configuration properties. 1. Click on the Start button and select Connect To > My Digi Router (substituting the connection name you chose). 2. Click on the Properties button to display the properties dialog for the connection: 3.
Make sure that the Maximum speed (bps): value is set to 115200 and that the Enable hardware flow control box is checked. Click OK when you have finished to return to the main properties dialog. 4.
Make sure that all three options are unchecked before clicking OK to return to the Networking tab. In the This connection uses the following items list, Internet Protocol (TCP/IP) should be the only item that is checked. Make sure that this is the case and then click OK to return to the main dialog. You are now ready to initiate a connection. Initiating a DUN Connection In the main dialog, you are asked to enter a username and password.
You will need a valid username and password to access the web interface. Once again, the default settings are username and password respectively. If these values do not allow access, you should contact your system administrator.
SQL commands When IPSec Egroups are used with a SQL database for dynamic Eroute configuration, there are CLI commands that will help with configuration and troubleshooting on the Digi router. Local Database commands As well as using an external SQL database, the Digi can cache the SQL table entries it learns from the SQL server in RAM so if the SQL server goes offline for any reason, the database entries are still available to renew existing IPSec SA’s.
Learning mode - Saving entries When learning mode is used, the dynamic backup database is stored in RAM. This database will be lost if the Digi router is power cycled. The database in RAM can be saved to flash to over-write the dbfile with the one in RAM that includes the learnt entries or it can be saved to a new file. To save the dbfile to flash from RAM, use the following command. sqlsave 0 Where is the name of the destination file.
For example, to configure and use a local backup database when the main SQL database at 192.168.0.50 is offline, the configuration may look similar to this: egroup 0 dbhost "192.168.0.50" sql 0 dbsrvmem 200 sql 0 dbfile "sardb.csv" sql 0 dbname "sarvpns" sql 0 learn ON sqlsave 0 backup.csv ipbu 0 IPaddr "192.168.0.50" ipbu 0 BUIPaddr "127.0.0.1" ipbu 0 retrysec 30 ipbu 0 donext ON Memory info smem Displays the amount of memory allocated, in use and available for use by the MySQL server on the Digi.
To enable the SQL debug: sql 0 debug_opts 3 To view the debug data via the ASY 0 port: debug 0 To view the debug data via telnet: debug t To disable the SQL debug: sql 0 debug_opts 0 debug off 455
Answering V.120 Calls V.120 is a protocol designed to provide high-speed point-to-point communication over ISDN. It provides rate adaptation and can optionally provide error control. Both the calling and called units must be configured to use V.120 before data can be transferred. Similarly, if one unit is configured to use the error control facility, the other must be configured in the same way. Initial Set Up Before using V.120 you must first bind one of the two available V.
Finally, you must ensure that there are no conflicts with other protocols configured to answer on other ASY ports. This can be done by disabling answering for the other ports/protocols or by using the MSN and/or Sub-address parameters to selectively answer calls to different telephone numbers using different protocols. For example, if you have subscribed to the ISDN MSN facility, you may have been allocated say four telephone numbers ending in 4, 5, 6 and 7.
ANSWERING ISDN CALLS Digi routers are capable of answering incoming B-channel ISDN calls with 3 main protocols. Usually several instances of these protocols exist. This section explains how answering priorities work for the different protocols. Protocol Entities The following protocol instances are capable of answering an incoming ISDN call: Adapt Adapt instances provide rate adaptation protocols such as V.120 or V.110. LAPB LAPB instances allow the unit to answer incoming X.25 calls over ISDN.
A protocol entity’s MSN parameter can be used to: • cause a protocol instance not to answer an incoming ISDN call (if the trailing digits of the ISDN number called do not match the entry in this field). • increase the answering priority of an instance (if more than one protocol instance is configured to answer and the trailing digits of the ISDN number called match the value of the MSN parameter for a particular protocol instance).
X.25 PACKET SWITCHING Introduction X.25 is a data communications protocol that is used throughout the world for wide area networking across Packet Switched Data Networks (PSDNs). The X.25 standard defines the way in which terminal equipment establishes, maintains and clears Switched Virtual Circuits (SVCs), across X.25 networks to other devices operating in packet mode on these networks. The protocols used in X.25 operate at the lower three layers of the ISO model.
X.28 Commands Once an X.25 session layer has been established the unit switches to “PAD” mode. In this mode operation of the PAD is controlled using the standard X.28 PAD commands listed in the following table: Command Description CALL Make an X.25 call CLR Clear an X.25 call ICLR Invitation to CLR INPAR? List X.3 parameters of specified PAD instance INPROF Load or save specified PAD profile INSET Set X.
Example CALL R,G12,NMYNUI-56512120DHello places a call to address 56512120 using reverse charging and specifying Closed User Group 12. The string “MYNUI” is your Network User Identity and the string “Hello” appears in the user data field of the call packet. Note: The particular facilities that are available will vary between X.25 service providers.
Network User Identity (NUI) The N facility code allows you to include your Network User Identity in the call packet. For security reasons the PAD echoes each character as an asterisk (*) during the entry of an NUI. Some X.25 services use the NUI field to pass both a username and password for validation.
Code Verbose message 3 No route to destination 4 Channel unacceptable 6 Channel unacceptable 7 Call awarded and being delivered in an established channel 16 Normal call clearing 17 User busy 18 No user responding 19 No answer from user (user alerted) 21 Call rejected 22 Number changed 26 Non-selected user clearing 27 Destination out of order 28 Invalid number format 29 Facility rejected 30 Response to STATUS ENQUIRY 31 Normal, unspecified 34 No circuit/channel available 3
Code Verbose message 82 Identified channel does not exist 83 A suspended call exists, but this call identity does not 84 Call identity in use 85 No call suspended 86 Call having the requested call identity has been cleared 88 Incompatible destination 90 Destination address missing or incomplete 91 Invalid transit network selection 95 Invalid message, unspecified 96 Mandatory information element is missing 97 Message type non-existent or not implemented 98 Message not compatible with
The clear down reason codes supported by the unit are listed in the following table: Reason Code Numeric Code Text DTE 0 by remote device OOC 1 number busy INV 3 invalid facility requested NC 5 temporary network problem DER 9 number out of order NA 11 access to this number is barred NP 13 number not assigned RPE 17 remote procedure error ERR 19 local procedure error ROO 21 cannot be routed as requested RNA 25 reverse charging not allowed ID 33 incompatible destination FNA
To create a User PAD profile you must use the SET command to configure the various PAD parameters to suit your application and then use the PROF command in the format: PROF &nn where “nn” is the number of the User PAD profile to be stored, e.g. 03. Alternatively, you may use the web interface to edit the parameters directly (Configuration - Network > Legacy Protocols > X.25 > PADs n-n > PAD n > PAD Settings).
When used in the format: prof nn the PROF command loads the stored profile specified by “nn”. RESET Send Reset Packet RESET is used to issue a reset for the current call to the network. It does NOT clear the call but it does return the network level interface to a known state by re-initialising all Level 3 network control variables. All data in transit will be lost. RPAR? Read Remote X.3 Parameters RPAR? lists the current X.3 parameter settings for the remote system. RSET Set Remote X.
PPP OVER ETHERNET PPP over Ethernet (PPPoE) is a means of establishing a PPP connection over the top of an Ethernet connection. The implementation provided is compliant with RFC 2516, “A Method for Transmitting PPP Over Ethernet”. A typical application would be to allow non-PPPoE enabled devices to access Internet services where the connection to the Internet is provided by an ADSL bridge device.
IPSEC AND VPNS What is IPSec? One inherent problem with the TCP protocol used to carry data over the vast majority of LANs and the Internet is that it provides virtually no security features. This lack of security, and recent publicity about “hackers” and “viruses”, prevent many people from even considering using the Internet for any sensitive business application. IPSec provides a remedy for these weaknesses adding a comprehensive security “layer” to protect data carried over IP links.
DES (64-bit key) This well-known and established protocol has historically been used extensively in the banking and financial world. It is relatively “processor intensive”, i.e. to run efficiently at high data rates a powerful processor is required. It is generally considered very difficult for casual hackers to attack but may be susceptible to determined attack by well-equipped and knowledgeable parties.
X.509 Certificates In the previous section, security between two points was achieved by using a “pre-shared secret” or password. Certificates provide this sort of mechanism but without the need to manually enter or distribute secret keys. This is a complex area but put simply a user’s certificate acts a little like a passport providing proof that the user is who they say they are and enclosing details of how to use that certificate to decrypt data encoded with it.
The unit maintains two lists of certificate files. The first is a list of “Certificate Authorities” or CAs. Files in this list are used to validate public certificates sent by remote users. Public certificates must be signed by one of the certificates in the CA list before the unit can validate them. Certificates with the filename CA*.PEM and CA*.DER are loaded into this list at start-up time. In the absence of any CA certificates, a public certificate cannot be validated.
FIREWALL SCRIPTS Introduction A “firewall” is a protection system designed to prevent access to your local area network by unauthorised “external” parties, i.e. other users of the internet or another wide area network. It may also limit the degree of access local users have to external network resources. A firewall does not provide a complete security solution; it provides only one element of a fully secure system. Consideration should also be given to the use of user authentication and data encryption.
Filter Rules The syntax for a filter rule is: [action] [in-out] [options] [tos] [proto] [dnslist] [ip-range] [inspect-state] When the firewall is active, the script is processed one line at a time as each packet is received or transmitted. Even when a packet matches a filter-rule, processing still continues and all the other filter rules are checked until the end of the script is reached. The action taken with respect to a particular packet is that specified by the last matching rule.
ICMP type value ICMP type 15 routersol The optional [icmp-code] field can also be a decimal number representing the ICMP code of the return ICMP packet but if the [icmp-type] is [unreach] then the code can also be one of the following pre-defined text codes: ICMP code Meaning net-unr Network unreachable host-unr Host unreachable proto-unr Protocol unrecognised port-unr Port unreachable needfrag Needs fragmentation srcfail Source route fail For example: block return-icmp unreach in break end
The vdscp action is very similar to the dscp action as described above in that it adjusts the DSCP value in a packet. The difference however is that this is a virtual change only which means that the actual packet is not changed, and that the packet is processed as if it had the DSCP value as indicated. Like the dscp action, a decimal or hex number must follow. [in-out] The [in-out] field can be in or out and is used to specify whether the action applies to inbound or outbound packets.
Example: break ppp_label on ppp 0 # insert rule processing here for packets that are not on ppp 0 break end ppp_label # insert rule processing here for packets that are on ppp 0 on The on option is used to specify the interface to which the rule applies and must be followed by a valid interface name. For example, if you were only interested in applying a particular rule to packets being transmitted or received by PPP 0, you would include on ppp 0 in the rule.
Identifier Meaning tcp TCP packet ftp FTP packets regardless of port number icmp ICMP packet decimal number decimal number matched to protocol type in IP header The [proto] field is also important when “stateful” inspection is enabled for a rule (using the [inspect-state] field), as it describes the protocol to inspect (see [inspect-state] below). [dnslist] The [dnslist] field is used to match packets that contain DNS names that are in a given dnslist.
addr = “any” | ip-addr[ “/”decnum ] [ “mask” ip-addr | “mask” hexnum ] port-comp = “port” compare port-num port-range = “port” port-num “<>” | “><” port-num ip-addr = IP address in format nnn.nnn.nnn.
Address/Port Translation One further option that may be used when specifying addresses is to use address translation. The syntax for this is: srcdst = “all | fromto [-> [ip-object] “to” object] I.e. directly after the IP addresses and port are specified an optional “->” can follow indicating that the addresses/ports should be translated. The first source object is optional and is unlikely to be used as it is more normal to translate the destination address.
Keyword Std. Port Service telnet 23 Telnet server port smtp 25 SMTP server port http 80 Web server port pop3 110 Mail server port sntp 123 NTP server port ike 500 Source/destination port for IKE key xot 1998 Destination port for XOT packets Note: The above service keywords are pre-defined based on “standard” port numbers. It is possible that these may have been defined differently on your system in which case you should use the port numbers explicitly (not the defined names).
As a further example, let us say we want to allow outward connections from a machine on 10.1.2.33 to a Telnet server. We have to define a filter rule to pass outbound connections and the inbound response packets. Because this is an outbound Telnet service we can make use of the fact that all incoming packets will have their ACK bits set. Only the first packet establishing the connection will have the ACK bit off. The filter rules to do this would look like this: pass out break end from 10.1.2.
The following two rules are therefore equivalent: pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type 0 pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type echorep Both of these rules allow echo replies to come in from interface ppp 0 if they are addressed to our example local network address (10.1.2.*). In addition to having a type, ICMP packets also include an ICMP code field.
The field can be used on its own or with an optional oos (Out Of Service) parameter. To understand this better let us look at a simple example in which we want to set up a filter to allow all machines on a local network with addresses in the range 10.1.2.*, to access the Internet on port 80. We will need one rule to filter the outgoing packets and another to filter the responses: pass out break end on ppp 0 from 10.1.2.0/24 to any port=80 pass in break end on ppp 0 from any port=80 to 10.1.2.
The potential for a security breach has now been virtually eliminated because even if a hacker could time his attack perfectly he would still have to forge a response packet using the correct source address and port (which was randomly created by the sender of the HTTP request) and also has to target the specific IP address that opened the connection. Another advantage of “inspect-state” rules is that they are scalable, i.e. many machines can use the rule simultaneously.
The inspect-state option can be used with the following ICMP packet types: ICMP Type Matching ICMP Type Echo Echo reply Timest Timestrep Inforeq Inforep Maskreq Maskrep Using [inspect-state] with the Out Of Service Option The inspect-state field can be used with an optional oos parameter. This parameter allows the stateful inspect engine to mark as “out of service” any routes that are associated with the specified interface and also to control how and the interfaces are returned to service.
The third rule is more complex. What it does is to configure the stateful inspection engine to watch for UDP packets (with any source address) being routed via the PPP 1 interface to any address that begins with 156.15 on port 1234. If a hit occurs on this rule but the unit does not detect a reply within 10 seconds (as specified by the t= parameter), it will increment an internal counter.
The FWLOG.TXT File When the log option is specified within a firewall script rule, an entry is created in the FWLOG.TXT pseudo-file each time an IP packet matches the rule. Each log entry will in turn contain the following information: Parameter Description Timestamp The time when the log entry is created. Short Description Usually “FW LOG” but could be “FW DEBUG” for packets that hit rules with the “debug” action set. Dir Either “IN” or “OUT”. Indicates the direction the packet is travelling.
block return-icmp echorep log body break end proto icmp icmp-type echo From REM TO LOCIFACE: ETH 0 45 IP Ver: 4 Hdr Len: 20 00 TOS: Routine Delay: Normal Throughput: Normal Reliability: Normal 00 3C Length: 60 9C CC ID: 40140 00 00 Frag Offset: 0 Congestion: Normal May Fragment Last Fragment 80 TTL: 128 01 Proto: ICMP 0C E1 Checksum: 3297 64 64 64 19 Src IP: 100.100.100.25 64 64 64 32 Dst IP: 100.100.100.
Dest Port: 23 TCP Flags: S Further [inspect-state] Examples Here is a basic inspect-state rule with no OOS options: pass out break end on PPP 2 proto TCP from 10.1.1.1 to 10.1.2.1 port=telnet flags S!A inspect-state This rule will allow TCP packets from 10.1.1.1 to 10.1.2.1 port 23 with the SYN flag set to pass out on PPP 2. Because the inspect-state option is used, a stateful rule will also be set up which allows other packets for that TCP socket to also pass.
Keeping a route out of service and using recovery It may be that the user wants to keep the interface OOS until he is sure that a future connection will work. To help achieve this, one or more recovery options may be specified. These options get the unit to test connectivity between the unit and the destination IP address of the packet that established the stateful rule. The recovery can be in the form of a PING or a TCP socket connection. An interval between recovery checks must also be specified.
Keeping a route out of service and using recovery with a list of addresses This expands on the functionality above and gives the ability to check connectivity to a range of addresses using a ping. It is possible to specify an address list that the recovery mechanism will ping in turn to see if any respond.
REMOTE MANAGEMENT Digi products equipped with ISDN BRIs can be accessed and controlled remotely via the ISDN network by using: • • • • a V.120 connection to access the text command interface PPP to access the Web Interface PPP to access the text command interface using Telnet the X.25 remote command channel Remote access via any one of these methods can be used to reconfigure the unit, upload/download files or upgrade the software, examine the event log or protocol analyser traces or to view statistics.
Using FTP TransPort routers incorporate an FTP server. FTP allows users to log on to remote hosts for the purpose of inspecting file directories, retrieving or uploading files, etc. For PC users, MSDOS includes FTP support and there are a number of Windows-based specialist FTP client programs such as CuteFTP™ and Ws_ftp™. Many browsers also incorporate FTP support. To initiate remote access to a unit using FTP, first establish a PPP DUN connection to the unit and then run your FTP software.
Using X.25 Remote access to your unit may also be carried out over an X.25 connection. The remote unit must first have the parameter Allow CLI access from X.25 address set to an appropriate value (see Configuration - System > General). If the unit then receives an incoming X.25 call where the trailing digits of the NUA match the specified sub-address, the calling user will receive the standard login prompt.
AT COMMANDS D Dial The ATD command causes the unit to initiate an ISDN call. The format of the command depends on the mode of operation. When using the unit to make data calls on one of the ISDN B-channels, enter the ATD command followed by the telephone number. For example, to dial 01234 567890 enter the command: atd01234567890 Spaces in the number are ignored. If the call is successful the unit will issue the CONNECT result code and switch to on-line mode.
&C DCD Control The AT&C command is used to configure the way in which the unit controls the DCD signal to the terminal. There are three options: &C0 DCD is always On &C1 DCD is On only when an ISDN connection has been established (Layer 2 is UP) &C2 DCD is always Off &C3 DCD is normally On but pulses low for a time in 10 msec units determined by S register 10. &F Load Factory Settings The AT&F command is used to load a pre-defined default set of S-register and AT command settings (the default profile).
The AT&W command may be immediately followed by a profile number, either 0 or 1, to store the settings in the specified profile, for example: at&w1 would store the current settings as profile 1. If no profile number is specified, profile 0 is assumed. All S register values and the following command settings are written by AT&W: e, &c, &d, &k &Y Set Default Profile The AT&Y command is used to select the power-up profile (0 or 1).
\AT Ignore Invalid AT Commands This command is a work-around for use with terminals that generate large amounts of extraneous text. If not ignored, this text can cause many error messages to be generated by the router, and may result in a communications failure. To turn on this feature, type the following command: at\at=1 To turn off the feature, type the following command: at\at=0 When this feature is turned on, the ASY port ignores all commands except real AT commands.
\smib Commands The at\smib command allows you to view a single standard MIB variable. To view the variable use the at\smib= command, where is the variable to be displayed. The variables are sorted according to the hierarchy shown below.
System The System hierarchy consists of the following: at\smib=mib-2.system.sysdescr This variable shows the software version information (equivalent to what is shown on the ‘ati5’ CLI command output). mib-2.system.sysdescr = Software Build Ver5121. Jan 31 2011 12:26:04 9W at\smib=mib-2.system.sysobjectid The authoritative identification of the network management subsystem. The Digi does not support outputting OID variables. Instead, “oid” is output. mib-2.system.sysobjectid = oid at\smib=mib-2.system.
For the Digi, this value is always 7 (Physical layer (21-1) + Data Link layer (22-1) + Network layer (23-1)). Interfaces The Interfaces hierarchy consists of the ifnumber variable and the iftable node: at\smib=mib-2.interfaces.ifnumber The total number of interfaces on the unit. This includes Ethernet, PPP and virtual interfaces (i.e. IPSec tunnels) and SYNC ports. mib-2.interfaces.ifnumber = 52 at\smib=mib-2.interfaces.iftable The iftable node contains ifentry nodes for each interface.
at\smib=mib-2.interfaces.iftable.ifentry.ifmtu The size of the largest datagram (in octets) which can be sent on the interface. SNAIP and SYNC ports always return 0. IPSec tunnel interfaces will return the underlying interface if it can be located, otherwise 0 is returned. PPP interfaces will return the negotiated MTU if the link is connected, otherwise 0 is returned. For example: mib-2.interfaces.iftable.ifentry.ifmtu.21 = 1504 at\smib=mib-2.interfaces.iftable.ifentry.
at\smib=mib-2.interfaces.iftable.ifentry.ifoutnucastpkts The total number of packets that higher-level protocols requested this interface to transmit to a non-unicast (i.e. broadcast or multicast) address, including those that were discarded or not sent. at\smib=mib-2.interfaces.iftable.ifentry.ifouterrors The number of outbound packets that this interface could not transmit because of errors. IP The IP node consists of the ipforwarding variable and the ipaddrtable and iproutetable nodes. at\smib=mib-2.ip.
at\smib=mib-2.ip.iproutetable.iprouteentry.iproutemetric1 The primary routing metric for the route. at\smib=mib-2.ip.iproutetable.iprouteentry.iproutenexthop The IP address of the next hop of the route. at\smib=mib-2.ip.iproutetable.iprouteentry.iproutetype The type of route. Valid values are: 1 Valid 2 Invalid 3 Direct 4 Indirect at\smib=mib-2.ip.iproutetable.iprouteentry.iproutemask The netmask for the route.
“S” REGISTERS In addition to the AT commands there are a number of Special (“S”) registers. These registers contain numeric values that may represent time intervals, ASCII characters or operational flags. To display the contents of a particular “S” register, the ATS command is used in the form ATSn? where n is the number of the register whose contents are to be shown.
S1 Ring count Units: Rings Default: n/a Range: n/a When ADAPT detects an incoming ISDN call on an ASY port, it will print “RING” to the ASY port at 2 second intervals. It also increments the S1 register, counting how many times “RING” is printed. S2 Escape Character Units: ASCII Default: 43 Range: 0-255 The value stored in S2 defines which ASCII character is used as the Escape character, which by default is the “+” symbol.
Register S31 is used to set the speed and data format for the ASY port to which you are currently connected. The default value for ASY 0 is 0, i.e. the port speed/data format is not set to a specific value, it is determined automatically from the AT commands that you enter. The default value for ASY 1, 2 and 3 is 3, i.e. the ports will only accept AT commands at 115,200bps (8 data bits, no parity and 1 stop bit).
GENERAL SYSTEM COMMANDS The application commands described in this section are basic configuration commands that do not relate to specific types of application or network. CONFIG Show/Save Configuration The config command is used for the following purposes to show current or stored configuration settings, to save the current configuration or to specify which configuration is to be used when the unit is powered up or rebooted.
REBOOT Reboot Unit The reboot command causes the unit to execute a complete hardware reset, loading and running the main image file from cold. It has three modes of operation: reboot - will reboot the unit after any FLASH write operations have been completed.
Clearing the Analyser Trace and Event Log To clear the analyser trace, the CLI command is ana 0 anaclr To clear the event log, the CLI command is clear_ev Activate and Deactivate interfaces To manually activate (or raise) an interface, the following CLI command can be used as an activation request. act_rq To manually deactivate (or lower) an interface, the following CLI command can be used as an activation request.
TCPPERM AND TCPDIAL This section describes the operation of the tcpperm and tcpdial commands which are available only as application commands and have no equivalent web pages. TCPPERM The tcpperm command is used to establish a permanent “serial to IP” connection between one of the ASY ports and a remote IP host. After the command has been executed, the unit will automatically open a socket connection to the remote peer whenever data is received from a terminal attached to the specified ASY port.
Parameter Description -i The inactivity timeout (s) after which the socket will be closed -k Keep alive packet timer (s) -l Listening port - allows the user to set a new TCP port number to listen on rather than the default value of 4000+ASY port # -m Multihome additional consecutive addresses index -ok Open socket in ’quiet mode’, i.e. there is no ’OK’ response to the TCPPERM command. -s Source port number -ssl Use SSL mode -t Use Telnet mode.
SERIAL PORT CONNECTIONS Depending upon the model, the asynchronous serial ports on may be presented as DB 25 sockets, DB 9 sockets or 8-pin RJ45 sockets. On some models, a combination of the above may be used. The following tables list the pin designations of each type of connector for each Digi model. The RS-232 port pin-outs are suitable for both Async and Sync port connections. When used in Async mode the pins for TxC, RxC & ETC are not required, these are needed for Sync mode only.
DR6410, DR6420, DR6460, DR64x0W & WR41 517
WR44 520
TA2020 ER2110, IR2110 & MR2110 523
IR2140 & GR2140 524
GR2130 525
IR2140 528
IR2420 531
TA2020B & IR2110B 534
DR4410, DR4410i & DR4410p 537
MW3410, MW3520 & VC5100 540
ER4420, ER4420d, ER4420i, ER4420p, HR4420, HR4420d, HR4420i, HR4420p & IR4420 543
MR4110, ER4110, HR4110, GR4110 & TR4110 546
RS-232 (V.
Configuring X.21 on Older Models Some older Sarian legacy units require an X.21 daughter card to be fitted to enable X.21 operation. There are two versions of the X.21 daughter card. One version is compatible with GR2130, IR2140 and IR2420 routers, and one version is compatible with MW3520, MW3410 and VC5100 routers. The X.21 daughter card compatible with GR2130, IR2140 and IR2420 routers has three internal jumpers that determine the clock mode.
EMAIL TEMPLATES One of the principal features provided by the event log function is the ability to configure the unit to automatically generate and send an email alert message each time an event of up to a specified priority occurs. The format of the message is determined by the email template specified in the Use email template file parameter (normally EVENT.EML) in the Configuration - Alarms > Event Settings > Email Notifications web page. If the standard EVENT.
If this field is present in the header, the unit will insert the current date and time into the header. The date and time are values local to the unit and do not contain any time zone information. Body Section The body section may include any text. This text is parsed for any function calls that may be present. Function calls must be enclosed between “<%” and “%>”. These sequences are substituted by text resulting from the function call.
e.g. <%run_cmd("ati5");%> <%run_cmd("bufs");%> <%run_cmd("msgs");%> An example template adding CLI commands would be: TO: fred@anyco.com, jane@anyco.co.uk FROM: MyRouter SUBJECT: automatic email MIME-Version: 1.0 Unit: <%smtpid();%> Event: <%email_event();%> This event had sufficient priority to cause the transmission of this email. Please check the attached logs and review.
Certifications FCC Part 68 Declarations (for Transport DR models only) This equipment complies with Part 68 of the FCC rules and the requirements adopted by the ACTA. On the underside of this equipment is a label that contains, among other information, a product identifier in the format US:AAAEQ##TXXXX. If requested, this number must be provided to the telephone company.
OEM Advisory For OEM use, the mounting of the Transport DR in the final assembly must be made so that the Transport DR is isolated from exposure to any hazardous voltages within the assembly. Adequate separation and restraint of cables and cords must be provided. The circuitry from the Transport DR to the telephone line must be provided in wiring that carries no other circuitry (such as PC or PR leads) unless specifically allowed by the rules.
GLOSSARY 0-9 3DES Triple Data Encryption Standard A ACCM Asynchronous Communication Channel Multiplexer ACFC Address Control Field Compression ADSL Asymmetric Digital Subscriber Line AES Advanced Encryption Standard AFE Analogue Front End AH Authentication Header AIS Alarm Indication Signal AODI Always On Dynamic ISDN APACS Association of Payment Clearing Services, the UK payments association APN Access Point Name ATM Asynchronous Transfer Mode or Automatic Teller Machine ARFCN Abso
DHCP Dynamic Host Configuration Protocol DLSw Data-Link Switching DNS Domain Name Server DPD Dead Peer Detection DSCP Differentiated Services Code Point DSL Digital Subscriber Line DTE Data Terminal Equipment DUN Dial-Up Networking E EDGE Enhanced Data GSM Environment ESP Encapsulating Security Payload protocol F FCS Frame Check Sequence FEC Forward Error Correction FIFO First In First Out FQDN Fully Qualified Domain Name FTP File Transfer Protocol G GPRS General Packet Radio
IMSI International Mobile Subscriber Identity IP Internet Protocol IPCP Internet Protocol Control Protocol IPSec Internet Protocol Security ISAKMP Internet Security Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling Protocol LAC Location Area Code LAI Location Area Identity LAN Local Area Network LAPB Link Access Procedure Balanced LAPD Link Access Protocol D-channel LCN Logical Channel Number LCP Link Control Protocol LRC
NOM Network Operation Mode NUA Network User Address NUI Network User Identifier O OAM Operation, Administration and Maintenance OOS Out Of Service OPNS Online PUK Negotiation Service OSPF Open Shortest Path First P PANS Polling Answering Service PAD Packet Assembler/Disassembler PAP Password Authentication Protocol PAT Priority Access Threshold PBCCH Packet Broadcast Control Channel PEM Privacy Enhanced MIME PFC Protocol Field Compression PFS Perfect Forwarding Security PID Pr
R RAC Routing Area Code RACH Random Access Channel RADIUS Remote Authentication Dial-In User Service RAT Radio Access Technology RDI Remote Defect Indication RIP Routing Information Protocol RSSI Received Signal Strength Indication RTS Request To Send S SA Security Association SABM Set Asynchronous Balanced Mode SABME Set Asynchronous Balanced Mode Extended SCEP Simple Certificate Enrolment Protocol SDLC Synchronous Data Link Control SHA-1 Secure Hash Algorithm 1 SMS Short Messa
U UBR Unspecified Bit Rate UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System USB Universal Serial Bus V VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WCDMA Wide-band Code-Division Multiple Access WRED Weighted Random Early Dropping W-WAN Wireless Wide Area Network X XOT X.
ACKNOWLEDGEMENTS Copyright Digi International Limited 1999-2011, all rights reserved. In addition we would like to thank all those who have contributed to open software which has done so much to improve and expand knowledge of IP protocols and the Internet generally. Notably software in this product contains portions of code from the OpenBSD project under the following copyrights: Copyright (c) 2003, 2004 Henning Brauer Copyright (c) 2004 Esben Norby
